Re: Is "+" a valid character of a LicenseRef idstring?


Philippe Ombredanne
 

On Mon, Nov 2, 2015 at 9:12 PM, Wheeler, David A <dwheeler@...> wrote:
Philippe Ombredanne:
This + is a suffix and not a freestanding character, right?
Then again we would be better off to get rid of the plus entirely!
You may be confusing a SPDX "license identifier" and a SPDX "license
expression". It's a subtle point.
I am not confusing these at all. The gist of what I am saying is that
the plus is a legacy that should not be there. It does not make sense to
add to the large majority of GPL in the wild a + just to deal with a few
exceptions that do not allow other versions. Exceptions should be dealt
with an exception not with an extra + in an expression.

The purpose of a "license identifier" is to identify a specific text
of a specific license text, using a short name. In SPDX 2.0 there is
no "+" in a standard license identifier. In particular, "GPL-2.0" is
a license identifier, and "GPL-2.0+" is *NOT*. If all you want to do
is identify a particular license text, use a license identifier. No
"+"exists at the end of a license identifier.

However, a "license identifier" is often inadequate for describing
the licensing requirements imposed on users and later developers.
Many packages have different subcomponents with different licenses.
Many packages include the text of some license (such as the GPL
version 2.0), but there are often two possible cases:
- You must use this particular version of the license.
- You may use this or any later version of the license.
Thus, SPDX 2.0 defines a "license expression" for describing how
license texts apply to software packages,. A license expression is
built out of license identifiers but adds ways to describe how the
license texts are used. A "+" appended after the name of a license
identifier means "or any later version may also be used". E.G., the
license expressions "(GPL-2.0+ WITH Classpath-Exception-2.0)" and
"(MIT AND BSD-3-CLAUSE)" express how the license text requirements
are imposed on recipients (users and developers). License expressions
use the long-standing convention is that if software is licensed
using "this or any later version" you add a "+" to the name of the
license. You can argue that the "+" should be the default,
but standards typically work best if they build on pre-existing
conventions, and that was certainly the case here.
David:
What you saying in substance is that every time I want state
that code is licensed under the GPL 2.0 or any other version
(which is the default), you want me to craft a special license
expression with a plus. And If do not craft that expression,
then the SPDX meaning is that only the current version applies
and not any later version.

I am saying this instead: Since the default for the GPL is to allow
later versions, we should by default state the opposite:
The few times that "only the current version" should be used, state
this explicitly with an exception.


You say:
GPL-2.0 ==> implies GPL 2.0 only
GPL-2.0+ ==> implies GPL 2.0 or later

I say:
GPL-2.0 ==> implies GPL 2.0 with its defaults (including later versions)
GPL-2.0 with no-other-version ==> implies GPL 2.0 and no other version

Explicit is better than implicit.


My rationale:
Practically the use of a GPL version "only" is much less frequent
than the default "or later" and therefore forcing me to add a plus
is a source of confusion.

The most common use case should be the default and should not
require a special addition of a character in an expression.

"only" should be an exception and not the default, because it is
not the default, nor the prevalent usage of the GPL: it is exceptional.

The fact that the + convention has been used by Linux distros
package maintainers and neither always strictly nor consistently
does not make this right and something that should be endorsed blindly.

So to recap:
I am NOT arguing about the syntax to express this.

I am arguing about the essence of the meaning of the plain GPL-2.0
license key in a simple expression.

The mere use of a GPL-2.0 identifier should convey that the license
is GPL-2.0 or any other version.

We should have an exception to convey the rarer cases when only
the stated version applies.

The benefits are:
1. no ambiguity about the meaning of widely used licenses such as
the GPL.
2. simpler spec
2. simpler expressions in most cases, more verbose and more explicit
expressions when needed in some rarer cases.

--
Cordially
Philippe Ombredanne

Join Spdx-legal@lists.spdx.org to automatically receive all group messages.