Hi Gary, Thanks a lot for this clarification on the reasons why those new SPDX identifiers "-only" and "-or-later" have been created. It was very useful. SPDX is a great initiative and unique identifiers should be considered as a strong standard. We will definitely try to align all EU projects and datasets on it, but depending on the project officers decision we may perhaps ignore those "-only" and "-or-later" rather confusing identifiers and withdraw them from tools (like the Joinup Licensing Assistant) that currently uses them. No decision is currently taken; it will be discussed soon with relevant POs. Best regards, Patrice-Emmanuel .
Le ven. 20 oct. 2023 à 00:44, Gary O'Neall <[email protected]> a écrit : > Hi Patrice-Emmanuel, > > > > Responses inline below. > > > Gary > > > > *From:* Patrice-Emmanuel Schmitz <[email protected]> > *Sent:* Thursday, October 19, 2023 2:02 PM > *To:* Richard Fontana <[email protected]>; Gary O'Neall < > [email protected]> > *Cc:* [email protected] > *Subject:* SPDX identifiers for "or-later" or "+" mentions > > > > Hi Richard & Gary, > > At a time I am requested to align various projects and the EC publication > office license lists (data sets) I am still uncertain about the SPDX policy > of creating "actual" SPDX identifiers for "future" or "later" licenses. I > shared concerns with Jilayne but be sure that this is not done for creating > some controversy, just to check that the SPDX policy is well understood. > > - Adding "or-later" (and much more rarely "-only") is indeed a > frequent licensor practice because recommended by some license steward. For > example if you search Google for "Licensed under the EUPL-1.2-or-later" you > will find references. But don’t you think that this mention should be > considered as a future intention, commitment or guarantee provided by the > licensor and that it should not merit a specific “actual” SPDX ID, because > no later text exists at this time? > > *[G.O.] Within SPDX we define a license expression syntax that has a > number of operators or modifiers on a given license (e.g., ‘AND’, ‘OR’). > For “or later” we defined the “+” operator which can be applied to any > license. We do not currently have an operator that defines “only”. In > rare cases, we have separate license ID’s to denote only and or-later (see > below), but these are not defined in the syntax for the license > expressions. Although there is a convention to add “or-later” to some > licenses, we did not adopt that syntax for our expressions.* > > - It seems that this addition is done for the GNU licenses (where the > licence steward is the FSF – Free Software Foundation) and not for all the > others.Is this a special treatment for GNU licenses or is SPDX policy to > allow or apply it for all licenses, i.e. depending on the license steward > request? > > *[G.O.] Due to strong insistence from the license stewards for GNU > licenses, we created separate license ID’s for the “only” and “or-later”. > These are not part of the expression syntax and therefore not processed by > any of the machine readable SPDX license expression parsers – one would > have to read the license notes to understand the semantics. In other > words, the “only” and “or-later” is a convention used by GNU that we > carried forward in the license ID’s – not something intended to be > standardized in the SPDX license syntax.* > > - Has SPDX assessed the risk that this practice would multiply the > number of identifiers with uncertain use and possibly add some confusion? > > *[G.O.] In the case of the GNU licenses, the license ID’s are associated > with the license text plus the notes. It was highly debated and the risk > of confusion was taken into account. In the case of the or-later operator, > there is a risk that the “+” operator would be applied to a license that > does not have any subsequent license versions, but we decided that was a > reasonable risk compared to the benefit of having a machine readable > “or-later” operator.* > > - SPDX now considers GPL-3.0, AGPL-3.0, LGPL-3.0 etc. as "deprecated". > Did SPDX assess the impact – which could appear as nonsense for most users? > > *[G.O.] Again – highly debated at the time, and yes. We don’t like to > deprecate the license ID’s as it does cause issues in our community – but > the license steward was extremely insistent.* > > - Until a subsequent version, for example some GPL-4.0, exists, is it > consistent to associate the text of the current GPL-3.0 with a specific > SPDX identifier "GPL-3.0-or-later"? > > *[G.O.] From what I recall, the reason the license steward insisted on > this approach was to force the documenter of the license information to > make a decision as to whether it was “only” or “or-later”. I think you > would have to defer to the license steward to answer this question. * > > - ·Is it still possible for SPDX to backtrack on this subject or is it > a definitive policy? > > *[G.O.] Since the decision to deprecate the previous GPL identifiers > consumed significant time and was highly debated, there would likely be > considerable resistance to re-opening this issue unless the license steward > changed their mind. The pattern of questions seems to indicate you may not > agree with the license steward for GPL on many of these topics – perhaps > opening a dialog with the license steward could provide you more > information.* > > -- > > Patrice-Emmanuel Schmitz > [email protected] > tel. + 32 478 50 40 65 > -- Patrice-Emmanuel Schmitz [email protected] tel. + 32 478 50 40 65 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1782): https://lists.spdx.org/g/spdx/message/1782 Mute This Topic: https://lists.spdx.org/mt/102069167/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
