spdx / license-list-XML

This is the repository for the master files that comprise the SPDX License List
Other
355 stars 288 forks source link

any-OSI text was changes #2563

Closed jplesnik closed 2 weeks ago

jplesnik commented 2 months ago

I am maintainer of perl-Exporter-Tidy in Fedora. There is new version of the module. It contains update any-OSI license text to Debian-approved version. The new text is

This software may be redistributed under the terms of the GPL, LGPL,
modified BSD, or Artistic license, or any of the other OSI approved
licenses listed at http://www.opensource.org/licenses/alphabetical.
Distribution is allowed under all of these licenses, or any smaller
subset of multiple or just one of these licenses.

When using a packaged version, please refer to the package metadata to see
under which license terms it was distributed. Alternatively, a distributor
may choose to replace the LICENSE section of the documentation and/or
include a LICENSE file to reflect the license(s) they chose to redistribute
under.

https://metacpan.org/release/JUERD/Exporter-Tidy-0.09/view/Tidy.pm#LICENSE

What should I do?

License request for any-OSI (https://github.com/spdx/license-list-XML/issues/2243)

richardfontana commented 2 months ago

@jplesnik note also we will need a new issue at gitlab.com/fedora/legal/fedora-license-data.

jlovejoy commented 1 month ago

for convenience here, the text for any-OSI is: "Pick your favourite OSI approved license :) http://www.opensource.org/licenses/alphabetical"

I would say that the meaning here is roughly the same. Even though it lists a few licenses specifically, it then says, "or any of the other OSI approved licenses listed at http://www.opensource.org/licenses/alphabetical"

I'm not sure what to make of this addition: "Distribution is allowed under all of these licenses, or any smaller subset of multiple or just one of these licenses."

richardfontana commented 1 month ago

I don't think the meaning should be seen as the same (looking at the two license texts from an SPDX-legal sort of lens), for the following reasons:

  1. The original can be read it as saying "Pick one OSI-approved license". The new one gets rid of that ambiguity.
  2. The new one is more specific about what licenses are choosable: "any of the . . . OSI approved licenses listed at http://www.opensource.org/licenses/alphabetical". This is arguably narrower than "OSI-approved license" since (I'm pretty sure) there are OSI-approved licenses that have been removed from the OSI website, or at least from being linked to at that URL (for example, certain deprecated licenses).
  3. The new one says "Distribution is allowed under all of these licenses, or any smaller subset of multiple or just one of these licenses." It is not clear that this is permitted under the old license -- this is the same issue as 1 ("any OSI-approved license" can be read as meaning "one specific OSI-approved license"). Mind you, I don't consider that the best reading but I think for SPDX to treat these two licenses as equivalent would be inconsistent with how SPDX has treated other similar or related licenses.
swinslow commented 4 weeks ago

Discussed on 2024-10-24 legal team call, agreed to add as a new license ID any-OSI-perl-modules, name "Any OSI License - Perl Modules". Noted that this new text has been used for a few different Perl modules in the past (possibly all by the same upstream author).

jlovejoy commented 4 weeks ago

License Inclusion Decision

Decision:

Name

Any OSI License - Perl Modules

License ID

any-OSI-perl-modules

XML markup

none

Notes:

This is similar in spirit to any-OSI, but has some more specific text. It is used in several Perl modules.

URLs

use above and add: https://metacpan.org/pod/Qmail::Deliverable::Client#LICENSE and https://metacpan.org/pod/Net::MQTT::Simple#LICENSE

Next steps

If the license has been accepted, please follow the accepted-license process to create the PR.

github-actions[bot] commented 2 weeks ago

This new license/exception request has been accepted and the information for the license/exception has been merged to the repository. Thank you to everyone who has participated! The license/exception will be published at https://spdx.org/licenses/ as part of the next SPDX License List release, which is expected to be in three months' time or sooner. In the interim, the new license will appear on the license list preview site at https://spdx.github.io/license-list-data/. This is an automated message.