[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DEP5: License section

[ quoted text reordered, for factorization purposes ]

On Thu, Dec 16, 2010 at 09:36:21PM +0900, Charles Plessy wrote:
> I have compared the DEP5 and SPDX license short names:

Thanks a lot for this effort!

> For DEP5: http://dep.debian.net/deps/dep5

Uhm, this unfortunately is not the latest draft; Lars: can you confirm
that the diff produced by Charles still applies?

>  - In both specifications, for versionned licenses the version number
>    is added after a minus sign. In SPDX, a decimal number is sometimes
>    added even when the license text does not (at least for EFL-2.0).

We could either ignore the difference [1] or propose SPDX to adopt DEP-5
convention, which seems saner (why should they add a ".0" if the license
lacks it? and if they want to, why only ".0" and not ".0.0"? it seems
rather arbitrary...).

[1] assuming conversion tools will be able to normalize version
    numbering---while that is hard in general, for license versioning
    it's probably a sound assumption

>  - The Artistic license version 1 is absent from SPDX.

I agree with Lars that sets differences (i.e. "License FOO is in DEP-5
but not in SPDX" or vice-versa) are not particularly worrisome at this

I propose to ignore this difference.

>  - SPDX contains a BSD-3-Clauses and a BSD-3-Clauses license, where
		     one of these two is a typo, I take?

>    some parts (year, copyright, organization) are substituted with
>    placeholders. This can not work with DEP5, because of its
>    standalone license sections.

If I understand correctly, that simply means that SPDX offers a more
compact representation of something that in DEP-5 will be more verbose,
is that it? If yes, it's not a big deal and can be changed later on,
without affecting backward compatibility.

If it is the case, I propose to ignore this difference.

Still ...

>  - DEP5’s FreeBSD is SPDX’s BSD-2-Clauses. In that case, there are no
>    generic placeholders.
>  - SPDX does not contain the CC0, Expat, nor Perl licenses.

... the question of how to call the "FreeBSD" license stays. It seems
that while FSF is calling it "FreeBSD license", "BSD 2 clauses" is more
widespread; that is unsurprisingly, as it's easy to classify BSD
licenses according to the number of clauses. In that respect, SPDX
naming looks saner. Also, I duly note that it cannot be simplified
further down to BSD-2/BSD-3, as that will clash with license versioning

Bottom line: I propose to adopt SPDX naming for BSD licenses.

>  - ‘or any later version’ is represented in SPDX as a different
>    license, with a short name ending by a plus, like ‘GPL-3.0+’.

How is this different from DEP5?

>  - In SPDX, each exception to the GPL is considered a separate
>    license. For instance: GPL-2.0-bison. There is no short GPL name
>    combining an exception with the ‘or any later version’ statement.

In fact, DEP5 choice can be seen as introducing new license names as
well, except that they include spaces and provide a clear convention,
e.g. "GPL-2+ with OpenSSL exception".

That is strictly more expressive than introducing a new license name, as
it permits not only to give a name to the license, but also to
distinguish the base license from the exception applied to it. That
might enable useful analysis as well as the formation of a vocabulary of

I propose to stick to our choice and propose it to SPDX for adoption.

>  - LGPL+ means in SPDX that no version was specified. There is no such
>    convention for the GPL.

... and hence is bad, as ad-hoc is bad :-)

I propose to ignore this one.

>  - The GNU Free Documentation License is called GFDL in DEP5 and FDL
>    in SPDX.  SPDX does not provide a name for the ‘no invariants’
>    exception.

Sounds like a good case where supporting two different names as synonyms
might be good, i.e. "FDL" and "GFDL" will mean the same thing. They seem
to be both quite widespread. How about that?

>  - The licence of Python was subjected to extensive research in the SPDX
>    working group (https://fossbazaar.org/pipermail/spdx/). The table contains
>    the Python and Python-CNRI short names (PSF in DEP5).

Looks like we can adopt SPDX names out of the box, on this.

>  - Other discrepancies between DEP5 and SPDX: Eiffel / EFL-2.0,
>    W3C-software / W3C and ZLIB / Zlib.

Ditto, although I object the "-2.0" when it should really be "2".

>  - SPDX's MIT license is from:
>    http://www.opensource.org/licenses/mit-license.html.

I don't get this difference, can you please expand?

Hope this helps,

Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, |  .  |. I've fans everywhere
ti resta John Fante -- V. Capossela .......| ..: |.......... -- C. Adams

Attachment: signature.asc
Description: Digital signature

Reply to: