I'm moving the SPDX general list to bcc, as this is really a topic for
spdx-legal.
In case anyone didn't see it and for context, my response to Christian
that Patrice-Emmanuel references is on the spdx-legal thread and can be
seen here: https://lists.spdx.org/g/Spdx-legal/message/3548
Some additional responses below:
On 5/1/24 2:49 AM, Patrice-Emmanuel SCHMITZ via lists.spdx.org wrote:
Hello Christian,
It is a frequent practice from license stewards to encourage the
coverage of later versions of "their" license.
At the very beginning of the EUPL, licensors are invited to specify
"licensed under the EUPL", which, according to the copyleft clause 5,
clearly refers to the latest version.
This preserves the possibility for a licensor of specifying a precise
version, like "1.2-only" (or the legally similar "1.2").
The wording of the EUPL probably leaves less uncertainty than saying,
for example, that "licensing under the EUPL" leaves the licensee with
the choice of the version (like it is, apparently, the case for the
GNU/GPL).
At some point, we did some research on licenses that have language
relating to later versions or the like. It was a bit surprising to see
how many variations there are as to the default position, e.g., if no
other indication means one can apply any later version or if no other
indication means this version only. In all cases, to indicate something
other than the default requires additional notation of some form (more
on that below).
But the real question for SPDX is: are those "-or-later" or even "+",
applied to ANY license, justifying specific SPDX identifiers?
That is a question that has and has had a definitive answer since
version 2.0 of the SPDX License List:
"+" can be applied to any license.
And as of 3.0 - the GNU licenses ids changed, but
"-or-later" and "-only" cannot be used with any license as they are not
part of the license expression syntax identified in
https://spdx.github.io/spdx-spec/v3.0/annexes/SPDX-license-expressions/
Like Jilayne wrote, this was most probably a mistake in
accepting to do so for the GNU licenses only (for political reasons).
I would not characterize the changes to the GNU license ids in version
3.0 as mistake. That implies a decision make on lack of awareness or
knowledge. We had a various proposals at the time, which were discussed
at length over many months. I do think we made the best decision that we
could for that time and given the options we had. Looking back and
judging that decision with the benefit of 20/20 hindsight and current
knowledge isn't entirely helpful. (and if I sound a bit defensive, it is
because, on a personal note, it was one of the most stressful things to
navigate as a community leader. Yet as far as I can tell, the complaints
or criticism of this change tend to come to SPDX/me, instead of to the
FSF or both orgs.)
It would most probably be another mistake to do it for all
other licenses, including the EUPL.
If you mean to change existing license ids to mimic the specific
entries that the GNU licenses have instead of using the license syntax
like "+" - I would not see this as an optimal path, unless there are
extenuating circumstances to justify it, which I don't think there are.
It would be more consistent for the SPDX Standard to stick to a strict
and transparent rule: "*a unique SPDX identifier must correspond to a
unique license text*".
That is the case and always has been. The caveat is that some licenses
use the same exact license text for variants about if you can apply a
later version of that license. E.g., the license text of the GPL is the
same, it is in the license notice that one indicates if you intend that
version only or any later version. Similarly, EUPL also requires some
other communication to indicate the intention for only a specific
version to apply. Of course, this can be done by using an SPDX
identifier in the source code.
According to this rule, no "-or-later" SPDX identifier should exist,
simply because no precise unique and definitive license text can
correspond to it.
This would not restrict the frequent practice to license under the
"LicenseX-or later" (or "+"), but simply doesn't deserve any new SPDX
identifier.
I'm not sure I'm following you here, but I think you are saying that we
should not have separate license "line items" on the SPDX License List
for the GNU licenses (e.g., GPL-2.0-only and GPL-2.0-or-later) b/c they
use the same license test. But should, instead use the "+" operator
added to the base id?
The current SPDX exception introduces confusion and even (IMHO)
compromises SPDX as a standard.
Again, I'm not sure what is confusing.
It's never too late to right a mistake...
Kind regards,
P-E Schmitz (EUPL support in the Interoperable Europe Portal)
Le jeu. 25 avr. 2024 à 17:09, Christian Meeßen via lists.spdx.org
<http://lists.spdx.org>
<christian.meessen=gfz-potsdam...@lists.spdx.org> a écrit :
Hello SPDX LegalTeam,
I am an RSE working at the German Research Centre for Geosciences
(GFZ)
in Potsdam, Germany. I am involved in working groups in Helmholtz
that
deal with Research Software Engineering aspects, and am also the
maintainer of the Helmholtz Research Software Directory
(https://helmholtz.software). We generally encourage the usage of
SPDX
identifiers for software.
I noticed that there exists one identifier for EUPL-1.1 [1] and
EUPL-1.2
[2] respectively, although the licenses specify that code can be
redistributed also under later versions of that license unless it is
explicitly stated otherwise. Here is an example from EUPL-1.2
(clause 5,
"Copyleft clause"):
> If the Licensee distributes or communicates copies of the Original
Works or Derivative Works, this Distribution or Communication will be
done under the terms of this Licence or of a later version of this
Licence unless the Original Work is expressly distributed only under
this version of the Licence — for example by communicating 'EUPL
v. 1.2
only'.
The GPL licenses are separated into "-only" and "-or-later"
identifiers.
Is there a specific reason why this was not applied to the EUPL
identifiers? Would it be possible to replace the existing identifiers
with EUPL-1.x-only and EUPL-1.x-or-later identifiers?
The EUPL-1.0 is not affected.
Kind regards,
Christian Meeßen
[1] EUPL-1.1: https://spdx.org/licenses/EUPL-1.1.html
[2] EUPL-1.2: https://spdx.org/licenses/EUPL-1.2.html
--
Dr. Christian Meeßen
eScience Center
Tel: +49 (0)331 6264-1983
Email: christian.mees...@gfz-potsdam.de
_____________________________________
Helmholtz-Zentrum Potsdam
Deutsches GeoForschungsZentrum GFZ
Stiftung des öff. Rechts Land Brandenburg
Telegrafenberg A70/320, 14473 Potsdam
--
Patrice-Emmanuel Schmitz
pe.schm...@gmail.com
tel. + 32 478 50 40 65
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1848): https://lists.spdx.org/g/spdx/message/1848
Mute This Topic: https://lists.spdx.org/mt/105731993/21656
Group Owner: spdx+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-