On Fri, May 26, 2017 at 03:15:44PM -0400, Wheeler, David A wrote: > J Lovejoy: > > Thanks Bradley. Your point re: other licenses building in a de > > facto “or later” clause versus the GPL family of licenses leaving > > the choice to the copyright holders is exactly the thing I wanted > > to confirm and is also (I think, but need to do more thinking on > > this) why the GPL family may indeed need it’s own unique > > treatment. > > > > Deprecating “GPL-2.0” for use of “GPL-2.0-only”, along with the > > use of the existing “GPL-2.0+” is what I’m leaning towards.... > > Please DO NOT deprecate "GPL-2.0". DO NOT DO THIS. If you do, we'll > have *exactly* the same problem again in a few years. > > We need at least *3* cases. Here they are, with potential > names/expressions: > * GPL-2.0-only. I *know* that *only* the GPL version 2.0 is > acceptable. I had originally proposed a "!" suffix. > * GPL-2.0+. I *know* that GPL version 2.0, or later, is acceptable.
How could you know this before GPL-4.0 has been written? Maybe I'm just not clear on what your “acceptable” means. > * GPL-2.0. I *know* that at least GPL version 2.0 is acceptable > (e.g., I found its license text). However, I'm not entirely > certain whether or not later versions are acceptable, so I make > *no* assertion either way. If you've audited both GPL-2.0 and GPL-3.0 for your package and want the "or later" language to include GPL-4.0, etc. when they get written, you could say [1]: GPL-2.0+ OR GPL-3.0+ but whether you've read the license or deem it “acceptable” seems orthogonal to whether you're granting the “or any later version” choice defined in the GPL (§14 as of GPL 3.0 [2]). Back in 2013, Mark pointed out that GPL-2.0+ is not a license [3], which means you're not going to be able to distinguish between GPL-2.0+ and GPL-2.0-only (or whatever) by scanning for license text [4]. So I'd rather: * Leave GPL-2.0 as the license identifier. * Add '+' and '-only' suffixes to support folks who want to be explicit (e.g. who don't trust readers to be familar with baked-in + semantics). CC-BY-SA-3.0+ would be a synonym for CC-BY-SA-3.0 [6], but I don't see a problem with that. It would probably be useful to call that out in the wording that forbids the -only suffix for CC-BY-SA-3.0… * Forbid '-only' for licenses that bake in some forbidding wording (e.g. the “Adapter’s License” conditions in CC-BY-SA-4.0's §3.b [5]). You'd need a formal exception to get around that wording (e.g. CC-BY-SA-4.0 WITH CC-only-this-version-exception) or your own name if the CC's alteration wording would not allow ‘CC-BY-SA-4.0 WITH additional-restrictions’ [7]. Then tools like [4] can cleanly say that they're guessing the appropriate license identifier (e.g. “we found GPL-2.0”), but are not attempting to construct the appropriate license expression for the package (e.g. “this package is GPL-2.0+” or “this package is GPL-2.0[-only]”). To distinguish between *those* you'd need to look for the “or any later version” grant. Cheers, Trevor [1]: https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 [2]: https://www.gnu.org/licenses/gpl-3.0.txt [3]: https://lists.spdx.org/pipermail/spdx-legal/2013-October/000949.html [4]: https://github.com/benbalter/licensee [5]: https://creativecommons.org/licenses/by-sa/4.0/legalcode [6]: https://creativecommons.org/share-your-work/licensing-considerations/compatible-licenses/ [7]: https://creativecommons.org/faq/#can-i-change-the-license-terms-or-conditions -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal