Add notes explaining "or later" clause in *GPL*-only licenses #617
Comments
The license text is the same, because it's a single license. The difference is in the recommended grant wording: $ git describe
v3.0
$ diff -u src/AGPL-3.0-*
--- src/AGPL-3.0-only.xml 2018-03-13 16:19:53.794074010 -0700
+++ src/AGPL-3.0-or-later.xml 2018-03-13 16:19:53.794074010 -0700
@@ -1,26 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<SPDXLicenseCollection xmlns="http://www.spdx.org/license">
- <license licenseId="AGPL-3.0-only" isOsiApproved="true"
- name="GNU Affero General Public License v3.0 only">
+ <license licenseId="AGPL-3.0-or-later" isOsiApproved="true"
+ name="GNU Affero General Public License v3.0 or later">
<crossRefs>
<crossRef>http://www.gnu.org/licenses/agpl.txt</crossRef>
<crossRef>http://www.opensource.org/licenses/AGPL-3.0</crossRef>
</crossRefs>
<standardLicenseHeader>
Copyright (C)<alt name="copyright" match=".+">[year] [name of author]</alt>
- <p>
- This program is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, version 3.</p>
- <p>
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.</p>
-
- <p>
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see
+ <p>This program is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ <optional>(at your option)</optional> any later version. </p>
+ <p>This program is distributed
+ in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU Affero General Public License for more details.</p>
+ <p>You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see
<http<optional>s</optional>://www.gnu.org/licenses/></p>
</standardLicenseHeader>
<notes>That looks right to me. |
|
Have a look at lines 817–820, under "How to apply these terms to your program". It shows up on the website at the bottom of the page: https://spdx.org/licenses/AGPL-3.0-only.html , above a similar block of text at the very very end. They seem to be out of sync. https://github.com/spdx/license-list-XML/blob/master/src/AGPL-3.0-only.xml#L817-L820 |
That's the FSF's AGLP-3.0 appendix. As part of the AGPL-3.0 text, it belongs to both forms, and is what you'd expect in a |
|
I see your point, and you are correct.
However, if you will allow me, I would like to offer an alternative perspective: as far as I understand this page is sometimes read by license amateurs like me, not (only) license experts with intimate knowledge of licenses, the FSF, SPDX, etc. People on this page are likely to just be here to get something done (especially since npm links to this page), not so much learn a lot about licenses.
Here’s what an average human being might go through, just trying to get npm to work:
1. Try to create an npm project: npm init
2. Get to the license part. Get an error: "Sorry, license should be a valid SPDX license expression (without "LicenseRef"), "UNLICENSED", or "SEE LICENSE IN <filename>”.”
3. After a lot of googling, end up on https://spdx.org/licenses/
4. Choose a license. In this case, AGPL-v3-only.
5. Read: "How to Apply These Terms to Your New Programs”.
6. Follow the exact instructions: "attach the following notices to the program.”
7. They have now licensed their program under AGPL-3.0-or-later, not -only.
A license expert might read this and go, hey wait a second, I see that one block is copied from the FSF’s page about the AGPLv3 (which makes no distinction for -only, it’s always -or-later), but the SPDX copy/pasted that license PLUS the extra blurb about how to use it verbatim in their -only version of the AGPLv3 and added another, similar but-not-exactly-the-same blurb about how to apply the license, and since this is an adaptation by SPDX I should choose that one (which is the one lower on the page, even though that doesn’t actually say “here is how to use it”; that’s how to use it).
But I’m afraid the people reading this website are not (at least not all) license experts.
At the end of the day, the real license is actually the bit up until END OF TERMS AND CONDITIONS. The rest is a blurb by the FSF that explains how to use the license in your program. If the SPDX will copy that, without clearly marking it as such, it looks like it’s the SPDX recommendation for how to use the license.
I would suggest either snipping it off, or changing it appropriately (as is done in the extra bit, below).
What do you think?
… On 14 Mar 2018, at 12:09, W. Trevor King ***@***.***> wrote:
Have a look at lines 817–820, under "How to apply these terms to your program"...
That's the FSF's AGLP-3.0 appendix. As part of the AGPL-3.0 text, it belongs to both forms, and is what you'd expect in a COPYING file. -only and -or-later projects are distinguished by the license grant headers in other files outside of copying (e.g. a main.c), and that's the difference I pointed out in my earlier comment.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
I'd rather not remove upstream text, but I'd be fine with clearer instructions about what goes in |
|
see comment on this issue here #610 |
|
discussed on April 5 legal call: decided to "solve" this by adding a note to all the -only versions explaining why you see the "or later version" text in the license addendum (How to apply licnese section). This will need some wordsmithing, so we will accomplish this for 3.2 release. |
bradleeedmondson
changed the title
bradleeedmondson
changed the title
|
discussed on legal call 5/31; we think this will be OK with just adding a note, but want to take some time to think through the issue in light of the -only / -or-later work done earlier this year with FSF. Needs further discussion and then wordsmithing for the note text. |
|
What's the status on this? I was just looking at the LGPLv3/LGPLv3+ data, and would have expected the difference between the two to be reflected at least in the standard license header field. |
It is also something OpenChain Project is interested in: our Japanese Work Group has an active sub group on SPDX. |
|
ah, yes, this got lost in the cracks; have denoted for the next release, as I think the main task is to add some explanatory text. |
add explanatory text re: -only and -or-later delineation in standard license header (versus default text in full copy of license). proposed solution to #617
|
see #797 for this. add comments there |
ghost
mentioned this issue
Uh oh!
There was an error while loading. Please reload this page.
AGPL-3.0-only.xml contains the same text as AGPL-3.0-or-later.xml:
The text was updated successfully, but these errors were encountered: