chore: Have license content match gemspec

[thompson-tomo]

This updates the gemspec to explicitly mention the GPL license as per the license files which also make clear the license expression.

This ensures that tools such as Fossa are not generating false positives for using just GPL licenses in Apache licensed projects.

[kou]

The (original) Ruby license is a dual-license of the Ruby's original license (that is described in LICENSE.rdoc) and GPL.

FYI: The current Ruby license is a dual-license of the Ruby's original license and BSD-2-Clause.

If we remove the GPL part, it means that we change our license. (Single-license not dual-license)

[thompson-tomo]

I understand however the gemspec describes it as having a single licence ruby https://github.com/ruby/rdoc/blob/master/rdoc.gemspec which differs to the file hence creates a disconnect.

[kou]

Ruby means dual-license not single-license.

[thompson-tomo]

As per https://spdx.org/licenses/Ruby.html, the licence identifier ruby is a single licence type with the 6 conditions outlined which is different to the ruby project which is explained as:

Ruby is disjunctively licensed project that allows the choice of this license and another.

Further based on https://guides.rubygems.org/specification-reference/#license= the gemspec is currently pointing to just those 6 conditions.

What I have now done is updated the gemspec to contain both licences and made the license file explicit in its license identifier.

[kou]

Why did you ignore the "Notes" part?

Ruby is disjunctively licensed project that allows the choice of this license and another. The other license choice has changed over time (from GPL originally, to BSD-2-Clause currently), so one needs to be aware of that change. The Ruby License itself is un-versioned, but has varied a bit over the years, the last substantive variation being in 2002.

I don't object that we also mention GPL-2.0-or-later explicitly because Ruby may refer GPL-2.0-or-later or BSD-2-Clause.

[thompson-tomo]

Thanks for spoting the issue with the spdx-id.

I did not ignore the notes part, in fact it supports the change here and is why I included the key extract. This is because the note hightlights that the ruby license is not the same as the license used by the Ruby project. This is because the project allows a choice between the ruby license and either gpl/BSD.

[kou]

Oh, sorry. I misunderstood that you cited other part. I don't think that it means that Ruby SPDX ID is single-license but I'm not good at English.

[thompson-tomo]

No worries, key thing is the content under the text heading is classified as the license.

[rhenium]

I don't object that we also mention GPL-2.0-or-later

Do you mean GPL-2.0-only?

https://github.com/ruby/ruby/blob/2cd6800fd8437b1f862f3f5c44db877159271d17~/COPYING

[rhenium]

Related issues: #401 #924

I think an SPDX-License-Identifier comment is typically used to declare the license of the file it is attached to, so attaching it to LICENSE.rdoc feels a bit unusual.

[kou]

https://redmine.ruby-lang.org/issues/2032

Oh, I misunderstood that Ruby license uses GPL-2.0-or-later not GPL-2.0-only. We should use GPL-2.0-only not GPL-2.0-or-later.

[thompson-tomo]

Agree it feels counter-intuitive to also specify the expression but this way we can be sure that the 2 licence types are being combined into an expression as expected when tooling is scanning the gem.

#924 is similar however alot broader whereas this is focused on licence and gemspec being sync.

I have updated the expression to now use GPL-2.0-only.