Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Discrepancies between GPL 1.0 & 2.0 canonical texts and their associated SPDX templates #2568

Open
pmonks opened this issue Sep 24, 2024 · 5 comments
Assignees
Labels
minor updates to file URL update, notes update, etc.
Milestone

Comments

@pmonks
Copy link
Contributor

pmonks commented Sep 24, 2024

There are discrepancies between FSF's canonical GPL-1.0 and GPL-2.0 texts and their associated SPDX templates that cause matching to fail in downstream software that performs matching.

Specifically:

  • The canonical GPL-1.0 text no longer includes a physical address on line 6, and has added a URL in that location instead. Neither of these changes are taken into account in either the GPL-1.0-only or GPL-1.0-or-later SPDX templates.
  • Similarly, the canonical GPL-2.0 text now has a URL on line 6. While the GPL-2.0-only and GPL-2.0-or-later SPDX templates correctly handle the (now optional) physical address, neither of them handle the (presumably optional) URL that is now included in the canonical text.

Note: if the SPDX project has contacts over at the FSF it may be worth asking them if it might be possible to notify the SPDX project whenever they make changes of any kind to their license texts (even/especially "legally inconsequential" ones). Previous issues (including #2430, #2204, #1995, #1973, #1972) suggest that the FSF are quite liberal about making such changes and thereby inadvertently breaking SPDX license matching randomly.

@pmonks
Copy link
Contributor Author

pmonks commented Sep 24, 2024

It appears the same issue exists in the (old) LGPL variants too:

The LGPL-3.0-* SPDX templates appear to be aligned with the FSF's canonical LGPL-3.0 text, however. This issue also isn't relevant for the AGPL, since there's only a single version of that published by the FSF (AGPL-3.0).

@jlovejoy jlovejoy added this to the 3.26.0 milestone Oct 4, 2024
@jlovejoy jlovejoy added the minor updates to file URL update, notes update, etc. label Oct 4, 2024
@jlovejoy
Copy link
Member

jlovejoy commented Oct 4, 2024

good catch! And since the copyright notice in this (somewhat rare case) is on the license itself, this is not a situation where for matching purposes it might be ignored as part of the copyright notice.

the good news is that this can easily be accommodated with the alt tag.

@pmonks - do you want to prepare a PR?

@szepeviktor
Copy link
Contributor

Is the change in the sample copyright disclaimer relevant here?

-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
+  <signature of Moe Ghoul>, 1 April 1989
+  Moe Ghoul, President of Vice

https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

@jlovejoy
Copy link
Member

this just needs a PR to address these variations

@Pizza-Ria
Copy link
Contributor

+1 to merging the address vs URL change. Perhaps "The GNU Volunteer Coordinators gvc@gnu.org can assist you if you would like to help developing GNU software." would be a decent place to pose your query on notice re breaking changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
minor updates to file URL update, notes update, etc.
Projects
None yet
Development

No branches or pull requests

4 participants