[License-review] Submission: Python-2.0.1
Joshua Gay
j.gay at ieee.org
Tue May 19 16:46:59 UTC 2026
Hi Max,
I am an outsider just observing the thread. This seems kind of exhausting
so I thought maybe I would jump in offlist and see if I can be helpful
(hopefully I can!)
My impression is that the primary issue is not opposition to the substance
of your request, but rather that the submission materials don't fit well
with OSI's normal approval structure.
To make that clear, it may be easiest to just split this nto three separate
submissions, with each individual submission fitting with how OSI normally
processes and approves stuff.
Something like:
Submission A. Approval of Python-2.0.1 as an OSI-approved legacy license.
Submission B. Approval of CNRI-Python-GPL-Compatible as a standalone
historical legacy license.
Submission C. Request Python-2.0 Historical Clarification from OSI
Below is a possible structure you could maybe use. When I was licensing and
compliance manager for the FSF years ago, I do remember reading the license
and thinking a little on it. But that was long ago so I don't trust if I
got the facts correct, below!
---
Submission A: Python-2.0.1
Requested Action
Request that OSI approve Python-2.0.1 as an OSI-approved legacy Open Source
license.
Request additionally that OSI recognize Python-2.0.1 as the GPL-compatible
historical licensing form associated with CPython releases beginning with
Python 2.0.1.
Canonical Artifacts
OSI-approved predecessor:
https://opensource.org/license/Python-2.0
SPDX canonical text:
https://spdx.org/licenses/Python-2.0.1.html
SPDX source text:
https://github.com/spdx/license-list-data/blob/main/text/Python-2.0.1.txt
Historical Python release:
https://www.python.org/downloads/release/python-201/
Relationship to Existing Approved License
Python-2.0.1 preserves the same overall historical structure already
approved by OSI for Python-2.0, including the PSF, BeOpen, CNRI, and CWI
portions.
Primary Substantive Difference
The principal substantive change between Python-2.0 and Python-2.0.1 is the
revision to the CNRI clause associated with GPL compatibility concerns
(including the choice-of-law "Virginia clause").
Python-2.0 references Python *1.6b1-era* licensing text. Python-2.0.1
references Python *1.6.1-era* licensing text.
Outside of the GPL-compatibility revision, remaining changes are more or
less references, dates, and non-substantive wording.
Minimal Delta Summary
Python-2.0 contains the earlier CNRI language associated with GPL
incompatibility concerns.
Python-2.0.1 replaces that language with the revised GPL-compatible form.
No new restrictions, field-of-use limitations, royalty requirements, or
discriminatory provisions are introduced relative to Python-2.0 in the text
of Python-2.0.1.
Historical Rationale
Python-2.0.1 is the license most closely associated with the license
CPython has been distributed under since 2001 (happy 25th!)
That's why SPDX tracks Python-2.0.1 as *the* GPL-compatible Python license.
This request is primarily intended to align longstanding Python
distribution practice, SPDX classification, and OSI approval records.
---
Submission B: CNRI-Python-GPL-Compatible
Requested Action
Request approval of CNRI-Python-GPL-Compatible as a standalone historical
legacy license.
Canonical Artifacts
SPDX canonical text:
https://spdx.org/licenses/CNRI-Python-GPL-Compatible.html
Relationship to Python-2.0.1
This text corresponds to the GPL-compatible revision of the CNRI portion
incorporated into Python-2.0.1.
Clarification of Intent
This submission requests recognition of the GPL-compatible CNRI text as a
separately identifiable historical license artifact, not merely as an
embedded component within Python-2.0.1.
Rationale
SPDX tracks CNRI-Python-GPL-Compatible independently, and the
GPL-compatible revision is central to the historical distinction between
Python-2.0 and Python-2.0.1.
---
Submission C: Python-2.0 Historical Clarification
Requested Action
This submission requests that OSI clarify the historical relationship
between Python-2.0 and Python-2.0.1 in the OSI license records.
