From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_NEOMUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBEF1C282CE for ; Wed, 22 May 2019 19:10:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B99D820868 for ; Wed, 22 May 2019 19:10:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729688AbfEVTKX (ORCPT ); Wed, 22 May 2019 15:10:23 -0400 Received: from protestant.ebb.org ([50.56.179.12]:59689 "EHLO protestant.ebb.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729018AbfEVTKX (ORCPT ); Wed, 22 May 2019 15:10:23 -0400 Received: from localhost (unknown [216.161.86.19]) (Authenticated sender: bkuhn) by protestant.ebb.org (Postfix) with ESMTPSA id 1E4F7820B6; Wed, 22 May 2019 12:10:22 -0700 (PDT) Date: Wed, 22 May 2019 12:04:42 -0700 From: "Bradley M. Kuhn" To: linux-spdx@vger.kernel.org Subject: Re: clarification on -only and -or-later Message-ID: <20190522190442.5geeckoxfvj3fdvw@ebb.org> References: <13E71306-C67C-418B-AB71-2C926B3EA58E@jilayne.com> <20190521172435.aez323uuvjcghejd@ebb.org> <595412F8-2FA4-4898-8B98-0251D493CBDA@jilayne.com> <20190522132347.GC28920@kroah.com> <350495e0-12cb-ff16-69bd-94edf50db133@lohutok.net> <20190522140014.GA8996@kroah.com> <4c1d1302-afe3-febc-ba92-0ff6efdc57d0@lohutok.net> <20190522154511.GA17763@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190522154511.GA17763@kroah.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-spdx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-spdx@vger.kernel.org We should take care not to conflate changes made because: (a) all relevant copyright holders consented, vs. (b) consent not available from the copyright holders. (a) and (b) differ greatly, both politically and legally. With (a), we can certainly ask copyright holders for any notice changes that seem useful, expedient, and would help Linux as a project. (e.g., if, as Thomas says, Red Hat is sole copyright holder of some code and agrees to relicense it from GPL-1.0-or-later to GPL-2.0-or-later, I see no reason not to gleefully accept that and make the change (copyright holders assent well-documented in the commit log with relevant Signed-Off-By: , of course). Similarly, (to "cross" the two active threads a bit), that we really have no worries about old-notice-preservation if all relevant copyright holders assents to replace their old notice with an SPDX Identifier. However, with (b), judgment and risk analysis, both of legal and political nature, will always be required. During the "Great SPDX GPL Identifier Change" last year, Jilayne and I dug deep on the legal judgment/risk-analysis about some of these notices -- in collaboration with FSF (as license steward) and many others in the FOSS licensing community -- to come to conclusions about the two ambiguous cases Jilayne listed as (1) and (3) initially in this thread. Jilayne's suggestions for these cases were presumably informed by that, and I suspect that's why she's recommending them as -or-later conclusions. Nevertheless, if there is political risk (or even, as Greg points out, annoying work not worth doing) involved with moving GPL-1.0-or-later code to (say) GPL-2.0-or-later instead, then there is no reason to do so. Furthermore, such a change also relates to this point: There is danger of taking things that legal analysis concludes are '-or-later' and turning them into '-only'. Narrowing from '-or-later' to '-only' is always permitted by downstream (and also the effective license of the whole work of Linux will undoubtedly remain GPL-2.0-only). However, so many people have expressed a desire for accurate, complete, and as-broad-as-legally-possible file-by-file licensing inventory. This project exists, presumably, to serve those requests. We should strive to make sure that, on a "file-by-file level", this project doesn't inadvertently narrow permissions unduly. Furthermore, combining the work of notice-replacement with license *changing* adds undue risk; the two activities should be fully separated by both time and workflow. If the upshot of this *also* means we live with more GPL-1.0-or-later notices floating around, I don't think it's that big of a deal. Better that than annoyed contributors, and, more importantly, downstream users who wish to take a the more liberal license for some code in the Linux tree, etc. As always, IANAL and TINLA, -- Bradley M. Kuhn Pls. support the charity where I work, Software Freedom Conservancy: https://sfconservancy.org/supporter/