Re: compatibility matrix for /usr/share/common-licenses

Sun, 30 Jun 2024 14:51:45 -0700 

On Sun, 30 Jun 2024 22:37:22 +0200 Serafeim Zanikolas wrote:

> hello Debian legal folks,

Hello Serafeim,
nice to read you!

> 
> I'm looking for an up-to-date compatibility matrix of 
> /usr/share/common-licenses
> (modulo documentation licenses).
[...]
> I've prepared the following, where the license before the colon may
> be combined

If I understand correctly, we are talking about linking-compatibility
here.
Different compatibility relationships hold for mixing (that is to say,
taking parts of two works and merging them together to form a new work).

> with any common license *except* the ones listed right of the colon.
> do you see any mistakes? have I missed anything?
> 
>       Apache-2.0:
>       Artistic:
>       BSD:
>       GPL-2: GPL-3, MPL-1.1
>       GPL-2+: MPL-1.1
>       GPL-3: GPL-2, MPL-1.1
>       LGPL-2: MPL-1.1
>       LGPL-2.1: MPL-1.1
>       LGPL-3: MPL-1.1
>       MPL-1.1: GPL-2, GPL-2+, GPL-3, LGPL-2+, LGPL-2.1, LGPL-3
>       MPL-2.0:
>       OpenSSL: (GPL licenses ommitted here due to 
> https://www.gnu.org/licenses/gpl-faq.html#SystemLibraryException)

I think some incompatibilities are missing.
At least the following ones:

  Apache-2.0: GPL-2
  Artistic: GPL-1, GPL-2, GPL-3
  BSD:
  GPL-2: Apache-2.0, Artistic, GPL-1, GPL-3, LGPL-3, MPL-1.1, MPL-2.0[*]
  GPL-2+: Artistic, GPL-1, MPL-1.1, MPL-2.0[*]
  GPL-3: Artistic, GPL-1, GPL-2, MPL-1.1, MPL-2.0[*]
  LGPL-2: GPL-1, MPL-1.1, MPL-2.0[*]
  LGPL-2.1: GPL-1, MPL-1.1, MPL-2.0[*]
  LGPL-3: GPL-1, GPL-2, MPL-1.1, MPL-2.0[*]
  MPL-1.1: GPL-1, GPL-2, GPL-2+, GPL-3
  MPL-2.0[*]: GPL-1, GPL-2, GPL-2+, GPL-3
  OpenSSL: (GPL licenses ommitted here due to 
https://www.gnu.org/licenses/gpl-faq.html#SystemLibraryException)

[*] Please note that the compatibility status of MPL-2.0 is more
complicated than a simple yes or no: it is compatible with "Secondary
Licenses", unless it is explicitly made incompatible with the notice
described in Exhibit B or the covered software was previously available
under MPL-1.1 or earlier, but not also dual-licensed under a "Secondary
License".
"Secondary Licenses" are: GPL-2+, LGPL-2.1+, AfferoGPL-3.0+

A terrible headache?!? I think so, that's why I abhor MPL-2.0 ... 

> 
> thanks,
> Serafeim

You're welcome!

Anyway, let's wait for some other debian-legal participants'
take on the matter...


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgpE9FVmzzNid.pgp
Description: PGP signature

Reply via email to