Rationale
Python-2.0.1 more accurately reflects the GPL-compatible licensing form
associated with CPython distribution beginning in 2001.
This request is not intended to invalidate Python-2.0 historically, but
rather to reduce confusion between the earlier Python-2.0 form and the
GPL-compatible Python-2.0.1 form tracked by SPDX and associated with
subsequent CPython distribution.
Best,
Josh
Joshua Gay
Sr. Manager SA Open Source Community & Infrastructure
https://saopen.ieee.org
m: +1 617.966.9792
meet: https://calendly.com/jgay-ieee
On Tue, May 19, 2026, 6:56 AM Max Mehl <Max.Mehl at deutschebahn.com> wrote:
> Hi McCoy,
>
> Let me start with the several parts of the license topic. As you may know,
> OSI approved Python-2.0 in exactly this form:
> https://opensource.org/license/Python-2.0
> It contains the PSF, the BeOpen.com, the CNRI, and the CWI parts. The
> Python-2.0.1 version SPDX lists on their website (
> https://spdx.org/licenses/Python-2.0.1.html ) has the very same
> structure. To not confuse consumers of OSI’s licensing information more
> than necessary and avoid conflicts with SPDX’s data, I would suggest to
> make an exception to the generally advisable rule you mentioned.
>
> The same applies to CNRI-Python and the requested
> CNRI-Python-GPL-Compliant. It’s probably not used in the wild, but as the
> “old” version once has been approved and is the main reason why Python-2.0
> is GPL-incompatible, an exception is acceptable IMHO.
>
> Now, to the license text itself. As written in my initial message, I’ve
> attached the license text that SPDX communicates as Python-2.0.1, based on
> the text file in their license-list-data repo:
> https://github.com/spdx/license-list-data/blob/main/text/Python-2.0.1.txt
>
> How to spot the difference? Python-2.0 often refers to Python 1.6b1, while
> Python-2.0.1 refers to Python 1.6.1 - the version, with which the GPL
> compatibility has been ensured, in the same step as Python 2.0.1.
>
> Regarding the differences, the history itself is shortly explained by PSF/
> python.org here in their current licensing document as well as the 2.0.1
> release notes: https://docs.python.org/3/license.html /
> https://www.python.org/downloads/release/python-201/
> To ease your review, I’ve created a diff using GitHub’s diff display,
> which you can set to “Split” and “Unified”. Please see the diff of revision
> 5 (the latest at the moment of writing) here:
> https://gist.github.com/mxmehl/d3e8694e30fc94cc6517529b5441ebc5/revisions?diff=split&w
> From my understanding, aside from small wording and typographical edits as
> well as version and year bumps, the most significant content-wise change is
> in CNRI point 7 which heals the cause of GPL incompatibility (“Virginia
> clause”).
>
> More analysis and interpretation has been collected in the license-discuss@
> thread as well as the GitHub issues and SPDX mailing lists threads
> mentioned in my initial messages, so I won’t repeat them here.
>
> Regarding work with the Python folks: my understanding from a multi-year
> effort to get PSF to finally get their license OSI approved is that they
> don’t have the resources (and seemingly little interest), so Deb agreed I
> can make this move in March 2026. I understand this isn’t optimal for OSI,
> but given that the license of one of the most used programming languages
> hasn’t been OSI-approved since 25 years hopefully warrants some tolerance.
>
> Best,
> Max
>
>
> *From: *License-review <license-review-bounces at lists.opensource.org> on
> behalf of McCoy Smith <mccoy at lexpan.law>
> *Date: *Friday, 15. May 2026 at 02:02
> *To: *license-review at lists.opensource.org <
> license-review at lists.opensource.org>
> *Subject: *Re: [License-review] Submission: Python-2.0.1
>
> Max:
>
> The file you attached appears to be the 2.0 version of the Python license
> not the 2.0.1 version, although the diff file appears to reflect the 2.0.1
> version. Also, the 2.0.1 version seems to incorporate the CNRI-GPL
> compatible portion, which you've also separately asked to be approved (it
> is not clear to me if this is intended to be a request to approve it as a
> separate stand-alone license or as just a component of the Python 2.0.1.
