On Mon, Sep 18, 2023 at 2:16 PM Daniel P. Berrangé <berrange(a)redhat.com> wrote:
Auditing the augeas project source file licenses I found a handful of
files where the license was not specified sufficiently clearly. I've
raised this upstream:
[ . . . ]
For the files which merely say:
This file is licensed under the GPL.
I'm not sure what the best practice is ? Can I justify "GPL-1.0-or-later"
in the Fedora spec on the basis that the non-version specific declaration
in the source could legitimately cover any GPL version ?
That seems to be the approach that the Linux kernel has generally
taken in their conversion of source file license notices to
SPDX-License-Identifier: strings. Obviously it's defensible on GPL
interpretation grounds. I personally don't like it, among other
reasons because I think in probably most of these cases the author
must not have meant to encompass GPLv1 in the license grant, since
GPLv1 became rapidly obsolete after the introduction of GPLv2 (unlike
the situation with the introduction of GPLv3). This is pretty
obvioiusly the case for the kernel, which did not adopt the GPL until
(shortly) after the introduction of GPLv2 and which AFAIK always had a
copy of GPLv2, but not GPLv1, in the source code. There might be some
rare exceptions for GPL code copied into the kernel that originated
with pre-Linux projects.
I also think it's a flaw in SPDX, or the application of SPDX
identifiers anyway, that "any version of the GPL" is equated with "GPL
version 1 or later", which I think subtly communicates somethint
different, but I don't think I would succeed in convincing anyone of