* Russ Allbery <r...@debian.org> [2023-09-10 09:16]:
In order to structure the discussion and prod people into thinking about the implications, I will make the following straw man proposal. This is what I would do if the decision was entirely up to me:Licenses will be included in common-licenses if they meet all of the following criteria:* The license is DFSG-free. * Exactly the same license wording is used by all works covered by it. * The license applies to at least 100 source packages in Debian. * The license text is longer than 25 lines.In the thread so far, there's been a bit of early convergence around my threshold of 100 packages above. I want to make sure people realize that this is a very conservative threshold that would mean saying no to most new license inclusion requests. My guess is that with the threshold set at 100, we will probably add around eight new licenses with the 25 line threshold (AGPL-2, Artistic-2.0, CC-BY 3.0, CC-BY 4.0, CC-BY-SA 3.0, CC-BY-SA 4.0, and OFL-1.1, and I'm not sure about some of those because the CC licenses have variants that would each have to reach the threshold independently; my current ad hoc script does not distinguish between the variants), and maybe 10 to 12 total without that threshold (adding Expat, zlib, some of the BSD licenses). This would essentially be continuing current practice except with more transparent and consistent criteria. It would mean not including a lot of long legal license texts that people have complained about having to duplicate, such as the CDDL, CeCILL licenses, probably the EPL, the Unicode license, etc. If that's what people want, that's what we'll do; as I said, that's what I would do if the choice were left entirely up to me. But I want to make sure I give the folks who want a much more relaxed standard a chance to speak up.
For me, this outcome would already be an improvement over the current situation and alleviate my biggest pain point (CC licenses). Still, I'd like to be significantly more relaxed. I propose the following three criteria must be satisfied for inclusion in /usr/share/common-licenses: * The license is DFSG-free. * Exactly the same license wording is used by all works covered by it. * The license is in the SPDX list of common licenses (https://spdx.org/licenses/) OR The license applies to at least 100 source packages in Debian. I am not committed to the 100 source packages threshold, it is mostly intended as fallback for a hypothetical future license which is super popular but for some reason does not make it to the SPDX list in a timely manner. One very intentional side effect of my proposal is a nudge towards using SPDX License Identifiers in d/copyright files. Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯
signature.asc
Description: PGP signature