> license; this is somewhat complicated by these licenses appearing to be
> concatenations of a list of multiple different licenses).
>
> I understand that the Python licensing situation seems to be a mess, and
> the approvals at SPDX and OSI may not comport with long-standing licensing
> practice, but I think if there's a request for approval is required, we'd
> need to know exactly what actual licenses need approval (OSI doesn't
> approve separate parts of licenses, unless they are themselves stand-alone
> licenses being used in that way), and have a clear understanding of are the
> differences between older licenses that have been approved and what the
> current license for which approval is requested. Frankly, I'm having a real
> hard time doing that (the diff file isn't helping much as it doesn't really
> highlight differences, it just shows whole blocks that might or might not
> be identical being swapped out). I tried to do a compare in LibreOffice
> between what looks like 2.0.1. and 2.0 but that didn't help either.
>
> Could you work with the folks at Python to put together a clearer
> explanation of what is the license or licenses that Python is using, how
> they differ from the license or licenses that have been approved in the
> past, and why those changes were made? I'm not sure what OSI has now is
> sufficient for us to make an intelligent analysis and decision on the
> various Python licenses.
>
> McCoy Smith
> On 3/20/2026 9:13 AM, Max Mehl wrote:
>
> Dear all,
>
> Following a discussion on license-discuss@
> <https://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/2026-March/022526.html> and
> a quick coordination with Deb from the Python Software Foundation (in Cc),
> I would like to propose that Python-2.0.1 be considered an officially
> approved (legacy) Open Source license. In the same step, I propose to mark
> Python-2.0 as either Superseded or Voluntarily Retired.
>
> In parallel, I propose the same for CNRI-Python-GPL-Compatible, for which
> I opened a separate thread.
>
> I will not repeat all the backstory but refer to the aforementioned
> discussion and spdx/license-list-XML#2197
> <https://github.com/spdx/license-list-XML/issues/2197>. In short:
> Python-2.0.1 is the license that most closely represents the license under
> which CPython has been published since 2001
> <https://www.python.org/downloads/release/python-201/> (in combination
> with 0BSD for documentation). In comparison with Python-2.0, which is
> already OSI approved, the most remarkable difference is an update in the
> CNRI portion to make it GPL compatible.
>
> Attached, you will find the license text for Python-2.0.1 as made
> available by SPDX, as well as a diff file against Python-2.0 (ignoring
> formatting and some non-critical boilerplate texts to make things easier
> for you).
>
> Best,
> Max
>
> --
>
> *Max Mehl*
>
> Open Source / Supply Chain
>
> Enterprise-Team Chief Technology Office (CTO)
>
> DB Systel GmbH / Deutsche Bahn
>
>
> Schedule a meeting: cal.com/mxmehl
>
>
>
> ------------------------------
>
> Pflichtangaben anzeigen
> <https://www.deutschebahn.com/pflichtangaben/20260319>
>
> Nähere Informationen zur Datenverarbeitung im DB-Konzern finden Sie hier:
> https://www.deutschebahn.com/de/konzern/datenschutz
>
> _______________________________________________
> The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.
>
> License-review mailing listLicense-review at lists.opensource.orghttp://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
>
> ------------------------------
>
> Pflichtangaben anzeigen
> <https://www.deutschebahn.com/pflichtangaben/20260518>
>
> Nähere Informationen zur Datenverarbeitung im DB-Konzern finden Sie hier:
> https://www.deutschebahn.com/de/konzern/datenschutz
> _______________________________________________
> The opinions expressed in this email are those of the sender and not
> necessarily those of the Open Source Initiative. Communication from the
> Open Source Initiative will be sent from an opensource.org email address.
>
> License-review mailing list
> License-review at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20260519/7f9c3273/attachment-0001.htm>
More information about the License-review
mailing list