Hugging Face's logo

dataautogpt3
/
ProteusSigma

Text-to-Image
Diffusers
Safetensors
English
StableDiffusionXLPipeline
art
Model card Files Community
1

## License incompatibility: Apache-2.0 License VS OpenRAIL++ License

#1
by xixi126 - opened
Discussion
xixi126

Hi,I'd like to report a license conflict in dataautogpt3/ProteusSigma. I noticed that this model was finetuned from stabilityai/stable-diffusion-xl-base-1.0, but it's currently published under the Apache-2.0 license. After taking a look at the OpenRAIL++ Licenseβ€” a license that includes non-permissive terms such as use-based restrictions and attribution requirements. However, this derivative model is currently published under the Apache-2.0 license, which is very permissive and does not carry over those restrictions.

⚠️ Key conflicts with the OpenRAIL++ License:

Section III 
4.Redistribution and Derivatives:
  β€’  Redistribution must include use-based restrictions (Attachment A), which Apache-2.0 does not require.
  β€’  Must provide a copy of the OpenRAIL++ license with any distribution β€” currently missing.
Attachment A – Use Restrictions:
  β€’  Prohibits specific uses (e.g., discrimination, surveillance, medical diagnosis, legal decision-making). These restrictions are not enforceable under Apache-2.0, which explicitly permits nearly any use.

On the other hand, Apache-2.0 allows:

β€’  Sublicensing under different terms 
β€’  Unrestricted commercial use
β€’  No requirement to pass down upstream ethical or use-based constraints

This creates a clear mismatch: OpenRAIL++ imposes enforceable use limitations and distribution conditions that cannot be removed, while Apache-2.0 explicitly permits those removals.

πŸ”Ή Suggestion:

  To comply with OpenRAIL++ license terms, it might be helpful to:
  β€’ Include a copy of the OpenRAIL++ license in the repository or model card
  β€’ Add a notice that the model inherits ethical use restrictions from the upstream model:   
  β€’ Mention that commercial use is restricted, and clarify what uses are not allowed (from Attachment A)
  β€’ Remove the Apache-2.0 license tag if the full model is not entirely under that license

This would help ensure downstream users are not misled into thinking the model is fully Apache-2.0 compliant, which it likely is not.

Hope this helps! 😊 Let me know if you have any questions or need more info.

Thanks for your attention!

Sign up or log in to comment