I want to comment on two points related to the License Identifier discussion.
1. The idea that License Identifiers cannot ever change is unrealistic. If you
have a bug or mistake in the software world you need to fix it and provide clear
documentation and sometimes "upgrade" tools. It is preferable to add a new
License Identifier and deprecate the old one where possible, but the discussion
about the GPL variants indicates that the current meaning of some Identifiers is
not really clear today. I think that we need to minimize changes, but let go of
the unrealistic "guarantee" that a License Identifier will not be changed.
2. As Mark Gisi highlights, this brings us back to the long-deferred discussion
of license notices vs licenses. The current momentum that is developing to use
a simplified License Identifier in source code files is a clear example of a
license notice - it refers to a license, but is not itself a license text. None
of us invented the current complexity, but we can contribute to a solution by
acknowledging that we are dealing with (at least) three "naturally" occurring cases:
* A license notice that refers to a license, but does not include the license
text.
* A license notices that includes license text.
* A separate license text - typically for longer and/or "named" licenses.
Since a license notice is the statement from the copyright holder (or possibly
from a downstream recipient in case of disjunctive licenses) that a certain
license applies it seems to me that the license notice is the most important
thing to document with License Identifiers. This might mean that we need to
distinguish somehow between License Identifiers for license notices and for
"named" licenses. The complexity of GPL versions and exceptions seems to be a
good domain for sorting this out. If we can figure it out here, we should have a
solution for most other cases.
Regards, Michael
Michael J. Herzog
+1 650 380 0680 | mjherzog_at_nexB.com
On 10/3/2013 7:47 AM, [email protected] wrote:
Send Spdx-legal mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx-legal
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Spdx-legal digest..."
Today's Topics:
1. RE: License: spdx-license=IDENTIFIER (Wheeler, David A)
2. GPL-2.0 vs GPL-2.0-only & GPL-2.0+ (Gisi, Mark)
----------------------------------------------------------------------
Message: 1
Date: Thu, 3 Oct 2013 09:40:11 -0400
From: "Wheeler, David A" <[email protected]>
To: Jilayne Lovejoy <[email protected]>, Bradley M.Kuhn
<[email protected]>
Cc: "[email protected]" <[email protected]>, SPDX-legal
<[email protected]>
Subject: RE: License: spdx-license=IDENTIFIER
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
Jilayne Lovejoy:
yes, I actually agree. I have long thought that the short identifiers would be
better served as:
GPL-2.0+
and
GPL-2.0-only
And logged this as something to bring up, but we have been busy with trying to
finish other tasks and it hasn't risen to the surface. Of course, the worry is
that changing the short identifiers will screw up people who are already using
the SPDX License List (we endeavored to try to never change them...) There is a
good number of companies already using it and probably more than we even know
of. In any case, if it is going to help reduce confusion or ambiguity and we
can figure out a way to make sure this change is well documented, then we need
to consider making the change. I will be sure to bring this up at the General
Meeting tomorrow and on the next legal call (next Thursday)
I agree that once an identifier is given a specific meaning, that meaning MUST
not change. But I don't see a big harm in creating a new, clearer SPDX
identifier for a given license.
There should be only one "recommended" identifier for a given license, but you could
record older identifiers marking what license they refer to, noting that it's a deprecated
identifier and listing the "better" ones instead.
The GPL and LGPL are the most widely used OSS licenses, by most measures, and
its version distinctions really matter for many people. Having good, clear
identifiers for this especially common use case seems like a reasonable thing
to do.
--- David A. Wheeler
Cheers,
Jilayne Lovejoy
SPDX Legal Team lead
[email protected]
_______________________________________________
Spdx-legal mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-legal
------------------------------
Message: 2
Date: Thu, 3 Oct 2013 14:47:33 +0000
From: "Gisi, Mark" <[email protected]>
To: Jilayne Lovejoy <[email protected]>, "Bradley M.Kuhn"
<[email protected]>
Cc: "[email protected]" <[email protected]>, SPDX-legal
<[email protected]>
Subject: GPL-2.0 vs GPL-2.0-only & GPL-2.0+
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
Bradley M. Kuhn wrote:
However, I will have to register my complaint again that GPL-2.0 is a
*horrible* identifier for GPLv2-only, mainly because of how GPLv2?9
works. Saying "GPL-2.0" to refer to GPLv2-only is misleading and
confusing and should be corrected.
