Re: [SPDX] Mass license change GPLv2 to GPL-2.0-only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I think the biggest mistake from beginning is that we have not clearly marked the licenses as SPDX / Callaway. I think it still would be better to mark the remaining licenses as Callaway then doing this auto conversions. After all, I think that having license fields such as `spdx(GPL-2.0-only) and callaway(MIT)` would not be that bad. Of course we could even have `GPL-2.0-only and callaway(MIT)` if we say SPDX is default and then there are old licenses which still needs some review.


Vít


Dne 20. 06. 24 v 2:07 Richard Fontana napsal(a):
On Wed, Jun 19, 2024 at 11:58 AM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:
On 18. 06. 24 18:46, Miroslav Suchý wrote:
Hi.

I am going to do the mass change of the license from GPLv2 to GPL-2.0-only
Hi.

How do you know the License tag is not supposed to be e.g. "GPL-2.0-only AND
MIT" or similar?

Converting "GPLv2" (which could mean any number of "weaker" licenses are hidden
under the "stronger" GPL in the old notation) to "GPL-2.0-only" (which means
all the code is exactly GPL 2.0 only) cannot be done automatically.

Same for the other thread about LGPLv3 to LGPL-3.0-only conversion.
The meaning of something like "GPLv2" or "LGPLv3" in the Callaway™
(old notation) system was not consistently defined, documented or
understood. We've had some discussions about this (see legal list
threads on the so-called "effective license" concept). It is true that
under the Callaway system some package maintainers were applying some
sort of idiosyncratic effective license theory when populating license
tags, but prior to Fedora's migration to SPDX expressions I would have
asserted this was incorrect.

It should be noted btw that much (probably most) of the use of SPDX
identifiers in the open source community seems to be based on
application of various kinds of undocumented effective license
theories. So non-use of effective license theory is not an inherent
property of SPDX, at least in practice. The SPDX spec itself, and the
SPDX project, doesn't really assert an opinion on how SPDX expressions
should be used by projects (i.e., what something like `GPL-2.0-only`
*ought* to mean), at least as far as I understand. I'd argue that
proper use of SPDX expressions should lead to the non-use of effective
license analysis, which I guess implies that much of the use of SPDX
expressions is improper.

So anyway what I think you're basically saying is that if you
automatically convert a Callaway-notation package license tag from
`GPLv2` to `GPL-2.0-only`, the resulting license tag will often be
incorrect under the current (post-Callaway/SPDX-based) system. This is
true, but I would say that in such cases the license tag should have
been viewed as incorrect under the Callaway system for at least
partially the same reasons.

Relatedly, I have had some misgivings and mixed feelings about these
mass conversions, because I have worried that the resulting situation
will make people complacent regarding the correctness of the license
tag. That is, they may assume that a converted license tag has some
sort of implied stamp of approval. However, I've mostly gotten
comfortable with the piecemeal
mass conversions over time. I accept that we'll (still) have many
inaccurate license tags, under our current documented standards, and
we'll just have to gradually try to improve them.

I'm not sure it's really better to stick with Callaway license tags
for some longer period of time in the hope that the *first* attempt to
convert a package license tag to SPDX expressions will be relatively
accurate. I do worry that if everyone is complacent about this, Fedora
could become yet another project using SPDX expressions
inappropriately.

Richard
--
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

--
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux