1 |
Hi, |
2 |
|
3 |
It seems that we suffer a major problem of developers wrongly |
4 |
attributing *GPL-[23] licenses to ebuilds, when the correct variant is |
5 |
*GPL-[23]+. In proxy-maint, every second new package with LICENSE=GPL- |
6 |
[23] is plain wrong. I suspect part of the problem is that GitHub has |
7 |
poor man's license recognition that does not distinguish between 'vN |
8 |
only' and 'vN or newer' license variants, and similarly that a number of |
9 |
contributors don't bother checking the license beyond COPYING/README. |
10 |
|
11 |
Another part of the problem is that we don't have a really good way of |
12 |
distinguishing verified correct uses of *GPL-[23]. So in the end, I end |
13 |
up verifying the same packages over and over again unless I remember |
14 |
that I've verified them. |
15 |
|
16 |
Therefore, I would like to suggest the following: |
17 |
|
18 |
1. introducing additional *-only licenses that explicitly indicate that |
19 |
a newer version is not allowed, e.g. GPL-2-only, LGPL-3-only etc. |
20 |
|
21 |
2. annotating the unsuffixed licenses with a warning that they may mean |
22 |
either x-only or x+ due to frequent mistake. |
23 |
|
24 |
3. make repoman warn whenever non-specific variant is used, telling |
25 |
developers to verify whether it's x-only or x+. |
26 |
|
27 |
4. start migrating packages to x-only or x+ appropriately. |
28 |
|
29 |
5. eventually, remove the non-specific licenses and make repoman error |
30 |
out with clear explanation. |
31 |
|
32 |
What do you think? |
33 |
|
34 |
-- |
35 |
Best regards, |
36 |
Michał Górny |