Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev <gentoo-dev@l.g.o>
Cc: licenses@g.o, qa <qa@g.o>
Subject: [gentoo-dev] [RFC] Solving the problem of huge number of wrong LICENSES=*GPL-[23]
Date: Sun, 26 Aug 2018 10:39:35
1 Hi,
3 It seems that we suffer a major problem of developers wrongly
4 attributing *GPL-[23] licenses to ebuilds, when the correct variant is
5 *GPL-[23]+. In proxy-maint, every second new package with LICENSE=GPL-
6 [23] is plain wrong. I suspect part of the problem is that GitHub has
7 poor man's license recognition that does not distinguish between 'vN
8 only' and 'vN or newer' license variants, and similarly that a number of
9 contributors don't bother checking the license beyond COPYING/README.
11 Another part of the problem is that we don't have a really good way of
12 distinguishing verified correct uses of *GPL-[23]. So in the end, I end
13 up verifying the same packages over and over again unless I remember
14 that I've verified them.
16 Therefore, I would like to suggest the following:
18 1. introducing additional *-only licenses that explicitly indicate that
19 a newer version is not allowed, e.g. GPL-2-only, LGPL-3-only etc.
21 2. annotating the unsuffixed licenses with a warning that they may mean
22 either x-only or x+ due to frequent mistake.
24 3. make repoman warn whenever non-specific variant is used, telling
25 developers to verify whether it's x-only or x+.
27 4. start migrating packages to x-only or x+ appropriately.
29 5. eventually, remove the non-specific licenses and make repoman error
30 out with clear explanation.
32 What do you think?
34 --
35 Best regards,
36 Michał Górny


File name MIME type
signature.asc application/pgp-signature