Hi,
I found a problematic change in one of my packages:
https://github.com/KDE/kio-gdrive/commit/6321fda6294e3d021b7a2758c1200aa42debb021
This looks like a regression of license validity to me, because the
fulfillment of §17 of the GPL was removed from the affected files, and I suspect that we don't accept standalone SPDX declarations as valid in
ambiguous cases like this one...
Especially when they're as confusing as "GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL", when the provided GPL-3.0-only is
identical to the provided GPL-3.0-or-later, and the restriction of
"only" is not reflected in any headers nor the license text for
GPL-3.0-only.
Finally, the intent of David Barchiesi appears to have been GPL-2+ OR GPL-3+...with "KDE e.V." restriction on forward compatibility, but this
is not reflected in the provided
https://github.com/KDE/kio-gdrive/commit/6321fda6294e3d021b7a2758c1200aa42debb021#diff-39989992dd1286c14401f7fd5ddc9cdf08c61ebe75659cc148678f13b75049b6
Despite the mess, it appears that the licenses will evaluate to
bin:kio-gdrive as a whole being GPL-3.0-only work, but confidence in
that is low if SPDX declarations do not fulfill §17 of GPL.
I don't want to exploit the fact that the package is already in Debian
as a way to bypass what seems like it might otherwise have been an
ftpmaster reject.
Thank you in advance for your comments!
Nicholas
--=-=-Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE4qYmHjkArtfNxmcIWogwR199EGEFAl/SuXEACgkQWogwR199 EGF1IBAAsIU7r9uRMbSyvR5N2AqncfMOgLaHiH5pUqI7Ue8k/DIpLA/1HcdaJYwD WU6ltZ1qcrrBwZQjoqRQco3tV+WZGG3/8C1wy/1jg88TQWMf5naxmIjch1oqU7bn FahkINntkglugSfjFoZtEpOV9+7sGkhkMw5yKmaDCVqmVmFiIH+YAyTtQIVHBB4P +8f1jxjhTuEliuRkcx2m8MAB6gKiBfmPeTUVTd0AdgeWJ8JWxC1QQwQGIm078PJg 4oAKB9p56KX3gIMWKLUBG+Gr7JuMG4uDxcqIJlE8aujt8ltDFg+ltb/Eq2dh7rjL TddaZNeWDDuaZ64+ePKNpzT9d1EVA+EsZ2s8L1zW0dzyM1O8pO4v+Mpzv2Qw+QFj R0Ms5AkFi0R8J0T6lmQ9BEzdkF0SkWDG1jhL6CPV8jFRwiQE1KV2KJqMdzgUaNJC j4wg9MDaOHeIN9zm3GS+Gm+vnAHwcKdMi6rJbNpfOn9u7PmE+IuocWLoZiq2xdZW 402ZlaPltmcpg0dTqR8ESqXqqf9neyIZUgC9Baq3bbR9k+eBLMf8eiTvAX99unX3 Q9vNkI/qOPLkiKduiBUqj/5uqvrhLL7lC7eeGCtbZGEY2zFhy3YyTj+GWL8IB3Av 6e9rOcA4UVDyggYB9YNQyi6QXptA51gcdw1CYuZ/sGDp4KECSPU=JnIx
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)