Background
icalendar-searcher (1.0.5) is licensed under AGPL-3.0-or-later — pure copyleft, no commercial dual-licensing arm. This is fine for our public AGPL-3 release, but it is incompatible with any commercial channel:
- Embedded / on-prem proprietary distribution: forbidden.
- Proprietary SaaS: AGPL §13 forces source disclosure to network users, so a commercial customer cannot escape AGPL even by keeping deployment private.
How it enters the dependency tree
icalendar-searcher is not a direct dep of this project. It is pulled in unconditionally by caldav>=3.0.1:
$ uv tree
└── caldav v3.0.1
├── icalendar v7.0.2
├── icalendar-searcher v1.0.5 ← AGPL-3-or-later
└── ...
$ python -c "import importlib.metadata as md; print(md.metadata('caldav').get_all('Requires-Dist'))"
'icalendar-searcher<2,>=1.0.5'
It is also not imported anywhere in our code:
$ grep -rIn "icalendar_searcher" nextcloud_mcp_server/ tests/
(no matches)
Options
- Upstream fix: file an issue with python-caldav/caldav asking that
icalendar-searcher be moved behind an optional extra (e.g. caldav[search]). This is the cleanest long-term fix and helps the wider Python ecosystem too.
- Replace upstream icalendar-searcher with a permissive alternative — only viable if the upstream maintainer is open to it.
- Accept the constraint and ship AGPL-only. Update CLA / commercial terms to make clear the commercial channel cannot include calendar search functionality without a separate license from
icalendar-searcher's author.
- Negotiate a separate license with
icalendar-searcher's author. Worth checking if the upstream is open to this; if so, document in .licenses/policy.toml.
Acceptance
Detected by .licenses/policy.toml (added in #724). Related: #725, #726.
Background
icalendar-searcher(1.0.5) is licensed under AGPL-3.0-or-later — pure copyleft, no commercial dual-licensing arm. This is fine for our public AGPL-3 release, but it is incompatible with any commercial channel:How it enters the dependency tree
icalendar-searcheris not a direct dep of this project. It is pulled in unconditionally bycaldav>=3.0.1:It is also not imported anywhere in our code:
Options
icalendar-searcherbe moved behind an optional extra (e.g.caldav[search]). This is the cleanest long-term fix and helps the wider Python ecosystem too.icalendar-searcher's author.icalendar-searcher's author. Worth checking if the upstream is open to this; if so, document in.licenses/policy.toml.Acceptance
caldavdep stays as-is (we don't request the extra)..licenses/policy.tomland in commercial license docs.Detected by
.licenses/policy.toml(added in #724). Related: #725, #726.