THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Legal Team/Minutes/2017-08-17

From SPDX Wiki
Jump to: navigation, search

Attendees

  • Jilayne Lovejoy
  • Paul Madick
  • John Sullivan
  • David Wheeler
  • Bradlee Edmondson
  • Thomas Steenberg
  • Mike Dolan,
  • Bradley Kuhn
  • Alan Tse
  • Kate Stewart

Agenda

Continued joint discussion with tech team as to "only", "or later", and "ambiguous as to version" Below are highlights of discussion attributed to various folks on call (hopefully mostly correct) For the proposal we got to in sum for call, please see: https://wiki.spdx.org/view/Legal_Team/or-later-vs-unclear-disambiguation

  • David Wheeler - summarized as only, Or later, and At least
  • Jilayne - what should the scanner identify. If only find a license file, how identify?
    • 5 file example: 1 license file with full text of GPLv2, 4 source code files with no license information whatsoever
    • what would scanner call license file? GPL-2.0-only, GPL-2.0+ - not comfortable with making call in this case? (4 source code files would be NONE, as per spec)
  • David Wheeler - if only find a license file, how classify. Ie. if GPLv3 license, don’t assert its GPLv3 only or or later, just assert its at least GPLv3.
  • Thomas: supporting use of GPL-2.0 as “at least”, GPL-2.0-only for specific only version., GPL-2.0+. People using GPL-2.0 properly would then have to add "only" operator.
  • Jilayne - if you don’t use operator, it defaults to what the license says. Which should work with the existing licenses beyond GPL. If we add “only”, some of the backwards compatible will need to fix, but they are more likely conscientious (as per Thomas' point). (Gary’s original proposal as I understood it)
  • John - would like to see ambiguous be more clearly articulated - e.g., have the identifier use a word such as, “uncertain”. Need to check what to do if only a version of license in the file? Not keen on “at least” for any version.
  • Jilayne not a fan of "at least" either
  • David: If someone says at least - includes common case. If any version of GPL, its denoted GPL-1.0+.
  • John: If no indication of version, ie. “GPL” - then have ambiguous clearly articulated in some way, so easier to "fix" with only or + operators
  • Jilayne: We’d have to change GPL-2.0 to GPL-2.0-ambiguous
  • David: Two cases “GPL” vs. specific version of the license. Its pretty clear if drop in GPLv3.0 License, its clear I can use GPLv3.0. Especially if no other license reference.
  • Bradley: Agrees ambiguous on what does it mean to not specify version in program specifically.
  • John: Clause always exists in version of GPL even with specific version number… just presence of license is not sufficient ?
  • When should ambiguous identifer should be applied? Should plain identifier be transitioned to -ambiguous?
  • if did this, then would end up with GPL-2.0-ambiguous-+ or GPL-2.0-ambiguous-only - ack!
  • back to Gary's original idea - let "plain" identifier indicate whatever you interpret the license to mean
  • discussion on other licenses from this page and applied proposal to them: https://wiki.spdx.org/view/Legal_Team/later-version-clauses - seems to work. Even if EPL doesn't really allow "only" option, if someone wanted to signify this version only, could choose to honor that and use "only" operator, but EPL-1.0 (plain) would continue to mean what it always has