Hi, It seems that we suffer a major problem of developers wrongly attributing *GPL-[23] licenses to ebuilds, when the correct variant is *GPL-[23]+. In proxy-maint, every second new package with LICENSE=GPL- [23] is plain wrong. I suspect part of the problem is that GitHub has poor man's license recognition that does not distinguish between 'vN only' and 'vN or newer' license variants, and similarly that a number of contributors don't bother checking the license beyond COPYING/README.
Another part of the problem is that we don't have a really good way of distinguishing verified correct uses of *GPL-[23]. So in the end, I end up verifying the same packages over and over again unless I remember that I've verified them. Therefore, I would like to suggest the following: 1. introducing additional *-only licenses that explicitly indicate that a newer version is not allowed, e.g. GPL-2-only, LGPL-3-only etc. 2. annotating the unsuffixed licenses with a warning that they may mean either x-only or x+ due to frequent mistake. 3. make repoman warn whenever non-specific variant is used, telling developers to verify whether it's x-only or x+. 4. start migrating packages to x-only or x+ appropriately. 5. eventually, remove the non-specific licenses and make repoman error out with clear explanation. What do you think? -- Best regards, Michał Górny
signature.asc
Description: This is a digitally signed message part
