Alias Decisions
This page keeps track of alias decisions we did for LicenseLynx when we discovered ambiguity.
GNU Licenses: -only as the Risky Default (Issues #75, #86)
Ambiguous GNU license aliases that don't encode -only or -or-later are mapped to the -only variant on
the risky map.
Rule
For aliases like gpl-2.0, GPLv2, GPL v2, GNU General Public License v2, we place them into the -only files but in the risky list.
If an automated source maps suffixless aliases to -or-later, we keep those aliases out of the -or-later files so future auto-updates do not reintroduce them there.
Exceptions kept on the stable map as exact matches:
| Alias (exact) | Resolves to | Reason |
|---|---|---|
GPL-2.0 |
GPL-2.0-only |
Deprecated SPDX ID, explicitly -only per SPDX history |
GPL-2.0+ |
GPL-2.0-or-later |
Deprecated SPDX ID, explicitly -or-later |
The same pattern applies to every <family>-<version> / <family>-<version>+ deprecated SPDX ID.
Reasoning
The FSF's guidance on identifying GNU licenses (gnu.org/licenses/identify-licenses-clearly) recommends making the chosen variant explicit. Bare version references remain ambiguous because the actual license can depend on the license file, source headers, or REUSE/SPDX tags that LicenseLynx does not inspect.
We also contacted Richard Stallman and asked him for his opinion, and his answer was the following quote:
Richard Stallman's answer
I suggest you urge them to make it unambiguous.
After further discussion in #83, we changed the risky default from -or-later to -only.
If GPL 2.0 was intended as GPL-2.0-or-later, mapping it to GPL-2.0-only omits a permitted later-version option.
If it was intended as GPL-2.0-only, mapping it to GPL-2.0-or-later would add license options the licensor may not have granted.
The latter mistake has a higher impact, so ambiguous GNU versioned aliases resolve to -only only when callers opt into risky mappings.
Scope
Applies to all GNU license families with -only / -or-later variants:
- GPL 1.0, 2.0, 3.0
- LGPL 2.0, 2.1, 3.0
- AGPL 1.0, 3.0
- GFDL 1.1, 1.2, 1.3
PyPI Classifiers
PyPI trove classifiers like License :: OSI Approved :: GNU General Public License v2 (GPLv2) encode no -only/-or-later distinction and
are treated similar to the other aliases, i.e. mapped to -only on the risky map.