On 6/7/22 19:05, Thomas Gleixner wrote:
On Tue, Jun 07 2022 at 11:12, Bradley M. Kuhn wrote:
Note that was a full consensus — and it included the opinion of many
prominent FOSS lawyers (who were attending under the Chatham House Rule
imposed on that meeting) — that keeping the notices intact somewhere in the
tree (not just in the Git repository) was essential.
Note that the full consensus of all these prominent lawyers becomes only
useful when they agree on something pragmatic which is actually
resolving the situation. Having full consensus on unactionable solutions
is a pointless exercise.
There was also full consensus many years before 2019 that the licensing
situation has to be cleaned up along with the conclusion that this needs
to be done with the help of those companies and their respective lawyers
who inflicted the mess in the first place. This has been discussed and
concluded to death with no outcome.
My perspective here is shaped by my experiences with lawyers and
contributor agreements. In the early 2000s, as a leader of a free
software foundation, I was explicitly told by a number of lawyers that
unless we had a signed contributor agreement from every contributor, the
free software project had no right to distribute those contributions.
Part of a lawyer's job is to advise their clients based on their best
understanding of the law and common practice, and those lawyers were
doing exactly that, based on their experience in corporate law, so to a
certain extent I can't fault them for doing their job to the best of
their ability. But, while they were giving their best assessment of what
*could be* true at the time, what they weren't doing was thinking about
what *should be* true, in the context of free software. Both the law and
common practice evolve over time, and we need to be intelligent about
evaluating both what *could be* true at the moment, and what *should be*
true in the long term. The concepts of inbound=outbound, DCO, and
signed-off-by are now common practice, but getting there required some
clever insight by some lawyers who really understoond free software, and
also consistent practice by projects over time.
With that context in mind: One reasonable interpretation of “keep intact
all the notices that refer to this License and to the absence of any
warranty” could be to say that the exact text must be preserved, exactly
as it was typed at the dawn of time, including any typos, inaccurate
street addresses, etc. Another reasonable interpretation is that the
notices serve to link a license to the file, and declare that the legal
terms of the entire GPL license govern that file, and so what must be
preserved is the link. Current practice is closer to the second, people
feel free to throw in whatever garbled variant of the notice text FSF
recommends, because they know that what really matters is the text of
the GPL, which is invariant and has been carefully reviewed by lawyers.
We absolutely want to make sure that people don't strip off the link to
the GPL license, and use the file or its contents under terms other than
the GPL, that is the legal purpose we're trying to achieve.
For a new file, adding the FSF notice, or adding some garbled version
that still has the same terms as the GPL and FSF notice, or adding the
SPDX license identifier are all legally equivalent ways of declaring
that the file is subject to the terms of the GPL license. In terms of
common practice, the SPDX identifier is actually superior because it's
clear, consistent, machine readable, and limits the scope of garbled
variations introduced by humans. (Humans actually manage to garble even
those few characters of the SPDX identifier, but since it's machine
readable, it's also machine checkable, so easy to kick back an error and
say "that's not a valid SPDX identifier, did you mean X or Y?")
If the full text notice and SPDX identifier are legally equivalent, then
can they legally be substituted in an existing file? There is a
reasonable interpretation to say that *could be* allowed, but a more
important question here is whether that *should be* allowed. Allowing it
does no harm, the full terms of the GPL apply to the file with either
the full text notice or the SPDX identifier. Allowing it is good for the
cause of free software and for GPL enforcement, because it cleans up
confusing cruft from historical human inconsistencies, and clearly
declares the legal terms that apply to the file. So, I would argue that
substituting SPDX identifiers for text notices should be allowed (as
long as the text notice has the same terms as the GPL itself). While
substituting SPDX identifiers might not be common practice yet, the way
we make it common practice is by practicing it repeatedly until it
becomes common.
It's also worth noting that there's isn't any risk of a "point of no
return" here. When Thomas and I say that the changes are all in git
history, we aren't saying that we expect everyone to read the entire
history. What we're saying is that it's easy to write a tool to scan the
entire history, and generate a file that lists every file that had an
SPDX identifier substituted under every match rule, if we decide that's
actually necessary at some point. It really, really shouldn't be
necessary (any more than contributor agreements are necessary), but it's
reassuring to know have options.
Allison
