From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5DF74138334 for ; Tue, 24 Sep 2019 06:16:56 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BA351E090E; Tue, 24 Sep 2019 06:16:51 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 57EDCE08D0 for ; Tue, 24 Sep 2019 06:16:50 +0000 (UTC) Received: from a1i15 (host2092.kph.uni-mainz.de [134.93.134.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ulm) by smtp.gentoo.org (Postfix) with ESMTPSA id C4F8734B4F5; Tue, 24 Sep 2019 06:16:47 +0000 (UTC) From: Ulrich Mueller To: Jason Zaman Cc: gentoo-dev@lists.gentoo.org, =?utf-8?B?TWljaGHFgiBHw7Nybnk=?= , licenses Subject: Re: [gentoo-dev] Re: [RFC] Adding 'GPL-2-only', 'GPL-3-only' etc. license variants for better auditing References: <20190924014220.GA45747@baraddur.perfinion.com> Date: Tue, 24 Sep 2019 08:16:34 +0200 In-Reply-To: <20190924014220.GA45747@baraddur.perfinion.com> (Jason Zaman's message of "Tue, 24 Sep 2019 09:42:20 +0800") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Archives-Salt: 4335f7d3-1c7a-47c9-9668-8b3a41222995 X-Archives-Hash: 0ae51bcfe715fd8b7bc593ff0619c1c9 --=-=-= Content-Type: text/plain >>>>> On Tue, 24 Sep 2019, Jason Zaman wrote: > The "GPL-2.0" one is deprecated: > https://spdx.org/licenses/GPL-2.0.html > If SPDX moved to having two names "-only" and "-or-later" then we > should too. The main problem is that we will always have licenses that are not in their list. So if they add them later, chances are that we would have to rename ours, forcing our users to update their ACCEPT_LICENSE variable and possibly reinstall packages. Generally, it is also not predictable what they will choose as an identifier. For example, there is "BSD-2-Clause" but "0BSD". Sometimes they stick with the upstream version (e.g. CDDL-1.0), sometimes they invent their own (GPL-2.0-only), and sometimes they drop the version altogether (WTFPL). In addition, they change their names, which would make it even more difficult to catch up. So, we can use SPDX as a guideline when adding _new_ licenses, but I don't see any good reason for renaming existing ones. Especially when the SPDX identifiers aren't stable. Ulrich --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEZlHkP3TnuTbxrN0HwwkGhRxhwnMFAl2JtMQACgkQwwkGhRxh wnM0vgf+JPfYCLlqaPAvCPo622Nsl7i6nIsTQG9i+N3AE53ROfwp0hA1fxLJUhWS 5srQ/5hbUiy/Zb+k6nqGmHszRaOP7PL68/sAz4yvQv9oyNmCXcUJezUzcW4Ig1/m S9aNLzYCk/eq7W7yi7urI3edjVM4MBGixcKJqTEVrFZYM5XokSJ5fdwZz2RYH4RV 6jjiPUU8ZbDHYys+4p/rDYMT3dy3yCloVyV3tujThAmFoFY8Q4m+RAX2uYf/Tvmi 70I2mRJjWdZNMWQrasC8nKZJgnPVMn5hs//Wvga/Gwh1Kb4AkYdH+Hs05+JEXlub Ou7maTAHE0vWjcaex94Fka43FoI+Ug== =Dmin -----END PGP SIGNATURE----- --=-=-=--