[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

do SPDX declaration fulfill §17 of GPL?


I found a problematic change in one of my packages:


This looks like a regression of license validity to me, because the
fulfillment of §17 of the GPL was removed from the affected files, and I
suspect that we don't accept standalone SPDX declarations as valid in
ambiguous cases like this one...

Especially when they're as confusing as "GPL-2.0-only OR GPL-3.0-only OR
LicenseRef-KDE-Accepted-GPL", when the provided GPL-3.0-only is
identical to the provided GPL-3.0-or-later, and the restriction of
"only" is not reflected in any headers nor the license text for

Finally, the intent of David Barchiesi appears to have been GPL-2+ OR
GPL-3+...with "KDE e.V." restriction on forward compatibility, but this
is not reflected in the provided

Despite the mess, it appears that the licenses will evaluate to
bin:kio-gdrive as a whole being GPL-3.0-only work, but confidence in
that is low if SPDX declarations do not fulfill §17 of GPL.

I don't want to exploit the fact that the package is already in Debian
as a way to bypass what seems like it might otherwise have been an
ftpmaster reject.

Thank you in advance for your comments!

Attachment: signature.asc
Description: PGP signature

Reply to: