Although I agree we want to avoid making changes to the license list, change is inevitable. An important consideration is that the SPDX 1.2 spec (which is planned for release this month) includes a field to specify which version of the SPDX license list was used. This is particularly important in the event the list changes. An SPDX file creator is able to record the list version in the SPDX file from where they obtain their license identifiers from. This essentially achieves two things 1) gives SPDX file creators immunity with respect to future changes to the license list, and 2) makes it easier for the SPDX working group to make the tough decision to change the license list when it makes sense.
- Mark -----Original Message----- From: spdx-legal-boun...@lists.spdx.org [mailto:spdx-legal-boun...@lists.spdx.org] On Behalf Of Wheeler, David A Sent: Thursday, October 03, 2013 6:40 AM To: Jilayne Lovejoy; Bradley M.Kuhn Cc: spdx-t...@spdx.org; SPDX-legal Subject: RE: License: spdx-license=IDENTIFIER Jilayne Lovejoy: >yes, I actually agree. I have long thought that the short identifiers would >be better served as: >GPL-2.0+ >and >GPL-2.0-only >And logged this as something to bring up, but we have been busy with trying to >finish other tasks and it hasn't risen to the surface. Of course, the worry >is that changing the short identifiers will screw up people who are already >using the SPDX License List (we endeavored to try to never change them...) >There is a good number of companies already using it and probably more than we >even know of. In any case, if it is going to help reduce confusion or >ambiguity and we can figure out a way to make sure this change is well >documented, then we need to consider making the change. I will be sure to >bring this up at the General Meeting tomorrow and on the next legal call (next >Thursday) I agree that once an identifier is given a specific meaning, that meaning MUST not change. But I don't see a big harm in creating a new, clearer SPDX identifier for a given license. There should be only one "recommended" identifier for a given license, but you could record older identifiers marking what license they refer to, noting that it's a deprecated identifier and listing the "better" ones instead. The GPL and LGPL are the most widely used OSS licenses, by most measures, and its version distinctions really matter for many people. Having good, clear identifiers for this especially common use case seems like a reasonable thing to do. --- David A. Wheeler Cheers, Jilayne Lovejoy SPDX Legal Team lead lovejoyl...@gmail.com _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
