[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DEP5: License section

Le Thu, Dec 16, 2010 at 04:01:51PM +0100, Stefano Zacchiroli a écrit :
> On Thu, Dec 16, 2010 at 09:36:21PM +0900, Charles Plessy wrote:
> > For DEP5: http://dep.debian.net/deps/dep5
> Uhm, this unfortunately is not the latest draft

Sorry for this, I had to jump in the train where I did the work, so I grabbed
the easiest to download. I just looked at the bzr version and it looks the

> >  - SPDX contains a BSD-3-Clauses and a BSD-3-Clauses license, where
>                      ^^^^^
> 		     one of these two is a typo, I take?

Yes, BSD-4-Clauses

> >    some parts (year, copyright, organization) are substituted with
> >    placeholders. This can not work with DEP5, because of its
> >    standalone license sections.
> If I understand correctly, that simply means that SPDX offers a more
> compact representation of something that in DEP-5 will be more verbose,
> is that it? If yes, it's not a big deal and can be changed later on,
> without affecting backward compatibility.

In DEP-5, if there are two files with their license derived from the BSD
license by changing the year, copryight and organisation name, we need to use a
different short name for each, otherwise there is the possibility to infringe
or at least mess with one of the licenses, by displaying the wrong organisation
name in the non-endorsement clause. I do not know how SPDX solves the problem.
But I note that they are inconsistent with the BSD-2-Clauses, that has no
placeholders, so they may probably change one or the other at some point.

> >  - ‘or any later version’ is represented in SPDX as a different
> >    license, with a short name ending by a plus, like ‘GPL-3.0+’.
> How is this different from DEP5?

Not much, but in my understanding of DEP5, GPL-3.0+ is not a different license
from GPL-3.0. The information that any later version is acceptable is usually
found outside the license's text, such as in a README or in the files
boilerplates. Consistently, it is acceptable to point at /usr/share/common-licenses/GPL-3
for a GPL-3.0+ work. But this difference is probably very pedantic…

> >  - SPDX's MIT license is from:
> >    http://www.opensource.org/licenses/mit-license.html.
> I don't get this difference, can you please expand?

DEP-5 notes that several variants of the MIT license exist. I simply indicated
which is the one chosen by SPDX.


Charles Plessy
Tsurumi, Kanagawa, Japan

Reply to: