Sorry for sending out a half composed email. It is late and I was rushing to complete my emails.
In a nutshell - The white elephant in the room is the package license. An ill-defined concept that has plagued SPDX since its inception. Everyone wants to be given a top level license designation for every open source package they receive. Is it the license of the project? Is it the license in the top level license file? What happens if there is more than one top level license file? Is it the license most frequently found in the source files? Is it the AND of all the licenses found in the package? Or is it simply someone's guesstimate? Different Linux distros will sometimes designate different top level licenses for the same package. This is a far bigger problem than the "only" operator. In fact, it is the ill-conceived package license concept that is creating significant frustration and confusion over the GPL only issue. The problem is not at the file level. The license expression syntax is well suited for that. It is not well suited for the package level. Until that is addressed we will continue to struggle. - Mark -----Original Message----- From: W. Trevor King [mailto:wk...@tremily.us] Sent: Monday, September 11, 2017 2:27 PM To: Gisi, Mark Cc: J Lovejoy; Marc Jones; SPDX-legal Subject: Re: GPLv2 - Github example On Mon, Sep 11, 2017 at 08:59:17PM +0000, Gisi, Mark wrote: > If the source file license is GPL-2.0 that currently means only one > thing. GNU General Public License version 2. There is no confusion. > > I understand that this has been discussed at length but I not sure the > problem is what people think it is. We need to find source code file > notice examples that can't be expressed using the current license > expression language in order to justify making changes. The problems with using ‘GPL-2.0’ to mean “GPL v2 only” are: 1. It's not immediately obvious that the author actually thought through only vs. or-later. 2. There's no way to express the “I just found this stand-alone license file but have not looked at license-grant comments” or the similar case when the license-grant comments are not given. Maybe you are very clear about what those cases mean, but I think the length of this thread and the larger discussion show that while there may be no confusion for you, different folks have different opinions on what is implied in case 2. > I am trying to move away from the theoretical problem descriptions and > find a collection of real world use cases that define the problem and > that would help lead to a solution. The real-world use cases are outlined in [1]. Case 4 in that list is the “GitHub example” from which this thread takes its subject. Cheers, Trevor [1]: https://wiki.spdx.org/view/Legal_Team/only-operator-proposal#Examples_.2F_Challenges -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
