| 1 |
Hi, |
| 2 |
|
| 3 |
It seems that we suffer a major problem of developers wrongly |
| 4 |
attributing *GPL-[23] licenses to ebuilds, when the correct variant is |
| 5 |
*GPL-[23]+. In proxy-maint, every second new package with LICENSE=GPL- |
| 6 |
[23] is plain wrong. I suspect part of the problem is that GitHub has |
| 7 |
poor man's license recognition that does not distinguish between 'vN |
| 8 |
only' and 'vN or newer' license variants, and similarly that a number of |
| 9 |
contributors don't bother checking the license beyond COPYING/README. |
| 10 |
|
| 11 |
Another part of the problem is that we don't have a really good way of |
| 12 |
distinguishing verified correct uses of *GPL-[23]. So in the end, I end |
| 13 |
up verifying the same packages over and over again unless I remember |
| 14 |
that I've verified them. |
| 15 |
|
| 16 |
Therefore, I would like to suggest the following: |
| 17 |
|
| 18 |
1. introducing additional *-only licenses that explicitly indicate that |
| 19 |
a newer version is not allowed, e.g. GPL-2-only, LGPL-3-only etc. |
| 20 |
|
| 21 |
2. annotating the unsuffixed licenses with a warning that they may mean |
| 22 |
either x-only or x+ due to frequent mistake. |
| 23 |
|
| 24 |
3. make repoman warn whenever non-specific variant is used, telling |
| 25 |
developers to verify whether it's x-only or x+. |
| 26 |
|
| 27 |
4. start migrating packages to x-only or x+ appropriately. |
| 28 |
|
| 29 |
5. eventually, remove the non-specific licenses and make repoman error |
| 30 |
out with clear explanation. |
| 31 |
|
| 32 |
What do you think? |
| 33 |
|
| 34 |
-- |
| 35 |
Best regards, |
| 36 |
Michał Górny |
Archives