1 |
Hi, |
2 |
|
3 |
TL;DR: I'd like to replace 'GPL-2' with 'GPL-2-only' etc., having |
4 |
the former trigger QA warning asking the dev to double-check if it's |
5 |
'GPL-2-only' or 'GPL-2+'. |
6 |
|
7 |
|
8 |
GNU Licenses currently don't carry an upgrade clause -- instead, authors |
9 |
are expected to decide whether they permit upgrade to newer versions of |
10 |
the license in question, or require users to stick with their version of |
11 |
choice. |
12 |
|
13 |
Their decision is normally indicated in copyright notices on top |
14 |
of source files. Those that permit upgrade usually state 'either |
15 |
version N of the License, or (at your option) any later version.', while |
16 |
others remove the 'or...' or even replace with 'only' (sometimes |
17 |
removing 'either', sometimes leaving it ;-)). |
18 |
|
19 |
The truth is, many developers don't go that far to verify it. Instead, |
20 |
they usually look at 'COPYING' or 'LICENSE', read the version there |
21 |
and put 'GPL-2', 'GPL-3' etc. in the ebuild. It doesn't help that |
22 |
GitHub does the same and shows the result as easy-to-read note on top of |
23 |
repo. |
24 |
|
25 |
|
26 |
For some time I've been reviewing packages I'm (co-)maintaining, as well |
27 |
as proxy-maint submissions for this particular problem. However, |
28 |
surprisingly many projects actually go the 'version N only' route, even |
29 |
in middle of environments that are 'N+' like Xfce. As a result, I've |
30 |
ended up rechecking the same packages over and over again to the point |
31 |
of starting to add comments saying 'yes, this is GPL-2 only'. |
32 |
|
33 |
I'd like to propose to employ a more systematic method of resolving this |
34 |
problem. I would like to add additional explicit 'GPL-n-only' licenses, |
35 |
and discourage using short 'GPL-n' in favor of them. The end result |
36 |
would be three licenses per every version/variant, e.g.: |
37 |
|
38 |
GPL-2-only -- version 2 only |
39 |
GPL-2+ -- version 2 or newer |
40 |
GPL-2 -- might be either, audit necessary |
41 |
|
42 |
The main idea is that we'd be able to easily find 'non-audited' packages |
43 |
with GPL-2 entries, and replace them with either GPL-2+ or GPL-2-only |
44 |
after auditing. While technically it would still be possible for people |
45 |
to wrongly set LICENSE to GPL-2-only, I think this explicit distinction |
46 |
will help people notice that there actually is a deeper difference, |
47 |
and it will still catch people who just type 'GPL-n' without looking |
48 |
into the license directory. |
49 |
|
50 |
For a start, I'd only go for adding the '-only' variants to the most |
51 |
common licenses, i.e. GPL-2, -3, LGPL-2, -2.1, -3, AGPL-3, maybe some |
52 |
FDL versions. I don't think we need this for the long 'exception' |
53 |
variants -- I suspect that if someone did research enough to notice |
54 |
the exception, then most likely he would also notice the 'or newer'. |
55 |
|
56 |
|
57 |
WDYT? |
58 |
|
59 |
-- |
60 |
Best regards, |
61 |
Michał Górny |