1. Messages
  2. Is "+" a valid character of a LicenseRef idstring?

Re: Is "+" a valid character of a LicenseRef idstring?

David A. Wheeler
 

Philippe Ombredanne:
The focus is not only on the GPL: well over 25% of the SPDX licenses DO HAVE a "this or later version" clause....
In the grand scheme of things, "only" and "or later" are minute technicalities that the large majority of software users do not care for. The licenses requirements are essentially the same and "later or not later" is not the question. Only a few licensing mavens care about this and they know how to deal with it.
These are not minor technicalities from a legal point of view; versions are important. They control what is allowed and not allowed.

It's true that many developers don't care about license versions, but many developers don't care about licensing or if what they're doing is legal. I know we *do* agree that we should work for a higher standard :-).

But SPDX is likely stuck with this inconsistent legacy and yes this is hard to escape without creating more mess. It does not mean that we cannot try to clarify and improve things.
Sure, but I think "GPL-2.0" MUST continue to mean "GPL version 2.0 and no other version", because that's the spec that everyone is depending on, this is a common case, and this is the convention that all other license naming systems also. Changing a key existing meaning in a standard is a bad thing.

Perhaps SPDX should add an additional postfix operation like "!" to mean "exactly this version and no other". Then encourage always using the postfixes "+" or "!" in license expressions for licenses that have "or any later version" text. E.G., "GPL-2.0!" might be the preferred way to express "exactly GPL version 2.0" while "GPL-2.0+" would continue to mean "GPL version 2.0 or later". Then you can deprecate license expressions where a license uses "or any later version" text and omits a postfix (e.g., "GPL-2.0" is a legal name of a license but a deprecated license expression). You could even allow postfix "?" to mean it's unknown if later versions are allowed or not, a plausible tool result. This would mean that SPDX would need to track which licenses have "or later version" text, to encourage people add the postfix operation, but that's easily done.

--- David A. Wheeler
Join {Spdx-legal@lists.spdx.org to automatically receive all group messages.