From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AD46C433EF for ; Wed, 8 Jun 2022 19:31:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232291AbiFHTbT (ORCPT ); Wed, 8 Jun 2022 15:31:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44284 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229830AbiFHTbT (ORCPT ); Wed, 8 Jun 2022 15:31:19 -0400 Received: from protestant.ebb.org (protestant.ebb.org [50.56.179.12]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1703C1E7372 for ; Wed, 8 Jun 2022 12:31:18 -0700 (PDT) Received: from localhost (unknown [216.161.86.18]) (Authenticated sender: bkuhn) by protestant.ebb.org (Postfix) with ESMTPSA id 555288208F; Wed, 8 Jun 2022 12:31:17 -0700 (PDT) Date: Wed, 8 Jun 2022 12:29:10 -0700 From: "Bradley M. Kuhn" To: Richard Fontana Cc: Allison Randal , Thomas Gleixner , linux-spdx@vger.kernel.org Subject: Re: [Batch 1 - patch 12/25] treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_208.RULE Message-ID: References: <87bkv55yxh.ffs@tglx> <87y1y8xrzx.fsf@ebb.org> <87a6ao3wij.ffs@tglx> <7c5e1900-7a9b-ac6a-87ab-bf0d38f70f26@lohutok.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-spdx@vger.kernel.org On Wed, Jun 8, 2022 at 1:24 PM Bradley M. Kuhn wrote: > > Without this external file, how is anyone to know without digging through > > Git logs *whether* a warranty disclaimer used to be there or not? … > > Part of the reason we're struggling with this is that SPDX *should have* > > provided identifiers for the items that GPLv2 allows to vary in > > presentation and terms of the licenses! > Richard Fontana replied later that day: > This is an interesting point. SPDX identifiers were I think originally > meant to refer to license texts, not license notices, except for the > "or-later" vs. "only" issue found in the GPL family. Thanks, Fontana, you've stated the problem clearly and succinctly. IOW (if I'm following you correctly), the fundamental issue here is that linux-spdx project is using license *text* monikers to replace license *notices*, but GPLv2 permits variance in license *notices* that *are* legally significant. (And, GPLv2 compliance requires keeping such notices in tact.) * * * Meanwhile, if you at Red Hat were (at least at one time) encouraging a legally different warranty disclaimer notice for employees to use upstream … > To be a little clearer about why this bothers me a little bit. I know that > in the past the FSF gave public guidance to companies that it was okay to > tack on materially different warranty and liability disclaimer language to > GPL notices (or, say, in global product license agreements). (GPLv3 > codifies this in its section 7.) Also, earlier in my time at Red Hat I went > through a period where I was recommending to developers to include some > disclaimer language that differed from what you have in the traditional GPL > boilerplate. The point is that there are cases where the materially > different language is deliberate and reflected the legal preferences of the > contributor (or contributor's employer) in question … then, odds are, other companies did (or even still do) as well. -- bkuhn