I'm looking for guidance on how to distribute software that depends on third-party libraries with proprietary licenses. The specific library allows use and distribution within the Research Community and for non-commercial uses outside of it. What's the safest and most legally sound way to go about this? Is it sufficient to ask users to install the library separately while keeping the imports in my code? Alternatively, can I list the library in the requirements.txt file as long as I inform users that they need to agree to the third-party license?
4 Answers
If you're making users install the library through setup.py or requirements.txt, you're generally in the clear. Just ensure it's clear they know what they're getting into.
It really depends on how you're planning to distribute your software. If it's a Python package that users install via pip, just keeping it in requirements.txt with a note in the README should be fine. However, if you're bundling the library inside an executable or similar, you'll need to be careful about legal compliance, especially if you're a commercial entity. Don't forget, licensing issues in Python packages can get tricky, so it's wise to think this through!
One cautious option is to make the library an optional dependency. You could throw an error if someone tries to use it without having the library. A standard approach is to mention it in your README and on the package index, though let's face it, most folks might not read it. The least advised would be to say nothing and risk users being surprised when things don’t work right.
Make sure if you're distributing it for commercial purposes to pay the library's maintainers. Protecting yourself legally is paramount in these situations!
True, but just to clarify, they aren't distributing the library themselves; they're just relying on it as a dependency, and it's PyPI that handles the distribution.