Re: Switching to SPDX license tags

To: Thomas Klausner <wiz%NetBSD.org@localhost>
Subject: Re: Switching to SPDX license tags
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sat, 04 Feb 2023 20:18:17 -0500

Thomas Klausner <wiz%NetBSD.org@localhost> writes:

>>   1) Right now one can tell from a license tag if the license is one or
>>   more of Free/Open/DFSG (henceforth Freeish), or not; things with
>>   -license aren't Freeish and things without license are Freeish.  I
>>   think that's useful.  Even if someone has put some non-Freeish
>>   foo-license in DEFAULT_ACCEPTABLE, I think it's reasonable for them to
>>   want to know of some other package under that license.  For me, it's
>>   situational: I am willing to install a particular package with a
>>   non-Freeish license after thought.   I'm not proposing changing the
>>   rules, but I would like show-license extended to be:
>> 
>>     $ make show-license
>>     gnu-gpl-v3-or-later: In DEFAULT_ACCEPTABLE_LICENSES.  In ACCEPTABLE_LICENSES.
>> 
>>     $ make show-license
>>     generic-non-license: Not in DEFAULT_ACCEPTABLE_LICENSES.  Not in ACCEPTABLE_LICENSES.
>> 
>>   to basically restore the property that one can tell Freeish-ness from
>>   the tag.
>
> I think this is orthogonal to the proposal.

Thanks for adding support, but I don't think it's orthogonal.  Right now
one can look at a LICENSE line and tell whether it is Freeish or not,
because foo and bar are Freeish and baz-license and bam-pow-license are
not.  SPDX does not encode this in the names, so you just have to know.
For most Freeish licenses, people will recognize them, but there are a
ton of boutique licenses that are close enough on reading to be
comfortable but not close enough to label (esp MIT/X11 variants).  And
there are non-Free licenses that people try to pass off as Free, which
are going to lose their warning "-license".  So being able to know
quickly Freeish vs not -- or some closely related property -- is
avoiding a regression.

(I agree that ACCEPTABLE_LICENSES is new; it's
DEFAULT_ACCEPTABLE_LICENSES that is fixing the regression, modulo agpl
which is a notable (and perhaps only) exception.)

>>   2) Your plan implies that all license tags we have are in SPDX.  I
>>   really doubt that.   There's an obvious modification which is to leave
>>   some foo-license and generic-nonlicense and maybe some bar (Freeish
>>   not covered), not rewrite the tags and not delete  them, instead only
>>   gcing license files that are not pointed to by anything in pkgsrc.
>
> Yes, that could be that SPDX doesn't have all of them. On the other
> hand, it's been around for 8+ years so I think it should cover most of
> them, but of course we can just leave alone those it doesn't.

Leaving them alone is fine.  I do expect significant numbers of oddball
licenses to not show up in SPDX, but if they do, that's fine.

References:
- Switching to SPDX license tags
  - From: Thomas Klausner
- Re: Switching to SPDX license tags
  - From: Greg Troxel
- Re: Switching to SPDX license tags
  - From: Thomas Klausner

Prev by Date: daily pkgsrc CVS update output
Next by Date: daily pkgsrc CVS update output
Previous by Thread: Re: Switching to SPDX license tags
Next by Thread: Re: Switching to SPDX license tags
Indexes:

Home | Main Index | Thread Index | Old Index