Hello, While working on upstreaming a package, vscode (binary release) [1] into Gentoo through proxy-maint, I got to deal with a big number of licenses that are not available in gentoo/licenses and need to be added. The licenses in gentoo/licenses sometimes have a trailing `.0` version number, like `ECL-2.0` and sometimes not, like `BSD-2`: adding an extra `.0` or removing it makes `repoman` not find the license anymore. I could not find documentation if it's important to have the trailing `.0` correct with the files inside `gentoo/licenses` or not. If the trailing `.0` is important, it seems interesting to me to follow the identifiers, along with the numbering scheme, given in ref [2]: it seems to include the trailing `.0` in every license. Also, the naming scheme in `gentoo/licenses` does not always use the same identifiers as [2]. I do not know if there is a universal convention or not but I would like some feedback at least for the new licenses that need to be added. Thank you for your help. Adel [1] https://github.com/gentoo/gentoo/pull/20710 [2] https://spdx.org/licenses/
For what my opinion can count, I'll like to see/use only SPDX identifiers instead of custom names
SPDX names came up in the license team multiple times. There's general agreement that we usually want to prefer SPDX names, but it was never made a hard rule as changing existing licenses is somewhat problematic. I think you can safely assume that if an SPDX name exists for a new license then you should use that.
(In reply to Adel KARA SLIMANE from comment #0) > The licenses in gentoo/licenses sometimes have a trailing `.0` version > number, like `ECL-2.0` and sometimes not, like `BSD-2`: adding an extra `.0` > or removing it makes `repoman` not find the license anymore. I could not > find documentation if it's important to have the trailing `.0` correct with > the files inside `gentoo/licenses` or not. For some licenses the number is not a version, but part of the name. For example, BSD-2 is the "2-clause BSD license" (or "FreeBSD license" as the FSF calls it). If it is a version, we usually follow upstream versioning, e.g. GPL-2 for version 2 of the GNU GPL, or CC-BY-4.0 for version 4.0 of the Creative Commons Attribution License. > If the trailing `.0` is important, it seems interesting to me to follow the > identifiers, along with the numbering scheme, given in ref [2]: it seems to > include the trailing `.0` in every license. Sorry, but I fail to see a consistent scheme in their versioning. There are licenses with 1, 2, or more numeric components. Sometimes they invent numbers that don't exist in the upstream version (e.g., GPL-2.0 instead of GPL-2), or they arbitrarily change numbers (e.g., Zend-2.0 instead of Zend-2.00), or they omit them (e.g., WTFPL instead of WTFPL-2). The latter is especially stupid when it ends up being contradictory (e.g., they have SISSL alongside SISSL-1.2). Or consider W3C, W3C-19980720, W3C-20150513 and guess how their order should be. Also (as for the Gentoo versions) their number is sometimes not a version at all, e.g. MIT-0. > Also, the naming scheme in `gentoo/licenses` does not always use the same > identifiers as [2]. I do not know if there is a universal convention or not > but I would like some feedback at least for the new licenses that need to be > added. See below. (In reply to Hanno Böck from comment #2) > SPDX names came up in the license team multiple times. There's general > agreement that we usually want to prefer SPDX names, but it was never made a > hard rule as changing existing licenses is somewhat problematic. Also some of their identifiers are problematic (e.g., they're excessively long), and they have changed their identifiers more than once in the past, even for such popular licenses as the GPL. > I think you can safely assume that if an SPDX name exists for a new license > then you should use that. The policy is explained in the devmanual: https://devmanual.gentoo.org/general-concepts/licenses/index.html#adding-new-licenses "When adding a new license, it should be checked whether there is an established name in the SPDX license list. However, Gentoo does not consider the Software Package Data Exchange to be an authoritative standard, so we may sometimes deviate from it, e.g., if their 'short identifier' is excessively long. Also, we generally don't rename our existing identifiers."
Alright! thank you very much for your input. I will do my best and try to be consistent with SPDX and the numbers. For now the license list I retrieved for vscode seems suspiciously long. I will see if I can narrow it down. Once things seem to be settled I'll ask for feedback on the naming of the licenses to be added.
I don't think that we will take any action on a global level here. I just went through our list of licenses, and with very few exceptions, versions are consistent with either upstream or SPDX. One candidate for renaming would be Artistic-2 which should be 2.0 really. Then again, that license was added in 2002 before its final version number was even established. And as I said above, renaming a popular license is quite some effort for developers and users, for little benefit. So we are very reluctant do do that.
I agree, not touching what's already there is good choice given the little benefits it brings. I have two ideas/suggestions: * Why not import the complete list of licenses listed in SPDX, once and for all ? I see a few benefits: the licensing team decides in the final naming of each license, maintainers unacquainted to licenses will have less trouble with them and only reference them. * About the scripts matching license names between what's written in EBUILDs and what's in "gentoo/licenses", to simplify the license part when writing EBUILDs - The trailing ".0" can be programmatically relaxed: if one writes "GPL-2.0" in an EBUILD then the script will look for the same name with and without and if it finds anything it considers it a match. License names would still remain unique - Make the matching case insensitive. License names would still remain unique Otherwise, the interesting part is about adding new licenses, to summarize the feedback I got: as stated in the documentation [1] follow SPDX short naming if the license is listed there. The license team reserve the right to change the naming as it sees fit. I think it's possible to follow commits that add licenses and check that. I don't think many licenses get added in any short period of time. Thank you. [1] https://devmanual.gentoo.org/general-concepts/licenses/index.html#adding-new-licenses
(In reply to Adel KARA SLIMANE from comment #6) I had suggested in the past (e.g., bug 706472 comment #3) that we could have a mapping file between our license labels and SPDX labels. That would allow automatic matching, without any need for renaming. > - The trailing ".0" can be programmatically relaxed: if one writes > "GPL-2.0" in an EBUILD then the script will look for the same name with and > without and if it finds anything it considers it a match. License names > would still remain unique > - Make the matching case insensitive. License names would still remain > unique IMHO trying to be clever about the matching won't fly. There are too many exceptions for that to work reliably.
The idea would be to relax few things to improve the overall experience with writing EBUILDs but not be through. I think case-insensitivity would be a good idea ? Especially with those automatic tools that match licenses. The ".0" approach could be implemented with single digit licenses and two-digit "x.y" licenses only, for example, which would cover a big number of cases but not all.
