Hello all, As a gentle reminder (and as Alexios noted earlier), please restrict use of the spdx@ email list for general announcements only to help keep it as a lower-traffic list for the broader SPDX audience.
spdx-le...@lists.spdx.org <mailto:spdx-le...@lists.spdx.org> can be used for discussions relating to the License List or license identifiers such as the discussion raised here. Or as Karsten mentioned below, https://github.com/spdx/change-proposal can be used for raising a change proposal for easier cross-team consideration. If you are not yet subscribed to spdx-legal@, you can do so at https://lists.spdx.org/g/Spdx-legal. Steve > On Oct 20, 2023, at 2:24 PM, Karsten Klein <karsten.kl...@metaeffekt.com> > wrote: > > Hi all, > > me and others have been raising this several times before. I regard this is a > rather a poliitical blooper. > > However, to manifest the critique and channel the discusion and arguments, I > propose filing a change proposal at https://github.com/spdx/change-proposal. > This increases visibility and weight within the SPDX community. > > You may also find > https://github.com/spdx/change-proposal/blob/main/proposals/Modifiers.md > enlighting. > > Kind regards, > Karsten > > >> Am 20.10.2023 um 18:32 schrieb Kyle Mitchell <k...@kemitchell.com>: >> >> >> I'm not familiar with the reasons for `-only` and `-or-later` GNU-specific >> extensions, either. If there's a short summary somewhere, I'd appreciate a >> link. Not least to link other people to. >> >> I've had to deal with some fallout. Technical changes for compliance tools. >> I don't know how many GitHub issues and e-mails pleading confusion. >> >> I can confirm Richard's point on defaults: The typical approach I've seen is >> to interpret `GPL-x.y` as version x.y only. If two readings are possible, >> only the more conservative is safe. This was also arguably implied by the >> expression syntax. No `+`, no other license versions. In tooling I maintain, >> we convert `GPL-2.0-or-later` into `GPL-2.0+` and `GPL-2.0-only` into >> `GPL-2.0` >> <https://github.com/jslicense/spdx-satisfies.js/blob/9c2a4f88770b62a539ae14b0ee4302998ae6d907/index.js#L61>, >> then pretend `-or-later` and `-only` never happened. >> >> I've been under various pressures to "fork" or "superset" SPDX pretty much >> since the beginning of implementation for package managers. That includes >> ignoring deprecation of the unsuffixed GNU license IDs more recently. >> Thousands of devs quite naturally put `GPLv2` or the like in license >> metadata to start. Then we badgered them over to `GPL-2.0` or `GPL-2.0+`, >> which at least made sense for uniformity. Yet another round of deprecation >> warnings, this time to treat the licenses unlike all the rest, felt like >> jerking them around. >> >> From the outside looking in, the license list is just a list of strings. If >> you also take expressions, that grammar's simpler than the C-style math >> students implement in intro compiler courses. Discovering that's somehow >> also a source of arbitrary-feeling, user-facing deprecations disappoints >> people. From the EU group's or any other, similar perspective, there's not a >> lot of "standard" here to adopt if you're not doing full documents. >> >> What's done is done. Offering this up just for perspective, from >> "downstream". >> >> For something constructive, I'd support a clarification that `GPL-2.0` = >> `GPL-2.0-only` and `GPL-2.0+` = `GPL-2.0-or-later`, semantically, coupled >> with a rollback of the deprecations on the bare IDs. >> >> -- >> Kyle E. Mitchell, attorney // Oakland, California, USA >> > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1791): https://lists.spdx.org/g/spdx/message/1791 Mute This Topic: https://lists.spdx.org/mt/102069167/21656 Group Owner: spdx+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-