Jilayne Lovejoy wrote:
yes, I actually agree. I have long thought that the short identifiers would be
better served as:
GPL-2.0+ and GPL-2.0-only
I don't see why we need to rename GPL-2.0 to GPL-2.0-only. Can someone provide
source code examples of why the GPL-2.0 identifier is problem? Why is
GPL-2.0-only better? Today: GPL-2.0 = GNU Public License 2.0 where section
GPLv2 ?9 is alive and well, and works the way it was intended to work. For
example,
FILE: busybox-1.20.2\e2fsprogs\old_e2fsprogs\ext2fs\dblist.c (see attachment 2)
* Copyright 2006 by Rob Landley <[email protected]>
* This file may be redistributed under the terms of the GNU Public
* License.
Using the SPDX license list 1.19, the Concluded License = GPL-1.0+ because
GPLv1 ?7, GPLv2 ?9 and GPLv32 ?14 state that one can choose any version if the
version is not specified. In fact, when you look at the attached Busybox SPDX
file, there are many instances of GPL-1.0+ (as well as GPL-2.0 and GPL-2.0+).
Can someone explain GPL-2.0 *horrible* and GPL-2.0-only is better?
I have Bigger concerns for GPL-2.0+, LGPL-2.1+, GPL-3.0+, ...
-------------------------------------------------------------
GPL-2.0+ is not a license, but a license notice. For example:
EXAMPLE 6: GPL-2.0+
-------------------
FILE: busybox-1.20.2\coreutils\tail.c (see attachment 3):
NOTICE:
* Copyright (C) 2001 by Matt Kraai <[email protected]>
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
The other day I saw the Notice:
Distributed under the Eclipse Public License either version 1.0 or (at
your option) any later version.
Here:
https://github.com/technomancy/leiningen/tree/master/resources/leiningen/new/default
Do we now have to now added EPL-2.0+?
The "+" SHOULD BE a (unary) operator like OR and AND are (binary) operators and *not*
part of the name of a *new* license. If "+" was an operator it could be applied to *any*
license and we would not have to clutter up the license list with:
GNU General Public License v1.0 or later
GNU General Public License v2.0 or later
GNU General Public License v3.0 or later
GNU Lesser General Public License v2.1 or later
GNU Lesser General Public License v3.0 or later
GNU Library General Public License v2 or later
And we do NOT need to added (which also have common "or later" notices)
GNU Free Documentation License v1.1 or later
GNU Free Documentation License v1.2 or later
GNU Free Documentation License v1.3 or later
And we do NOT need to added:
Eclipse Public License 1.0 only
Eclipse Public License 1.0 or later
:
Also treating "+" as an operator instead of part of a license name would not
break the SPDX files that exist today (even if we removed the above noted licenses from
the list).
I raised the above concern at the Linux Collab Summit 2012, but the timing was
not right. Perhaps now is a good time to revisit it. I will send out a more
detail description of the problem (with examples) later today.
- Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: busybox-1.20.2.spdx.xls
Type: application/vnd.ms-excel
Size: 235520 bytes
Desc: busybox-1.20.2.spdx.xls
URL:
<http://lists.spdx.org/pipermail/spdx-legal/attachments/20131003/3ec0f4bd/attachment.xls>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dblist.c
URL:
<http://lists.spdx.org/pipermail/spdx-legal/attachments/20131003/3ec0f4bd/attachment.c>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tail.c
URL:
<http://lists.spdx.org/pipermail/spdx-legal/attachments/20131003/3ec0f4bd/attachment-0001.c>
------------------------------
_______________________________________________
Spdx-legal mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-legal
End of Spdx-legal Digest, Vol 34, Issue 3
*****************************************
_______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech