From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id F26F5138334 for ; Sat, 21 Sep 2019 22:02:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C6FD8E090F; Sat, 21 Sep 2019 22:01:56 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2F5F3E0905 for ; Sat, 21 Sep 2019 22:01:56 +0000 (UTC) Received: from mail-io1-f51.google.com (mail-io1-f51.google.com [209.85.166.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mattst88) by smtp.gentoo.org (Postfix) with ESMTPSA id ABB5734B268 for ; Sat, 21 Sep 2019 22:01:54 +0000 (UTC) Received: by mail-io1-f51.google.com with SMTP id q10so24401224iop.2 for ; Sat, 21 Sep 2019 15:01:54 -0700 (PDT) X-Gm-Message-State: APjAAAU/wWNz5pkJRLPJ4jzAx0tHEbkAQT317Lt6ENWntLraNXC8T99o G7pDyvqajc2D09/UTkYutMoNJrH06oc5jSLBokE= X-Google-Smtp-Source: APXvYqx4wzuhqyh118Ns4k4MklbSjO4gcbd7AARywzEHoCZfrJ4JpQCNSYNusG3I41PFJ8rcHLlNRX2AJkxVtyz31wM= X-Received: by 2002:a6b:ca85:: with SMTP id a127mr8804241iog.278.1569103312775; Sat, 21 Sep 2019 15:01:52 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: In-Reply-To: From: Matt Turner Date: Sat, 21 Sep 2019 15:01:38 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [gentoo-dev] Re: [RFC] Adding 'GPL-2-only', 'GPL-3-only' etc. license variants for better auditing To: gentoo development Cc: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= , licenses Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 420baee2-3ab4-4d88-ac95-cc099d7b4446 X-Archives-Hash: 279b4836f0a231dd36535f2d9bac74e1 On Sat, Sep 21, 2019 at 1:58 PM Ulrich Mueller wrote: > > >>>>> On Sat, 21 Sep 2019, Micha=C5=82 G=C3=B3rny wrote: > > > I'd like to propose to employ a more systematic method of resolving thi= s > > problem. I would like to add additional explicit 'GPL-n-only' licenses= , > > and discourage using short 'GPL-n' in favor of them. The end result > > would be three licenses per every version/variant, e.g.: > > > GPL-2-only -- version 2 only > > GPL-2+ -- version 2 or newer > > GPL-2 -- might be either, audit necessary > > To elaborate a bit more on this: "GPL-2" already has that well defined > meaning that your proposed "GPL-2-only" has, namely that the package is > licensed under the GNU General Public License, version 2. We are all aware. But the point is to explicitly put "-only" in the LICENSE metadata so that ebuild authors are less likely to confuse GPL-2 vs GPL-2+. > Presumably, your change would cause a long transition time, in which we > would have *three* variants for every GPL version (as well as LGPL, > AGPL, FDL), two of them with identical meaning. And after the transition > time, we would have "GPL-2-only" instead of "GPL-2", which is not only > longer but also not accurate. Sure, but who cares about a long transition time? We still have EAPI=3D0 ebuilds in tree -- and that's okay since we can quickly and easily tell what hasn't been transitioned! > Plus, it would result in paradoxical entries like "|| ( GPL-2-only > GPL-3-only )" for a package that can be distributed under GPL versions 2 > or 3 but no later version. That paradoxical entry is pretty clear to me. > If the goal of this exercise is to do an audit of ebuilds labelled as > "GPL-2", then a less intrusive approach (which I had already suggested > when this issue had last been discussed) would be to add a comment to > the LICENSE line, either saying "# GPL-2 only" for packages that have > been verified. Or the other way aroung, starting with a comment saying > that it is undecided, which would be removed after an audit. This would It's not a one-time audit. Micha=C5=82 has a history of fixing things in ways that does not allow the issue to return. I imagine that's what he's doing here, and it would not surprise me at all if something could be wired into CI to help ensure this. > have the advantage not to confuse users, and have no impact on their > ACCEPT_LICENSE settings. (For example, some people exclude AGPL and > would have to add entries for AGPL-3-only.) Trivial concern solved with a news item.