On Wed, Jun 19, 2024 at 11:58 AM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote: > > On 18. 06. 24 18:46, Miroslav Suchý wrote: > > Hi. > > > > I am going to do the mass change of the license from GPLv2 to GPL-2.0-only > > Hi. > > How do you know the License tag is not supposed to be e.g. "GPL-2.0-only AND > MIT" or similar? > > Converting "GPLv2" (which could mean any number of "weaker" licenses are hidden > under the "stronger" GPL in the old notation) to "GPL-2.0-only" (which means > all the code is exactly GPL 2.0 only) cannot be done automatically. > > Same for the other thread about LGPLv3 to LGPL-3.0-only conversion. The meaning of something like "GPLv2" or "LGPLv3" in the Callaway™ (old notation) system was not consistently defined, documented or understood. We've had some discussions about this (see legal list threads on the so-called "effective license" concept). It is true that under the Callaway system some package maintainers were applying some sort of idiosyncratic effective license theory when populating license tags, but prior to Fedora's migration to SPDX expressions I would have asserted this was incorrect. It should be noted btw that much (probably most) of the use of SPDX identifiers in the open source community seems to be based on application of various kinds of undocumented effective license theories. So non-use of effective license theory is not an inherent property of SPDX, at least in practice. The SPDX spec itself, and the SPDX project, doesn't really assert an opinion on how SPDX expressions should be used by projects (i.e., what something like `GPL-2.0-only` *ought* to mean), at least as far as I understand. I'd argue that proper use of SPDX expressions should lead to the non-use of effective license analysis, which I guess implies that much of the use of SPDX expressions is improper. So anyway what I think you're basically saying is that if you automatically convert a Callaway-notation package license tag from `GPLv2` to `GPL-2.0-only`, the resulting license tag will often be incorrect under the current (post-Callaway/SPDX-based) system. This is true, but I would say that in such cases the license tag should have been viewed as incorrect under the Callaway system for at least partially the same reasons. Relatedly, I have had some misgivings and mixed feelings about these mass conversions, because I have worried that the resulting situation will make people complacent regarding the correctness of the license tag. That is, they may assume that a converted license tag has some sort of implied stamp of approval. However, I've mostly gotten comfortable with the piecemeal mass conversions over time. I accept that we'll (still) have many inaccurate license tags, under our current documented standards, and we'll just have to gradually try to improve them. I'm not sure it's really better to stick with Callaway license tags for some longer period of time in the hope that the *first* attempt to convert a package license tag to SPDX expressions will be relatively accurate. I do worry that if everyone is complacent about this, Fedora could become yet another project using SPDX expressions inappropriately. Richard -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
