Hi Trevor, It took me a second, but now I see where you are going:
In my example, the text file with the license text of GPL-2.0 _is_ exactly that - the text of the license (hence identifying it as such), however that is not necessarily the license for the text of the license itself. Hence, you suggestion to identify that accurately. I think this may be solving a problem we don’t have. While you are precise here, I think the operative goal is to understand the license for the code - at the project level and the file level, as appropriate (or both) and I was using the file-level breakdown to illustrate the challenging (but acknowledged as potentially common) scenario where there is the license text and then no further information. The operative question in this case becomes: did the author intend by putting a copy of GPL-2.0 to " specif[ying] a version number of the license which applies to it” (in which case, I think everyone would agree that the project license and license for the source files would be GPL-2.0+) or does it not and is that not enough to specify a version number (thus, it is GPL-1.0+). Ideally, one would ask the author of the code for this clarification (and for them to add the standard license headers accordingly, like the license suggests!). In absence, someone trying to figure out what license applies to the package here, is left to make some kind of reasonable conclusion. Guidance as to the intent of the license from the FSF would be helpful here all around and perhaps could help dissuade from this example occurring. In any case, I’m not sure we need to worry so much about identifying the license of the license. If we made a new identifier for the purposes here, as you suggest, where would the leave MIT, BSD-3-Clause, etc.? We want scanners to be able to identify the exact license text where it exists for what it actually is - that is the key piece of information for determining the license for the code. If we start to boil down to the license of the license, we seem to be missing the key goal? Thanks, Jilayne SPDX Legal Team co-lead opensou...@jilayne.com > On Sep 7, 2017, at 1:21 PM, W. Trevor King <wk...@tremily.us> wrote: > > While reviewing [1], I noticed: > > 1 text file with license text of GPL-2.0 = GPL-2.0 > > That makes sense if we're talking about the estimated project license, > but the license for the GPL-2.0 content itself (which would go in the > *file's* LicenseConcluded [2]) for the is “verbatim copies only” [3]. > There are also other works under that license, e.g. [4], which use the > exact same language. > > Everyone is permitted to copy and distribute verbatim copies of this > license document, but changing it is not allowed. > > I recommend we add a new license identifier for that license so we can > write SPDX for the license-list-XML repository without having to go > beyond official short identifiers. > > And we may want to add a field to our license XML to express the > license which applies to the license itself, as concluded by the SPDX > legal team. > > Proposed full name: Verbatim License > Proposed short identifier: Verbatim > OSI approved: no (and it clearly does not support the OSI's derived > works condition [5]). > > Cheers, > Trevor > > [1]: https://wiki.spdx.org/index.php?title=Legal_Team/only-operator-proposal > [2]: https://spdx.org/spdx-specification-21-web-version#h.2lwamvv > [3]: > https://github.com/spdx/license-list-XML/blob/f3dc56f2424e8e93732f655637e0542c5557588c/src/GPL-2.0.xml#L29-L30 > [4]: https://developercertificate.org/ > [5]: https://opensource.org/osd#derived-works > > -- > This email may be signed or encrypted with GnuPG (http://www.gnupg.org). > For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy > Everyone is permitted to copy and distribute verbatim copies of this license > document, but changing it is not allowed. > _______________________________________________ > Spdx-legal mailing list > Spdx-legal@lists.spdx.org > https://lists.spdx.org/mailman/listinfo/spdx-legal _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
