Re: New OSI-approved licenses

J Lovejoy

Hi Rob,

I did not add any explanatory text as per your request. Like you said, we can cross that bridge if/when we get questions.

By way of background or reminder for those who don’t know all the history:
The point of the SPDX License List is to provide a reliable way to identify common open source licenses. The short identifiers are key here - whether used in an SPDX document, or used in a host of other places where being able to refer to a license in a concise and reliable way is helpful. When the OSI declared their support for SPDX some years ago and began to include the SPDX short identifiers in brackets after the license names and then changed the URLs to use the short identifiers, this was great alignment in terms of spreading the word and encouraging consistency. There was actually a fair amount of work involved; making sure SPDX had all OSI-approved licenses on the SPDX License List meant taking a very thorough look at the list, license text, etc. I am forever grateful for the awesome collaborative effort we enjoyed to this end, thanks specifically to (former) OSI board members, Karl Fogel, John Cowan, and Luis Villa.

At that time, the OSI had not approved a new license in some time, so it was easy to get up-to-date. What we failed to establish, although it has been talked about on a couple occasions, was a process for making sure that when OSI approves a new license, SPDX gets a heads-up so we can also add it to the SPDX License List, including the important task of determining the short identifier, which the OSI can then include and use as they do/have. We will certainly be looking to improve that communication going forward.

Of course, even that may not have helped in this rather odd (I hope) situation of someone submitting a license to the OSI who was not the author of the license, under a different name, and after it had already been submitted/added to the SPDX License List by the license’s author. As stated previously, the best outcome here, was if the person who submitted the license to OSI to understand the importance of a consistent way to identify the same license and concede to changing the OSI submission to the name you had already been using, as the author of the license.

I can understand your frustration and having the same license under two different names (anywhere for that matter!) is not optimal.

In any case, I think an important thing to note here and which seems to have gotten lost in the thread is the reason you stated as to why you submitted it to SPDX:
"Either Samsung or Sony (I forget which) asks me to submit the the toybox
license to SPDX to simplify their internal paperwork:"

People and companies are using the SPDX License List. We never can really quantify who and how, but that a big company asked you to submit your license to be on the SPDX License List is a great indicator of the usefulness of the SPDX License List. :)

In any case, thanks for all your input and time.


SPDX Legal Team co-lead

On Dec 17, 2015, at 5:12 PM, Rob Landley <rob@...> wrote:

On 12/17/2015 02:46 PM, J Lovejoy wrote:
On Dec 17, 2015, at 1:25 PM, Rob Landley <rob@...> wrote:

On 12/17/2015 12:38 PM, J Lovejoy wrote:
That sounds like a reasonable result, all things considered.
I don't care what OSI does.

I’ll add a note to the Notes field of Zero Clause BSD License
to the same effect on the upcoming release of the SPDX License List.
Please don't. Pretty please?

Hi Rob,

What I had in mind was: where it says “Note” on this page, to add something along
the lines of capturing the following facts:
It's not the wording. It's acknowledging their mistake's existence.

"There is a license that the OSI approved after this license was added
to the SPDX License List and which is identical to this license, but
referred to there as "Free Public License 1.0.0”. Apart from the name,
the only difference is that the Free Public License is used without a
copyright notice, whereas the Zero Clause BSD License has generally
been used with a copyright notice. This difference, as per the SPDX
License List Matching Guidelines, is inconsequential for matching

By adding some info, we avoid someone later asking why there are there
are different names for essentially the same license on SPDX and OSI.
And by adding that info, I get those questions, so I need to update my
license.html page to preemptively explain about OSI. I was hoping not to
open that can of worms.

Could you maybe wait for somebody to ask about it first? I honestly
don't believe anyone reads OSI's licensing page anymore. I do expect
them to read SPDX's.

Please feel free to edit, if you have better wording in mind.
It's not the wording. You have the right to put whatever you want on
your web page, just like OSI can say what it likes on their page. But if
you validate what OSI says, it makes me need to set the record straight
on _my_ page, and I was really trying not to go there.

If you must you must, you have your own policies to follow. I'm just not
looking forward to it.


P.S. Any course of action you can shoot down by linking to an XKCD strip
is probably not a good idea, and in this case it's
Unfortunately, also applies.
I'm going to back away from this thread again, I no longer believe I'm
helping here.

Join { to automatically receive all group messages.