| 1 |
Hi, |
| 2 |
|
| 3 |
TL;DR: I'd like to replace 'GPL-2' with 'GPL-2-only' etc., having |
| 4 |
the former trigger QA warning asking the dev to double-check if it's |
| 5 |
'GPL-2-only' or 'GPL-2+'. |
| 6 |
|
| 7 |
|
| 8 |
GNU Licenses currently don't carry an upgrade clause -- instead, authors |
| 9 |
are expected to decide whether they permit upgrade to newer versions of |
| 10 |
the license in question, or require users to stick with their version of |
| 11 |
choice. |
| 12 |
|
| 13 |
Their decision is normally indicated in copyright notices on top |
| 14 |
of source files. Those that permit upgrade usually state 'either |
| 15 |
version N of the License, or (at your option) any later version.', while |
| 16 |
others remove the 'or...' or even replace with 'only' (sometimes |
| 17 |
removing 'either', sometimes leaving it ;-)). |
| 18 |
|
| 19 |
The truth is, many developers don't go that far to verify it. Instead, |
| 20 |
they usually look at 'COPYING' or 'LICENSE', read the version there |
| 21 |
and put 'GPL-2', 'GPL-3' etc. in the ebuild. It doesn't help that |
| 22 |
GitHub does the same and shows the result as easy-to-read note on top of |
| 23 |
repo. |
| 24 |
|
| 25 |
|
| 26 |
For some time I've been reviewing packages I'm (co-)maintaining, as well |
| 27 |
as proxy-maint submissions for this particular problem. However, |
| 28 |
surprisingly many projects actually go the 'version N only' route, even |
| 29 |
in middle of environments that are 'N+' like Xfce. As a result, I've |
| 30 |
ended up rechecking the same packages over and over again to the point |
| 31 |
of starting to add comments saying 'yes, this is GPL-2 only'. |
| 32 |
|
| 33 |
I'd like to propose to employ a more systematic method of resolving this |
| 34 |
problem. I would like to add additional explicit 'GPL-n-only' licenses, |
| 35 |
and discourage using short 'GPL-n' in favor of them. The end result |
| 36 |
would be three licenses per every version/variant, e.g.: |
| 37 |
|
| 38 |
GPL-2-only -- version 2 only |
| 39 |
GPL-2+ -- version 2 or newer |
| 40 |
GPL-2 -- might be either, audit necessary |
| 41 |
|
| 42 |
The main idea is that we'd be able to easily find 'non-audited' packages |
| 43 |
with GPL-2 entries, and replace them with either GPL-2+ or GPL-2-only |
| 44 |
after auditing. While technically it would still be possible for people |
| 45 |
to wrongly set LICENSE to GPL-2-only, I think this explicit distinction |
| 46 |
will help people notice that there actually is a deeper difference, |
| 47 |
and it will still catch people who just type 'GPL-n' without looking |
| 48 |
into the license directory. |
| 49 |
|
| 50 |
For a start, I'd only go for adding the '-only' variants to the most |
| 51 |
common licenses, i.e. GPL-2, -3, LGPL-2, -2.1, -3, AGPL-3, maybe some |
| 52 |
FDL versions. I don't think we need this for the long 'exception' |
| 53 |
variants -- I suspect that if someone did research enough to notice |
| 54 |
the exception, then most likely he would also notice the 'or newer'. |
| 55 |
|
| 56 |
|
| 57 |
WDYT? |
| 58 |
|
| 59 |
-- |
| 60 |
Best regards, |
| 61 |
Michał Górny |
Archives