search

aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://aboutcode.org/scancode/
2.14k stars 552 forks source link

Add new "versions" of the GPL and GNU licenses! :smiling_imp: #3985

Open pombredanne opened 5 days ago

pombredanne commented 5 days ago

Description

As reported by @armijnhemel the FSF has silently published new versions of the GPL 2.0, and likely other licenses, including backporting these modifications to old versions of the licenses :smiling_imp: because why would you need to respect the version number of legal document that demands to be reproduced verbatim?

The address is gone, so is Ty Coon: See this diff https://gist.github.com/pombredanne/0916054e078a7bd033b04da84bb659eb/revisions

And there are likely many other licenses also affected.

mjherzog commented 5 days ago

This is a job for SPDX. We should not work on this until we found what if anything the SPDX Legal group will do about this.

DennisClark commented 5 days ago

Totally agreed with @mjherzog on this one; this is a job for the SPDX Legal group.

pombredanne commented 5 days ago

@mjherzog @DennisClark we still need to add the new texts as rules for detection purpose

DennisClark commented 5 days ago

Interesting that the official FSF text (as we knew it anyway) included these bits:

"Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed."

"Each version is given a distinguishing version number."

I guess they did not read their own license when they started changing it without assigning a new version number.

armijnhemel commented 1 day ago

So has anyone informed the SPDX legal group? :)

--edit-- ah yes: https://github.com/spdx/license-list-XML/issues/2568

tieguy commented 11 hours ago

Interesting that the official FSF text (as we knew it anyway) included these bits:

"Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed."

"Each version is given a distinguishing version number."

I guess they did not read their own license when they started changing it without assigning a new version number.

Didn't know GitHub needs a sobbing emoji until now