From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alex Vong <alexvong1995@gmail.com>
Subject: Re: Question about multiple licenses
Date: Mon, 28 Aug 2017 18:45:20 +0800
Message-ID: <87mv6kj7i7.fsf@gmail.com>
References: <681c721c.AEQAPExWoDUAAAAAAAAAAAOtZhgAAAACwQwAAAAAAAW9WABZoSX-@mailjet.com>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50483)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <alexvong1995@gmail.com>) id 1dmHY2-0003yf-0E
	for guix-devel@gnu.org; Mon, 28 Aug 2017 06:45:39 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <alexvong1995@gmail.com>) id 1dmHXx-0005r7-N1
	for guix-devel@gnu.org; Mon, 28 Aug 2017 06:45:37 -0400
Received: from mail-pf0-x22e.google.com ([2607:f8b0:400e:c00::22e]:33771)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <alexvong1995@gmail.com>)
	id 1dmHXx-0005qU-D1
	for guix-devel@gnu.org; Mon, 28 Aug 2017 06:45:33 -0400
Received: by mail-pf0-x22e.google.com with SMTP id r62so365677pfj.0
	for <guix-devel@gnu.org>; Mon, 28 Aug 2017 03:45:33 -0700 (PDT)
In-Reply-To: <681c721c.AEQAPExWoDUAAAAAAAAAAAOtZhgAAAACwQwAAAAAAAW9WABZoSX-@mailjet.com>
	(Arun Isaac's message of "Sat, 26 Aug 2017 13:10:32 +0530")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Arun Isaac <arunisaac@systemreboot.net>
Cc: guix-devel <guix-devel@gnu.org>

--=-=-=
Content-Type: text/plain

Arun Isaac <arunisaac@systemreboot.net> writes:

> I'm packaging linkchecker.
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27468
>
> Different files of linkchecker have different license headers. The
> license field of the package is as follows:
>
> (license (list l:gpl2+
>                l:bsd-2 ; linkcheck/better_exchook2.py
>                l:bsd-3 ; linkcheck/colorama.py
>                l:psfl  ; linkcheck/gzip2.py
>                l:expat ; linkcheck/mem.py
>                l:isc   ; third_party/dnspython
>                l:asl2.0))
>
> gpl2+ is a stricter license than the other licenses, and covers the
> "program as a whole". So, do we really need to mention the other
> licenses, especially those licenses which cover only one source file? Is
> it a good idea to hide the multiple licenses from the user, and just
> mention gpl2+ as the license of the whole package?

OK, maybe this is a little bit late... But I would like to share my
opinions. I think there are actually two cases: 1. combining (L)GPL with
(L)GPL and 2. combining (L)GPL with non-(L)GPL.

For case 1, yes, the whole work can be re-licensed under the "stricter"
license, providing that we have the "or later" clause. So GPLv2+ with
LGPLv3+ can be re-licensed to GPLv3+, but GPLv2 with LGPLv3+ cannot be
re-licensed to GPLv3+, since the GPLv2 license does not have the
"or later" clause. For details, see the GPL compatibility matrix[0].

For case 2, well, the idea is the same. Unless the non-(L)GPL license
has an explicit clause allowing it to (recursively) re-license to
(L)GPL. For instance, CC-BY-SA-4.0 can be re-license to GPLv3, but BSD-2
cannot be re-license to GPLv3+.

Based on the above general argument, I think we should list all the
licenses instead of just GPLv2+ since it would be inaccurate to say that
the whole program is under just GPLv2+.

Also, in this particular case, since ASL2.0 is incompatible with GPLv2,
we actually need to take advantage of the "or later" clause, and
"upgrades" it to "GPLv3+". Listing the license as GPLv2+ would confuse
the user that GPLv2 covers the program, but in fact it is "effectively"
GPLv3.

Of course, I am not a lawyer. I only get the info from reading the
web. So I could be saying nonsense...

[0]: https://www.gnu.org/licenses/gpl-faq.en.html#AllCompatibility

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAlmj9EAACgkQxYq4eRf1
Ea7ooQ/9GkNiryFiDFltbidmmjrF2nJXjUSosCcADA4TXLb9F/7fBW0mboIbA8++
F/qsRfzo30XrhKOUFnFXvTpVFXJVFrv8Ng0tUPLvHeTxJKa5ahsAKJ276/w8yVtb
2dqQqCx7bT/IXHAPxUAhGnQ4HD4TkCsyzkWMhLUrrjHysm+Qt5Fx5LZWUEG4g2Yy
JtRK/ACgNPsp0FtYIBOIT208NXo/1hrNhs5w48/jR6tHbZ8VKrxTBeu3L2qn0/VL
iIBVlSGlRAy9+c2Z3YgSQazXdIk7F7x1JVcC3CjWqEgrHblRC8QxCjlCrq81Cuci
Wljp1Tg/U/iMDgjihPIBYNsZ3yg8Il8fO6txt2gMT3lcfcLbjJQ8L0xlFujaXda/
y5TT6UEJvaGdhoOG2mgjwV4RhRuTVnCalYwDf7pC+etmlb0y2CyuRRS1CWZqEAU2
+t6/57JqfjkKujf3eyINrw0Y8rX5MNG7xIR9bjGhWfmOoDFghRiYLZbb6FDYE2qB
8fHPAasQmrx/H2fSyBfu+UYXRDTInWCH8rjJkffuCUipZEi/2iIqkhi26XT7eRys
yihhEiIGa7LOipoMN82gp9rqbI7ErcqA3QzWbSj2BFWYzOwLhp+4knMd1TylPMLB
zjRhwWHGk6Y3QOUmxC06uxKmws5536EQ1jA2n5TCjRAq03Uhshw=
=AbfI
-----END PGP SIGNATURE-----
--=-=-=--