Hugging Face's logo

dataautogpt3
/
ProteusSigma

Text-to-Image
Diffusers
Safetensors
English
StableDiffusionXLPipeline
art
Model card Files
xet
Community
1

## License incompatibility: Apache-2.0 License VS OpenRAIL++ License

#1
by xixi126 - opened
Discussion
xixi126

Hi,I'd like to report a license conflict in dataautogpt3/ProteusSigma. I noticed that this model was finetuned from stabilityai/stable-diffusion-xl-base-1.0, but it's currently published under the Apache-2.0 license. After taking a look at the OpenRAIL++ Licenseβ€” a license that includes non-permissive terms such as use-based restrictions and attribution requirements. However, this derivative model is currently published under the Apache-2.0 license, which is very permissive and does not carry over those restrictions.

⚠️ Key conflicts with the OpenRAIL++ License:

Section III 
4.Redistribution and Derivatives:
  β€’  Redistribution must include use-based restrictions (Attachment A), which Apache-2.0 does not require.
  β€’  Must provide a copy of the OpenRAIL++ license with any distribution β€” currently missing.
Attachment A – Use Restrictions:
  β€’  Prohibits specific uses (e.g., discrimination, surveillance, medical diagnosis, legal decision-making). These restrictions are not enforceable under Apache-2.0, which explicitly permits nearly any use.

On the other hand, Apache-2.0 allows:

β€’  Sublicensing under different terms 
β€’  Unrestricted commercial use
β€’  No requirement to pass down upstream ethical or use-based constraints

This creates a clear mismatch: OpenRAIL++ imposes enforceable use limitations and distribution conditions that cannot be removed, while Apache-2.0 explicitly permits those removals.

πŸ”Ή Suggestion:

  To comply with OpenRAIL++ license terms, it might be helpful to:
  β€’ Include a copy of the OpenRAIL++ license in the repository or model card
  β€’ Add a notice that the model inherits ethical use restrictions from the upstream model:   
  β€’ Mention that commercial use is restricted, and clarify what uses are not allowed (from Attachment A)
  β€’ Remove the Apache-2.0 license tag if the full model is not entirely under that license

This would help ensure downstream users are not misled into thinking the model is fully Apache-2.0 compliant, which it likely is not.

Hope this helps! 😊 Let me know if you have any questions or need more info.

Thanks for your attention!
xixi126

Would love to hear your view on this!

Sign up or log in to comment