Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
After reading https://github.com/webjars/webjars/issues/1127#issuecomment-120786134, I think we should revisit using a single line for licensing. Not sure if we need AND/OR support or to simply differentiate between the licensing options and the license that allowed the asset to be included with a project.
See also: SPDX Specification 2.0: Composite License Expressions.
Tasks:
- Document the precise semantics of the conjunctions used (OR, AND, AND LATER).
2015-08-11: Added to documentation. - Decide whether abandon the single line format for the
license
key.
2015-08-11: Keep the single line format (i.e. won't fix).
Comments
Comment #1
gisleI'll look at this ASAP, and try to get something ready for review before the weekend.
Comment #2
gisleI've started looking at this. Here are the relevant quote from the GitHub issue linked in the summary addressing the challenge of allowing multiple licenses to be specified:
So they've standardized on the natural language interpretation of OR (a choice between alternatives). I think that is a good choice.
The semantics of AND is not specified, but by extention, I presume that the AND operator is means that the downstream user can't choose, but must continue to license derivatives under all listed licenses. Such an AND will not applicable to code in the Drupal.org, as would not be compatible with Drupal policy for code (GPLv2+), but AND may be used for non-code?
Drupal.org has also introduced its own expression
GPLv2 AND LATER
, abbreviatedGPLv2+
. We know the semantics of this: It means "GPLv2, but with an option for downstream recipients to choose a later version of the GPL".I've also taken a look at the syntax used by SPDX expressions, and reproduced some examples:
{ "license" : "(ISC OR GPL-3.0)" }
{ "license" : "SEE LICENSE IN <filename>" }
Here is another quote from the GitHub issue linked in the summary:
I am not convinced that moving away from the natural language single line format we currently use is a good idea. This is supposed to be human readable, and then natural language makes a good choice.
I've updated the issue summary with the tasks I think follows from this. Please add more tasks as you see fit.
Comment #3
gisleTypo
Comment #4
gisleI've looked at it and do not think we should move away from the single line format for licenses.
As for semantics it looks like “and” and “or” are both used to list multiple licenses. As far as I have been able to tell, they do not differ in semantivs: If multiple licenses are listed, it is always assumed that the user can select any of them, not that they must accept all.
I've added a note about this to the documentation, and believe that this resolves this issue.
Please review.
Unless there are any objections in the next two weeks, this will be closed as "won't fix" in about two weeks.
Comment #5
kreynen CreditAttribution: kreynen at University of Colorado Boulder commentedSo when dealing with an AND situation, the project maintain should add any assets where a parent asset uses a different independently?
Comment #6
gislekreynen wrote:
I am sorry, but I do not understand the question.
What is the semantics of an “AND situation”, ans how does it differ from an “OR situation”?
Could you link to some real life project where an “AND situation” exists?
Comment #7
kreynen CreditAttribution: kreynen at University of Colorado Boulder commentedThis comes up all the time. Most recently in #1857042: [jquery_update] 3rd party libraries, #1442460: Add OpenLayers to whitelist, and #2546941: Color Thief, but I probably find a file with a license other then license given to main project in 50% of the whitelist requests. In most cases that file came from another project, but in others someone just decided to use a different license like CC-BY on the CSS or documentation.
Comment #8
gisleOK, so the situation you're talking about is where a project includes several independent components, and these components are not all under the same license.
In that case, each component shall require an independent entry in the
LWG_NOTICE.yml
, with its own unique identifier (i.e. not all licenses in use in the repo listed on a single line with the conjuction "and").This way of indicating different licenses for different components have always been supported by the suggested format, and will not require format redesign.
Comment #9
gisleComment #10
gisle