Re: SPDX Identifier in licenses/source headers


J Lovejoy
 

Hi Henri,

While Mark is right that there is no official recommendation by the SPDX working group, there does seem to be a bit of momentum forming around the use of:

SPDX-License-Identifier:  <identifier>

See http://wiki.spdx.org/view/Business_Team/Adoption#Use_of_META_Tags, although I suspect there are more than we’ve captured here.

Personally, I think this is a good thing and hope/expect to see more use of it.  I read some of the posts in the Apache Jira that Roger sent the link to - if Apache is looking for a short(er) form for file-level notices and wanted to adopt this form, that would be fantastic, as far as I’m concerned.  Obviously, up to the team at Apache,  



Jilayne
SPDX Legal Team co-lead
opensource@...


On Jun 8, 2015, at 7:46 PM, Henri Yandell <flamefew@...> wrote:

Thanks Mark.

Partly I was wondering if there was value in proposing a change to that Apache source header to include the SPDX identifier somehow. :)

Hen

On Mon, Jun 8, 2015 at 12:20 AM, Gisi, Mark <Mark.Gisi@...> wrote:

Hi Hen,

 

There is no recommendation by SPDX.org yet on whether to use SPDX short license identifiers within a file. There has been a fair amount of discussion with some concerns identified when *only* short identifiers are included in file headers. This is still an active discussion for which I anticipate a recommendation for a best practice will be made sometime in 2015.

 

As one of the largest producers of SPDX files, Wind River has come to the conclusion (for now) the best general practice is to use a standard license file notice if one exists. In the case of the Apache 2.0 license, that would be to include the following license notice in every file (as recommend by the appendix of the Apache 2.0 license):

 

Copyright [yyyy] [name of copyright owner]

Licensed under the Apache License, Version 2.0 (the "License"); 
you may not use this file except in compliance with the License. 
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software 
distributed under the License is distributed on an "AS IS" BASIS, 
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
See the License for the specific language governing permissions and 
limitations under the License.

This is easy to identify by many SPDX generation tools today. This is also a best practice followed by the Apache Foundation (along with including a full copy of the Apache 2.0 in LICENSE.txt). It is my opinion that the Apache Foundation approach for managing license information in source code represents the current gold standard. An approach where a clear simple license notice appears at the top of every source file, eliminating license ambiguity that is commonly found in many other easily accessible source code repositories.

 

- Mark

 

 

Mark Gisi | Wind River | Director, IP & Open Source

Tel (510) 749-2016 | Fax (510) 749-4552

 

 

From: spdx-tech-bounces@... [mailto:spdx-tech-bounces@...] On Behalf Of Henri Yandell
Sent: Saturday, June 06, 2015 10:09 AM
To: spdx-tech@...
Subject: SPDX Identifier in licenses/source headers

 

 

What would be the correct tag to put in a license and license source header to make life easier for SPDX?

 

I see 'SPDX-License-Identifier' referenced in 2013 emails, but searching the spec doesn't find that.

 

As an example, If I've an Apache 2.0 license, should I be inserting 'SPDX-License-Identifier: Apache 2.0' into the LICENSE.txt and each source header?

 

If that's the case, is there any best practice location to put it in?

 

Thanks,

 

Hen


_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal

Join Spdx-legal@lists.spdx.org to automatically receive all group messages.