How do you imagine this change working for everyone who used the SPDX-License-Identifier format in code? Is “SPDX-License-Identifier: GPL-2.0” now to be interpreted as “I’m licensing this under GPL 2.0 and not telling you whether later is ok or not”? Because clearly this is not what the developer intended to convey in using “GPL-2.0” prior to this change.
-1 on any proposal to modify the meanings of any current license identifiers. If tools or practitioners want to be sloppy, perhaps we should add new syntax for them (e.g. “GPL-2.0?”). This would be the equivalent of a “NO-ASSERTION” on whether a newer version is acceptable or not. That’s the thing that cannot currently be expressed, so why are we changing what currently works instead of adding what’s missing? From: <[email protected]> on behalf of Gary O'Neall <[email protected]> Date: Thursday, May 25, 2017 at 1:48 PM To: "'Wheeler, David A'" <[email protected]>, 'Krys Nuvadga' <[email protected]>, 'David Seaward' <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [spdx-tech] Can I add a comment/suffix to the SPDX-License-Identifier line? +1 on the “!” proposal. Gary From: [email protected] [mailto:[email protected]] On Behalf Of Wheeler, David A Sent: Thursday, May 25, 2017 10:09 AM To: Krys Nuvadga; David Seaward Cc: [email protected] Subject: Re: [spdx-tech] Can I add a comment/suffix to the SPDX-License-Identifier line? I have previously commented that it would be valuable to have a “!” suffix meaning “exactly this version”. Technically “GPL-2.0” in SPDX means “only this version”, but in practice many practitioners & tools are sloppy about this. Part of the problem is that tools can easily determine that “GPL version 2.0 is in this package” but in many cases they cannot easily determine automatically a distinction between “2.0 or greater” versus “2.0 and no other”. In addition, in many cases it doesn’t matter, so the increased effort would be a waste of time. What the tools really need to indicate is a way in SPDX to indicate “2.0 at least is here, and I don’t know if ‘or later’ is okay”. Since SPDX doesn’t have a mechanism to report this, “GPL-2.0” is sometimes being used to report of “I know 2.0 is here, and I don’t know if ‘or later’ is okay” - even though it’s technically not compliant with the SDPX spec. It’d be helpful to have a simple way to indicate “I really mean this specific version” (my “!” suffix) vs. “this version at least is okay, and I’m not sure about later versions” (which is how “GPL-2.0” is currently interpreted; maybe another suffix like “?” or “*” would help to mark this case). --- David A. Wheeler From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Krys Nuvadga Sent: Thursday, May 25, 2017 9:58 AM To: David Seaward Cc: [email protected]<mailto:[email protected]> Subject: Re: [spdx-tech] Can I add a comment/suffix to the SPDX-License-Identifier line? Hi Dave, I'm not sure of this but I think it is safer to just stick with the "license expressions syntax"provided in the documentation. You can see SPDX Specification 2.1 (web version) <https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60> Appendix IV<https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60> for details. Regards On Wed, May 24, 2017 at 10:30 AM, David Seaward <[email protected]<mailto:[email protected]>> wrote: Hi, My goal is to visually disambiguate "GPL-3.0" and "GPL-3.0+" for human readers. Is it possible to add a comment or suffix to the SPDX line without breaking conforming parsers? For example, SPDX-License-Identifier: GPL-3.0 (only) or SPDX-License-Identifier: GPL-3.0 # only rather than just SPDX-License-Identifier: GPL-3.0 Regards, David _______________________________________________ Spdx-tech mailing list [email protected]<mailto:[email protected]> https://lists.spdx.org/mailman/listinfo/spdx-tech -- krys Nuvadga Piar, Inc.
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
