On 6/8/22 10:04, Bradley M. Kuhn wrote:
Allison Randal also replied:
With that context in mind: One reasonable interpretation of “keep intact
all the notices that refer to this License and to the absence of any
warranty” could be to say that the exact text must be preserved, exactly
as it was typed at the dawn of time, including any typos, inaccurate
street addresses, etc.
Just to be clear: the concerns Fontana raised weren't about preserving typos
or inaccurate street addresses. Thus, I think that point is probably a red
herring here. No one has said that preserving typos or inaccurate postal
addresses is important.
I'm making an explicit point that the exact text of the notice isn't
actually all that useful. Those aren't red herrings, they're just
specific examples where the exact text is actively unhelpful. To the
extent that the exact text of the notice is a jumbled but equivalent
paraphrase of the terms of the GPL it isn't actively unhelpful, but it
also doesn't add any legal or informational value, does add confusion
around the licensing, and means that every individual who encounters the
file has to carefully check to make sure that the text doesn't deviate
from the terms of the GPL. (Many of those people don't know the GPL as
well as Fontanta, and won't actually make that judgement accurately.)
Where the exact text of the notice does deviate from the terms of the
GPL, that's a different problem, and we aren't changing those files for now.
Another reasonable interpretation is that the notices serve to link a
license to the file, and declare that the legal terms of the entire GPL
license govern that file, and so what must be preserved is the link.
I think a link to the proper notice (as it originally appeared) was a good
proposal back in 2019 and just as good now. We had consensus that it was a
way to go. It was your idea, Allison, and I think it was useful and solves
the problem.
As you probably know, I've been negotiating compromises with lawyers
around free software for decades, and I'm very good at it. That doesn't
necessarily mean I believe the compromise is the best answer, only that
it's the best I'm able to achieve at the time. Progress takes time, and
I accept that. (I've negotiated a series of compromises with lawyers
around contributor agreements over the decades down from "every
contributor", to "only the most significant/prolific contributors", to
"only corporate contributors", to "actually DCO and signed-off-by is fine".)
If an automatically generated file (outside of git) recording the
historical full notice text for each changed file is as far as I can get
the lawyers to agree at the moment, I accept that as good progress in
the right direction.
But, in the long term, I predict that common legal practice will evolve
to recognize that SPDX identifiers are legally equivalent to full text
notices (as long as those full text notices don't deviate from the terms
of the license). You can actively work toward that future or actively
work against it, it really doesn't matter to me. Time will tell, and no
one person will make that decision, it will be made for us by the
collective actions of a massive number of people.
If the full text notice and SPDX identifier are legally equivalent, then
can they legally be substituted in an existing file?
I realize that many people *want* the "if" part of that statement to be true.
No one actually knows if it is true. The fact that the SPDX project (which
has an obvious self-promotional interest here), declared it to be true
doesn't make it true, either.
Publishing a legal text like the GPL doesn't make it true either. At
some point we put a legal stake in the ground on what *should be* true
for free software, and then take action over time to defend and prove it
to be true. That's how the law works and evolves over time.
When Thomas and I say that the changes are all in git history, we aren't
saying that we expect everyone to read the entire history. What we're
saying is that it's easy to write a tool to scan the entire history,
This part does concern me. Are these patches going upstream in a way that
they can easily be found? Is it easy to extract the specific notice that was
removed programatically? At the very least, linux-spdx should make sure
that's true.
Scan all historical commits since we started this clean up project for
the ones that add SPDX identifiers (that's an easy machine pattern to
match), and check if those patches also deleted any lines. Thomas has
also been good about noting the exact rule that was applied in the
commit message, so that gives us even more metadata for the generated
output of the tool.
Allison
