Paul Tagliamonte writes ("Re: GPL "+" question"): > They *can* since the work as modified *can* be distributed under the > terms of the GPLv3+, *without* changing the original work's license, but > the *file* can be distributed as GPLv3+, since that's the minimum > license needed to comply with all parts.
I think the problem here is the notion that a file necessarily has exactly one licence. The only actually accurate statements one can make are "there is [not] permission to distribute file F under licence L". If you want to know "what licence does a file have" what you really ean is "for what set of licences L1,L2,L3... is it the case that there is permission to distribute". So it is true that a downstream redistributor who does not change F cannot "change the licence", because the only permission needed (in copyright law) is that from upstream. If upstream grant GPLv2+ then even if the downstream writes GPLv3+ then everyone can still rely on upstream's permission, putting the upstream GPLv2+ notice back. However, if a downstream redistributor modifies the file, they can narrow the set of permissions. This is because in copyright law, they have their own copyright in the modifications. So if a downstream changes GPLv2+ to GPLv3+ _and modifies the file_ then the GPLv2+ is no longer applicable. For Debian, there is the question of what to put in debian/copyright. Obviously we need to put in debian/copyright some applicable Ln (that is, an Ln which applies to all the files F). If there is permission to distribute under L1,L2,... then it would be legitimate in a copyright law sense to write in debian/copyright only L1. To do so would not be a breach of the copyright, because we would be acting in accordance with L1. (So I think Paul is wrong if he thinks, as he seems to, that it is a violation of copyright law to change GPLv2+ to GPLv3+ when merely redistributing.) But to do so would be rude and we should try not to do it. So I think that where practical if we can determine that a package is dual (or triple) licenced, we should document all the permissions - that is, all the licences. It appears that in this particular case package has been modified by the GPLv3+-preferring downstream. In that case there is no permission to distribute under GPLv2+ any more. I don't think it is sensible to insist that the Debian maintainer do a lot of work to try to discover whether some files in the package have /not/ been modified by the GPLv3+-preferring author (or by other people who contributed to that author's version and never saw a GPLv2+ licence). That work is not necessary in copyright law, and we aren't really doing the Free Software world much of a service by performing it - at least, once we have decided to package the GPLv3+ fork at all. If someone wants to try to strip the GPLv3+ parts out of the fork then that's fine of course, but I don't think we should insist that the Debian maintainer do the necessary archaeology. > The proof is on you -- where does it say you can relicense someone > else's copyrighted work / IP? Not *redistribute*, *relicense*. The answer to this question is very clear. The proof is in the original licensing notice: either version 2 of the License, or (at your option) any later version. The downstream distributor may choose a later version (3, say, or "any version 3 or later) and comply with its terms. Thanks, Ian. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/21866.58201.37278.496...@chiark.greenend.org.uk