W. Trevor King: > > ? = “unclear version” - this will be a new modifier to indicate there > > is a lack of clarity as to the license version regarding if any > > version, or later, or only applies, e.g., I found the text of GPLv2, > > but I’m not sure if it’s “only “ or “or later” because there is no > > other information. Need further input on the exact word to use here, > > i.e, “unclear” “maybe” “ambiguous" > > The motivation for this operator seems to be a desire to say “I'm not actually > comfortable drawing a conclusion, but here are some hints…”.
No, the issue is that there *is* some known information (e.g., GPL-2.0 at least is valid). The problem is that some *other* information is *not* known (e.g., if GPL-3.0+ is valid for the package). > Alexios raised the same concern in the “BSD” context [2]. I still think while > there's not much point to concluding a licence if you're not willing to > actually > make a call, I disagree. In many cases tools can't determine if "or later" is okay, and 99.999% of the time it doesn’t matter. E.g., if I can't tell if it's GPL-2.0 or GPL-2.0+, most of the time it makes no real difference. > a good generic operator for representing this sort of thing would > be “or maybe they meant” [3] (or some single-word form thereof). That lets > you represent all sorts of ambiguous declarations beyond the narrow “but > I'm not sure which version operator they meant”. For example, you can > represent [4]: > > LGPL-2.0 OR-MAYBE LGPL-2.0 AND GPL-2.0 OR-MAYBE LGPL-2.0 OR GPL-2.0 That's an interesting idea. E.g., for the case previously discussed, we could say: GPL-2.0 OR MAYBE GPL-2.0+ I'd be fine with a "MAYBE" operator. That would address the primary problem I raised, and be even more flexible. I don't know what others would think. > We can provide warnings without an “unclear version” operator. See the > comments on metadata in [6,7]. What an “unclear version” (or “OR-MAYBE”, > etc.) operator does is give you a way for the quasi-concluder to gripe about > poor declarations (in a way that's obvious to human readers even without > tooling) while still providing > *some* information. For example, if any possible GPL license grant is > acceptable to you, maybe: > > GPL-2.0 unclear version > > or: > > GPL-2.0 ONLY OR-MAYBE GPL-2.0+ OR-MAYBE GPL-1.0+ > > are acceptable to you without further digging. I think the second version is much better. It *looks* like a SPDX license expression. --- David A. Wheeler _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
