Always indicating license versions (was: Re: [150207] trunk/dports/perl/p5-net-cidr-lite/Portfile)

Fri Jul 15 20:21:45 PDT 2016

On Jul 15, 2016, at 3:21 PM, Daniel J. Luke wrote:
> On Jul 14, 2016, at 11:13 PM, Ryan Schmidt wrote:
>>> I'm asking what the utility is of having a middle ground between "we know what this license is" and "we don't know what this license is" 
>> 
>> The utility is: people often submit new Portfiles in tickets in the issue tracker and indicate "license GPL". This means we have to then ask the submitter if they really meant any version of GPL, which is unusual and used almost exclusively for Perl software, or whether they did not research what version of GPL applies. If we instead decided to use "GPL-1+" to indicate "really, any version of GPL", and a Portfile was submitted indicating "license GPL-1+", then we would know that any version of GPL is acceptable without having to ask, and if the submitted Portfile indicated "license GPL", then we would know that the user failed to indicate which versions apply.
> 
> so you're really just advocating that we remove the un-versioned license shortcut totally?

For licenses that have versions, I suppose yes, I am advocating that we always specify the version. GPL and LGPL are the only licenses I can think of where the problem occurs with regularity. Most other licenses that have versions don't have clauses that say you can use later versions of the license, so we already know that if a port says "license Apache" that's a mistake; it should have said "Apache-1.1" or "Apache-2".

> it's not clear to me that it's a net win (or that it's worthwhile in this case to try to engineer a solution to someone submitting something that is incorrect).

No engineering effort is needed; MacPorts already supports my proposal. I'm just suggesting we make a policy change in how we indicate licenses, so that we can differentiate two currently indifferentiable situations.

> Maybe lint --nitpick should emit a warning on unversioned licenses (for the ones that have versions?)

As I said, we do not currently distinguish the two cases. Under our current policy, if someone were to write "GPL-1+", someone else would likely come along and change that to "GPL" because that is currently considered to be equivalent and canonical. My proposal is that we change our policy, so that we could then do any number of things, including adjusting `port lint` in the way you suggest. Sounds like you are in favor of such a policy change.

>>> Or, I'm arguing that if it's unclear what version of a license applies, we should treat it the same as not knowing what license applies.
>> 
>> We currently employ the same syntax (e.g. "GPL") for indicating "any version of this license is OK" and "somebody forgot to specify what version of this license is OK". I'm suggesting we should adopt syntax so that we can differentiate those two cases.
> 
> No, the syntax of license GPL means "any version of the GPL". People maybe don't realize that (our documentation of license stuff and binary distribution rules probably needs to be improved).
> 

> You're not going to be able to systematically know whether people are making a mistake, and knowing "person made a mistake" in the license field isn't useful to the ports system (only useful to a human reviewer who can correct the Portfile).

It is indeed the human reviewer of whom I'm thinking here. I agree the problem is that new contributors don't realize the mistake they're making here. New contributors usually make many mistakes in the portfiles they submit and it's up to reviewers to catch them and educate. This license problem is somewhat unique however because if the port says "license GPL" it *could* be correct, but it's probably a mistake. If we change our policy, then I will *know* that "license GPL" is a mistake because it does not specify a version.