1. posterid:1024627
  2. Messages

Re: "unclear version" and OR-MAYBE operators (was: reminder: call Thursday)

David A. Wheeler
 

W. Trevor King:
? = “unclear version” - this will be a new modifier to indicate there
is a lack of clarity as to the license version regarding if any
version, or later, or only applies, e.g., I found the text of GPLv2,
but I’m not sure if it’s “only “ or “or later” because there is no
other information. Need further input on the exact word to use here,
i.e, “unclear” “maybe” “ambiguous"
The motivation for this operator seems to be a desire to say “I'm not actually
comfortable drawing a conclusion, but here are some hints…”.
No, the issue is that there *is* some known information (e.g., GPL-2.0 at least is valid).
The problem is that some *other* information is *not* known (e.g., if GPL-3.0+ is valid for the package).


Alexios raised the same concern in the “BSD” context [2]. I still think while
there's not much point to concluding a licence if you're not willing to actually
make a call,
I disagree. In many cases tools can't determine if "or later" is okay, and
99.999% of the time it doesn’t matter. E.g., if I can't tell if it's
GPL-2.0 or GPL-2.0+, most of the time it makes no real difference.

a good generic operator for representing this sort of thing would
be “or maybe they meant” [3] (or some single-word form thereof). That lets
you represent all sorts of ambiguous declarations beyond the narrow “but
I'm not sure which version operator they meant”. For example, you can
represent [4]:

LGPL-2.0 OR-MAYBE LGPL-2.0 AND GPL-2.0 OR-MAYBE LGPL-2.0 OR GPL-2.0
That's an interesting idea. E.g., for the case previously discussed, we could say:

GPL-2.0 OR MAYBE GPL-2.0+

I'd be fine with a "MAYBE" operator. That would address the primary problem I raised, and be even more flexible. I don't know what others would think.

We can provide warnings without an “unclear version” operator. See the
comments on metadata in [6,7]. What an “unclear version” (or “OR-MAYBE”,
etc.) operator does is give you a way for the quasi-concluder to gripe about
poor declarations (in a way that's obvious to human readers even without
tooling) while still providing
*some* information. For example, if any possible GPL license grant is
acceptable to you, maybe:

GPL-2.0 unclear version

or:

GPL-2.0 ONLY OR-MAYBE GPL-2.0+ OR-MAYBE GPL-1.0+

are acceptable to you without further digging.
I think the second version is much better. It *looks* like a SPDX license expression.

--- David A. Wheeler
Join {Spdx-legal@lists.spdx.org to automatically receive all group messages.