Re: only/or later and the goals of SPDX

Philippe Ombredanne

On Tue, Nov 7, 2017 at 5:06 AM, J Lovejoy <opensource@...> wrote:
Hi John, all,

Finally getting back to this important issue after 3 weeks of traveling. As
we have made some progress with preparations for the next release otherwise,
I’m keen to try and sort out the final issues here, so we can include the
resulting changes in this release as well. As it’s been some time, here is
a link to my original summary to which others responded:

As to deprecating the plain identifier - functionally, the only way to do
this - that I can see - is to have the “only” and “any later version”
options hard-coded into the license list for the GNU licenses, as they used
to be, that is:
- the current GPL-2.0 (which means “only) would be changed to GPL-2.0-only
- GPL-2.0+ which is currently created by using the + operator, would be
added back to the license list as a separate line item.
I think we had discussed this prior, but the issue of losing the + operator
to be used with other licenses could cause other problems. What did not
occur to me, nor did we discuss, was the idea of doing the above for the GNU
family of licenses, but also keeping the + operator to be used with other
licenses. This would effectively treat the GNU family licenses differently,
and also makes it so the identifiers always indicate “only” or “any later
I think the thing that makes the GNU family of licenses different from other
licenses or potentially ambiguous in the case above is NOT what was found
(the license text of a specific license was found), nor even what version of
the license text was found, but the absence of specific additional statement

not sure if this helps, but at least getting the conversation going again!
I think Trevor has a response with further info, which I’ll respond to in
turn as well.
Thank you for the detailed write up and hard work you are pouring into

John and all:
I find this whole discussion quixotic: noble but pointless!
This ship has sailed IMHO long ago and GPL-2.0 means GPL-2.0 and no
later version to most everyone.

This has been the case pre-SPDX in Linux and Linux distros.
This is the case now that we see major adoption of SDPX licenses
identifiers in U-Boot, Linux, Eclipse, NPM, Rubygems and more.
e.g. 100K+ projects, programmers and files are using GPL-2.0 as
meaning GPL-2.0 and only!

FWIW we had a discussion on this in 2015 [1] in the thread
"Is "+" a valid character of a LicenseRef idstring?"

I was then on the side of making this precise and stating that GPL-2.0
meant any later version by default. David Wheeler quite rightly
dismissed my arguments then and I fully agree with him now.

I think that whatever is done on the SPDX side to be
precise vs. being accurate-enough and good-enough will unlikely ever
be adopted as the magnitude of the education and changes required
would be immense for minuscule benefits and hyper confusion.

Furthermore, this futility may hinder SPDX adoption and our less
noble quest to simplify licensing statements in a good enough way.

In recap, I find it futile and pointless and there are zero benefits
for SPDX and zero benefits for the vast majority of programmers.
I am really sorry folks are wasting their time discussing this.
Therefore, I wish we could just stop discussing this distracting topic
as there are so many other more important things to deal with.

Philippe Ombredanne

Join to automatically receive all group messages.