mozilla / addons

☂ Umbrella repository for Mozilla Addons ✨
Other
127 stars 41 forks source link

Allow GNU [L]GPL x.x or later #5722

Closed davidhedlund closed 6 years ago

davidhedlund commented 6 years ago

Describe the problem and steps to reproduce it:

Visited https://addons.mozilla.org/en-US/developers/addon/ENTRY/ownership

What happened?

I can choose one of the following licenses:

GNU General Public License, version 2.0 GNU General Public License, version 3.0 GNU Lesser General Public License, version 2.1 GNU Lesser General Public License, version 3.0

What did you expect to happen?

SPDX has always had a way to identify the “this version only” and “any later version” options, for example via GPL-2.0 and GPL-2.0+ respectively. In practice, however, GPL-2.0 was not always used to mean “only version 2” as defined in the SPDX License List. It was often used by default to refer to the GPL version 2 text as drafted to include this version or any later version. - https://spdx.org/news/news/2018/01/license-list-30-released

The "or later" options are relevant and have separate entries in the SPDX database (https://spdx.org/licenses/GPL-3.0-only.html and https://spdx.org/licenses/GPL-3.0-or-later.html).

GNU General Public License v2.0 only GNU General Public License v2.0 or later (GNU General Public License, version 2.0 -- Mozilla's full name identifier) GNU General Public License v3.0 only GNU General Public License v3.0 or later (GNU General Public License, version 3.0 -- Mozilla's full name identifier) GNU Lesser General Public License v2.1 only GNU Lesser General Public License v2.1 or later (GNU Lesser General Public License, version 2.1 -- Mozilla's full name identifier) GNU Lesser General Public License v3.0 only GNU Lesser General Public License v3.0 or later (GNU Lesser General Public License, version 3.0 -- Mozilla's full name identifier)

Anything else we should know?

davidhedlund commented 6 years ago

https://github.com/mozilla/addons-server/issues/8706

davidhedlund commented 6 years ago

I think this issue deserves a high priority. A lot of developers that distributed their add-ons under:

ian-kelling commented 6 years ago

I agree this issue should be prioritized. For reference:

https://www.fsf.org/blogs/rms/rms-article-for-claritys-sake-please-dont-say-licensed-under-gnu-gpl-2

davidhedlund commented 6 years ago

https://spdx.org/news/news/2018/01/license-list-30-released

Clarified Identifiers for GNU Licenses

In a collaborative effort between the Free Software Foundation (FSF) and the SPDX working group to help facilitate clarity and better license identification practices, we have updated the short identifiers for the GNU family of licenses to support more precise and consistent usage. ... As such, the next release of the SPDX License List v3.0 will reflect the changes to the GNU family of licenses following this pattern:

GPL-2.0-only GPL-2.0-or-later

Why 3.0 and not 2.7?

A major version numbering change was used with this release to act as a clear signal to users of the license list, that this release wasn’t a business as usual. Given the significance of the changes on how licenses are represented internally, new tooling is now possible to improve the fidelity of license recognition. In addition, the short form identifier naming changes to address the FSF concerns with how the GPL licenses are represented and deprecation of the prior GNU license identifiers will impact some projects.

EnTeQuAk commented 6 years ago

You can always define your own, custom license if you want to. So using the "or later" licenses should just work fine for you already.

I think this issue deserves a high priority. A lot of developers that distributed their add-ons under:

GNU [L]GPL version x.x -- problaby wanted it to be distributed under: GNU [L]GPL version x.x or later.

Personally, I don't think so. Although the "or later" gives you the ability to receive minor version updates of the GPL it's still an implicit update of how your software is being distributed and many people don't like that. Same reason why you are actually pinning your software dependencies, implicit updates are always harder to control so defaulting to the pinned version sounds perfectly fine to me.

The "or later" addition is an option someone can actively choose which we already support. Making that process more complicated may not be in the interest of our developers.

Let's see what @jvillalobos thinks about that though.

jvillalobos commented 6 years ago

Yeah, I don't see how it's useful to choose "2.0 or later" when we have 3.0 as an option, or "3.0 or later" when that's the latest version and there's little way to know what a 4.0 might be like. They're fine choices if the developers want to use them, and the savvier ones can use the "other" license option for that purpose.

But, for developers who are just signaling their add-on is open source, I think it's overkill to include the "or later" options on top of the existing ones.

davidhedlund commented 6 years ago

@jvillalobos Did you read https://www.fsf.org/blogs/rms/rms-article-for-claritys-sake-please-dont-say-licensed-under-gnu-gpl-2 as suggested by Ian above?

jvillalobos commented 6 years ago

I didn't. I understand this is important to people who care deeply about open source, but I agree with Chris that it's not the best way to go for our developers.