On Wed, Sep 13, 2017 at 11:47:25AM -0700, Bradley M. Kuhn wrote: > I began to think carefully about this question, what *is* the "Declared > License" -- by the package authors -- in the examples at > https://wiki.spdx.org/view/Legal_Team/only-operator-proposal#Examples_.2F_Challenges
I don't think any of the examples there have a declared package license. Declaring a package license looks like this FAQ entry [1]: ### How is AngularJS licensed? The [MIT License](https://github.com/angular/angular.js/blob/master/LICENSE). or this package.json entry [2]: "license": "MIT", where the package maintainers are making an explicit claim about the license for the whole package. However, the files listed in the wiki examples which have the GPL standard headers have a declared file license. And the license-text-of-the-GPL-2.0 has the same sort of declaration [3]. > But, for *Declarations*, SPDX clearly needs some other identifier, > which would usually only be used as Declared licenses. This is not clear to me. Can you elaborate? > Such an identifier would allow SPDX files (a) to better include all > the information that was available to best inform those who look at > the Declared license, (b) properly inform those making Conclusions, > and (c) avoid the current situation that causes Conclusions about > GPL licensing to appear in as a Declared license. > > I don't know what such an identifier should be, but it is *not* > GPLvN-or-later; it's not GPLvN-only; it's not GPLvN+. It's > something else. Since 2.1, the spec has had an appendix about SPDX-License-Identifier comments in file headers with SPDX License Expression values [4]. That means we *recommend* authors use SPDX License Expressions to declare the license which applies to that file. Do you feel that is inadequate? If so, how? Or are you on board with using SPDX License Expressions to express both declared and concluded licenses, but have only have quibbles about whether an ‘only’ operator is part of those expressions? That would be a much more narrowly scoped issue. If this is what's going on, can you explain why a header using the GPL-2.0's stock wording: Copyright (C) yyyy name of author This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Also add information on how to contact you by electronic and paper mail. would not be clearly declaring GPL-2.0+? And can you also explain why a header that said: Copyright (C) yyyy name of author SPDX-License-Identifier: GPL-2.0+ would not be clearly declaring GPL-2.0+? Cheers, Trevor [1]: https://github.com/angular/angular.js/blob/v1.6.6/docs/content/misc/faq.ngdoc#L194-L196 [2]: https://github.com/angular/angular.js/blob/v1.6.6/package.json#L3 [3]: https://github.com/spdx/license-list-XML/blob/f3dc56f2424e8e93732f655637e0542c5557588c/src/GPL-2.0.xml#L26-L30 [4]: https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
