Re: Combined version of LGPL + GPL 3.0

Home Messages Hashtags Subgroups

#2969

Re: Combined version of LGPL + GPL 3.0

Philippe Ombredanne #2969 Dear Sebastian, Max: On Wed, Jul 28, 2021 at 7:03 PM Sebastian <seabass-labrax@...> wrote: - Users of REUSE would simply need to download LGPL-3.0 via the REUSE tool. The tool fetches the SPDX License List's text, including with the optional sections. As a result, no further action would be needed to comply with the LGPL's condition that the GPL be included. That's the source of the issue. License texts in SPDX have never been designed to be used as a reference for attribution. This is unfortunately commonly done but ends up more often than not with garbled text because of the extra adornments, templating, commentaries or placeholders present in SPDX texts. MO, this should be clarified on the SPDX web site to avoid this trap. Max: The problem is simply that REUSE should not reuse the SPDX texts but instead use its own reference texts. For instance, on my side we maintain our own reference texts in ScanCode and AttributeCode for attribution, and these texts have been cleaned from SPDX adornments, comments, placeholders and similar. Alternatively SPDX could add a new reference text for each tracked license (when it differs from the existing text) which would be a useful public service and would avoid the confusion we have today. There you could have an LGPL+GPL thing, best combined with some extra statement to clarify what the GPL text means here. And REUSE could then use this alright - License scanning tools following the SPDX License Matching Guidelines would not be affected: as the entire GPL section is surrounded by <optional> tags, existing occurrences of the LGPL text would still be matched as LGPL, as has been the case thus far. If you have a file that contains only the full text of the LGPL and the full text of the GPL there is no way to disambiguate, matching guidelines or not. This would throw off matching tools in a trap that would entice them to return misleading results (possibly skipping entirely the GPL) when using SPDX guidelines. Not sure we want this. No tool could determine if we have these licenses: - the LGPL with GPL text included for use in LGPL, e.g. a GPL with an LGPL exception - the LGPL AND the GPL separately, e.g. GPL with an LGPL exception AND a GPL You need an extra statement, declaration, or notice to this effect. You cannot even use an SPDX expression for this for now. How could you sanely express something such as: "the text below is a combination of the LGPL and GPL texts, but the license we meant to document here is really only the LGPL. We included the GPL text because it is included by reference in the LGPL and should be included for redistribution". <rant> In hindsight the LGPL is a bad FOSS license text design since one must include another text but the license does not include it by default. It helps nobody: not the software authors, not the users, not redistributors, nobody. It just requires extra busy work from everyone involved and is a source of head scratching and doubt at best. It could have been because programmers felt it was OK to "import" a license text in another license text .... but a license text is not software code. We have to deal with this mess, let's not make it worse. I feel that the only sane thing at this stage would be to requalify the LGPL-3.0 correctly as an exception to the GPL because this is it. </rant> -- Cordially Philippe Ombredanne license texts janitor
More All Messages By This Member

View All 15 Messages In Topic

#2969

Join {Spdx-legal@lists.spdx.org to automatically receive all group messages.

Home Hashtags Subgroups Terms