On Mon, Aug 28, 2023 at 8:30 AM Fabio Valentini <decathorpe@xxxxxxxxx> wrote: > What's the commended approach for packages that use deprecated > identifiers then? I would rather not just convert "GPL-2.0" to > "GPL-2.0-or-later" or "GPL-2.0-only", since it's almost always not > obvious which one was originally intended. Do we need to file issues > with upstream projects and ask them to clarify? That is probably not worthwhile in most cases. I think it makes more sense to document some general policies about this. For example, any Rust crate metadata using `GPL-2.0` (i.e.., *seeming* to use the deprecated SPDX identifier) can probably be assumed to mean `GPL-2.0-only` if there is no other information in the project suggesting otherwise. However, if a project just says "Licensed under GPLv2", there's an undocumented Fedora convention from the Callaway era of assuming (at least where convenient) that means GPLv2 or later if there is no further information suggesting otherwise. Getting this issue right (i.e., how to represent the *GPL licenses (in terms of the "or-later" vs. "only" characteristic) probably no longer has much practical significance so it's not worth spending too much energy on. > As for <ID>+ being valid SPDX syntax, can that be supported by > fedora-license-validate or whatever the tool is called today? That's probably a good idea, though it would seem to be predicated on us documenting that any "allowed" license identifier is still allowed if it adds the `+` operator. Richard _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
