[License-review] Submission: Python-2.0.1

Max Mehl Max.Mehl at deutschebahn.com
Tue May 19 12:52:36 UTC 2026 

Hi McCoy,

Let me start with the several parts of the license topic. As you may know, OSI approved Python-2.0 in exactly this form: https://opensource.org/license/Python-2.0
It contains the PSF, the BeOpen.com, the CNRI, and the CWI parts. The Python-2.0.1 version SPDX lists on their website ( https://spdx.org/licenses/Python-2.0.1.html ) has the very same structure. To not confuse consumers of OSI’s licensing information more than necessary and avoid conflicts with SPDX’s data, I would suggest to make an exception to the generally advisable rule you mentioned.

The same applies to CNRI-Python and the requested CNRI-Python-GPL-Compliant. It’s probably not used in the wild, but as the “old” version once has been approved and is the main reason why Python-2.0 is GPL-incompatible, an exception is acceptable IMHO.

Now, to the license text itself. As written in my initial message, I’ve attached the license text that SPDX communicates as Python-2.0.1, based on the text file in their license-list-data repo: https://github.com/spdx/license-list-data/blob/main/text/Python-2.0.1.txt

How to spot the difference? Python-2.0 often refers to Python 1.6b1, while Python-2.0.1 refers to Python 1.6.1 - the version, with which the GPL compatibility has been ensured, in the same step as Python 2.0.1.

Regarding the differences, the history itself is shortly explained by PSF/python.org here in their current licensing document as well as the 2.0.1 release notes: https://docs.python.org/3/license.html / https://www.python.org/downloads/release/python-201/
To ease your review, I’ve created a diff using GitHub’s diff display, which you can set to “Split” and “Unified”. Please see the diff of revision 5 (the latest at the moment of writing) here: https://gist.github.com/mxmehl/d3e8694e30fc94cc6517529b5441ebc5/revisions?diff=split&w
>From my understanding, aside from small wording and typographical edits as well as version and year bumps, the most significant content-wise change is in CNRI point 7 which heals the cause of GPL incompatibility (“Virginia clause”).

More analysis and interpretation has been collected in the license-discuss@ thread as well as the GitHub issues and SPDX mailing lists threads mentioned in my initial messages, so I won’t repeat them here.

Regarding work with the Python folks: my understanding from a multi-year effort to get PSF to finally get their license OSI approved is that they don’t have the resources (and seemingly little interest), so Deb agreed I can make this move in March 2026. I understand this isn’t optimal for OSI, but given that the license of one of the most used programming languages hasn’t been OSI-approved since 25 years hopefully warrants some tolerance.

Best,
Max


From: License-review <license-review-bounces at lists.opensource.org> on behalf of McCoy Smith <mccoy at lexpan.law>
Date: Friday, 15. May 2026 at 02:02
To: license-review at lists.opensource.org <license-review at lists.opensource.org>
Subject: Re: [License-review] Submission: Python-2.0.1


Max:

The file you attached appears to be the 2.0 version of the Python license not the 2.0.1 version, although the diff file appears to reflect the 2.0.1 version. Also, the 2.0.1 version seems to incorporate the CNRI-GPL compatible portion, which you've also separately asked to be approved (it is not clear to me if this is intended to be a request to approve it as a separate stand-alone license or as just a component of the Python 2.0.1. license; this is somewhat complicated by these licenses appearing to be concatenations of a list of multiple different licenses).

I understand that the Python licensing situation seems to be a mess, and the approvals at SPDX and OSI may not comport with long-standing licensing practice, but I think if there's a request for approval is required, we'd need to know exactly what actual licenses need approval (OSI doesn't approve separate parts of licenses, unless they are themselves stand-alone licenses being used in that way), and have a clear understanding of are the differences between older licenses that have been approved and what the current license for which approval is requested. Frankly, I'm having a real hard time doing that (the diff file isn't helping much as it doesn't really highlight differences, it just shows whole blocks that might or might not be identical being swapped out). I tried to do a compare in LibreOffice between what looks like 2.0.1. and 2.0 but that didn't help either.

Could you work with the folks at Python to put together a clearer explanation of what is the license or licenses that Python is using, how they differ from the license or licenses that have been approved in the past, and why those changes were made? I'm not sure what OSI has now is sufficient for us to make an intelligent analysis and decision on the various Python licenses.

McCoy Smith

On 3/20/2026 9:13 AM, Max Mehl wrote:
Dear all,

Following a discussion on license-discuss@<https://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/2026-March/022526.html> and a quick coordination with Deb from the Python Software Foundation (in Cc), I would like to propose that Python-2.0.1 be considered an officially approved (legacy) Open Source license. In the same step, I propose to mark Python-2.0 as either Superseded or Voluntarily Retired.

In parallel, I propose the same for CNRI-Python-GPL-Compatible, for which I opened a separate thread.

I will not repeat all the backstory but refer to the aforementioned discussion and spdx/license-list-XML#2197<https://github.com/spdx/license-list-XML/issues/2197>. In short: Python-2.0.1 is the license that most closely represents the license under which CPython has been published since 2001<https://www.python.org/downloads/release/python-201/> (in combination with 0BSD for documentation). In comparison with Python-2.0, which is already OSI approved, the most remarkable difference is an update in the CNRI portion to make it GPL compatible.

Attached, you will find the license text for Python-2.0.1 as made available by SPDX, as well as a diff file against Python-2.0 (ignoring formatting and some non-critical boilerplate texts to make things easier for you).

Best,
Max

--
Max Mehl
Open Source / Supply Chain
Enterprise-Team Chief Technology Office (CTO)
DB Systel GmbH / Deutsche Bahn

Schedule a meeting: cal.com/mxmehl<https://cal.com/mxmehl>


________________________________

Pflichtangaben anzeigen<https://www.deutschebahn.com/pflichtangaben/20260319>

Nähere Informationen zur Datenverarbeitung im DB-Konzern finden Sie hier: https://www.deutschebahn.com/de/konzern/datenschutz

_______________________________________________
The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.

License-review mailing list
License-review at lists.opensource.org<mailto:License-review at lists.opensource.org>
http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org


________________________________

Pflichtangaben anzeigen<https://www.deutschebahn.com/pflichtangaben/20260518>

Nähere Informationen zur Datenverarbeitung im DB-Konzern finden Sie hier: https://www.deutschebahn.com/de/konzern/datenschutz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20260519/9191ba5c/attachment-0001.htm>

More information about the License-review mailing list