HPND & NTP
During the SPDX bake-off it came up that NTP https://spdx.org/licenses/NTP.html can match to HPND https://spdx.org/licenses/HPND.html due to the template nature of HPND. The folks in the bakeoff wanted to know if we ought to deprecate one of these licenses in favor of using the other or how a tool should reconcile which license to “pick” where both could be a valid answer. Talking about this here in Berlin and looking at the licenses, can we please discuss the following items on the next legal call:
1) Both of these licenses are OSI-approved, which is why they are both on the SPDX License List. Given that we endeavor to have all OSI-approved licenses on the SPDX License List (even if they are old or have been voluntarily deprecated by the author, as has HPND), so I don’t view deprecation as an option. All agree?
2) As to HPND, we did not have markup for this license, but it needs it - Sam has added markup to the XML template and Brad has reviewed. It is flagged for review by the legal team: https://github.com/spdx/license-list-XML/pull/89/files - can we get another set of eyes on this, both from the legal perspective and to check the markup?
3) OSI has comments as to how to “match” this license at the bottom of their page - https://opensource.org/licenses/HPNDl - should we add this to the Notes field, as is suggested in the XML file (do we really need it, especially if we have the markup and since the line about white space and capitalization merely repeats a couple of our matching guidelines?)
4) I would recommend adding a comment in the Notes field for each license along the lines of the following:
- for NTP: "This license is the same as HPND, when taking into consideration the templatizing options given in that license. This is included as a separate license on the SPDX License List because it is separately approved by the OSI.”
- HPND: “Due to the templatization options of this license, it can be the same text as NTP license. This is included as a separate license on the SPDX License List because it is separately approved by the OSI.”
Please edit as needed. Perhaps we can then ask the OSI to add similar language on their pages as well, so it is all consistent.
SPDX Legal Team co-lead