On Wed, Sep 27, 2017 at 04:49:46PM -0600, J Lovejoy wrote: > Kate and I have discussed our last proposal (which was summarized > here: https://wiki.spdx.org/view/Legal_Team/only-operator-proposal) > with Richard Stallman and John Sullivan as to concerns the FSF, as > steward of the GNU licenses, had with that and how to mitigate.
Does this mean we now have an official position on what the FSF for the concluded license of the “1 license file with GPL-2.0 license text; 4 source files with no license information whatsoever” case [1]? My impression from the rest of your message is that it is: GPL-2.0 unclear version (or whatever that operator ends up being named). That means that they would consider GPL-1.0+ to be an invalid interpretation, although GPL-1.0+ was at least floated as a possible interpretation in the 2017-08-08 meeting (among many other possible interpretations ;). > There are two sets listed: one that involves a single character (to > be consistent with existing +) and one that is more human-readable: I'm personally in favor of grandfathering in +, but using separate, single-word identifiers for any new operators. > ? = “unclear version” - this will be a new modifier to indicate > there is a lack of clarity as to the license version regarding if > any version, or later, or only applies, e.g., I found the text of > GPLv2, but I’m not sure if it’s “only “ or “or later” because there > is no other information. Need further input on the exact word to > use here, i.e, “unclear” “maybe” “ambiguous" The motivation for this operator seems to be a desire to say “I'm not actually comfortable drawing a conclusion, but here are some hints…”. Alexios raised the same concern in the “BSD” context [2]. I still think while there's not much point to concluding a licence if you're not willing to actually make a call, a good generic operator for representing this sort of thing would be “or maybe they meant” [3] (or some single-word form thereof). That lets you represent all sorts of ambiguous declarations beyond the narrow “but I'm not sure which version operator they meant”. For example, you can represent [4]: LGPL-2.0 OR-MAYBE LGPL-2.0 AND GPL-2.0 OR-MAYBE LGPL-2.0 OR GPL-2.0 if you didn't feel comfortable enough to conclude LGPL-2.0 based solely on the presence of the usual COPYING and COPYING.LESSER pair [5]. > # = "only" - this will be a new modifier to indicate ‘this version > only’. Need further input as to one character configuration, if > needed I really hope we don't get a single-character version of this operator, but if we do, I think it should be ‘=’. > I think this will provide a better path for backwards compatibility > and moving people using old versions SPDX to use the current > version, as use of GPL-2.0 when validated against the current > version will get a warning - thus allowing visibility and > (hopefully) encouraging adoption of current version/use of modifiers > as per above. We can provide warnings without an “unclear version” operator. See the comments on metadata in [6,7]. What an “unclear version” (or “OR-MAYBE”, etc.) operator does is give you a way for the quasi-concluder to gripe about poor declarations (in a way that's obvious to human readers even without tooling) while still providing *some* information. For example, if any possible GPL license grant is acceptable to you, maybe: GPL-2.0 unclear version or: GPL-2.0 ONLY OR-MAYBE GPL-2.0+ OR-MAYBE GPL-1.0+ are acceptable to you without further digging. > Also, I think it will also prevent the need to make any kind of > interpretation of other licenses with or later clauses, as it allows > SPDX uses to use the modifiers as they see fit (or not) for such > licenses. Whatever versioning we decide to require for the GPL family, I think we want to require the same versioning for the CDDL family. The CDDL also allows a grant-time choice between + and ONLY, and the only difference from the GPL is that the CDDL requires grant wording to choose ONLY [9], while the GPL requires you to specify a version to avoid GPL-1.0+ [10] and for grants specifying a version to include “any later version” to choose + [11]. If you actually have a license-grant blurb to look at, it will be pretty obvious whether the CDDL ONLY or GPL+ language was included. If you have no license grant blurb you're still welcome to guess, but things become much more murky. Cheers, Trevor [1]: https://wiki.spdx.org/view/Legal_Team/only-operator-proposal#Examples_.2F_Challenges [2]: https://lists.spdx.org/pipermail/spdx-legal/2017-September/002211.html Subject: RE: License identifiers sufficient to avoid loss of information in DeclaredLicense (was: GPLv2 - Github example) Date: Fri, 15 Sep 2017 12:01:32 +0000 Message-ID: <27e3b830fa35c7429a77daeedeb7344770e82...@irsmsx103.ger.corp.intel.com> [3]: https://lists.spdx.org/pipermail/spdx-legal/2017-September/002213.html Subject: RE: License identifiers sufficient to avoid loss of information in DeclaredLicense (was: GPLv2 - Github example) Date: Fri, 15 Sep 2017 13:34:18 -0700 Message-ID: <20170915203418.gs30...@valgrind.tremily.us> [4]: https://lists.spdx.org/pipermail/spdx-legal/2017-September/002214.html Subject: Re: License identifiers sufficient to avoid loss of information in DeclaredLicense Date: Fri, 15 Sep 2017 13:56:22 -0700 Message-ID: <20170915205622.gt30...@valgrind.tremily.us> [5]: https://www.gnu.org/licenses/gpl-howto.html [6]: https://wiki.spdx.org/view/Legal_Team/only-operator-proposal [7]: https://lists.spdx.org/pipermail/spdx-legal/2017-August/002126.html Subject: Re: minutes, summary, next steps Date: Thu, 17 Aug 2017 14:37:22 -0700 Message-ID: <20170817213722.gk23...@valgrind.tremily.us> [8]: https://wiki.spdx.org/view/Legal_Team/only-operator-proposal#Other_License_with_.22or_later.22_Clauses [9]: https://github.com/spdx/license-list-XML/blob/f1522b5cc61bde64d9b38af05204fdb93c02eef8/src/CDDL-1.0.xml#L276-L286 [10]: https://github.com/spdx/license-list-XML/blob/f1522b5cc61bde64d9b38af05204fdb93c02eef8/src/GPL-2.0.xml#L238-L239 [11]: https://github.com/spdx/license-list-XML/blob/f1522b5cc61bde64d9b38af05204fdb93c02eef8/src/GPL-2.0.xml#L235-L238 -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
