Wow! Hopefully this resolves this issue for the foreseeable future (as I think it should). I echo Karen's sentiments -- great work!
As far as the next release, to my mind, the biggest open issue is adding XML for the recently added licenses, which I think should be 2.6+. I haven't done a careful check, but based on a quick scan of the Google Sheets document, that looks like it could be: - EPL-2.0
- EUPL-1.2
- BSD-2-Clause-Patent (done)
- W3C-Software-2015
- Unicode-DFS-2015 (done)
- Unicode-DFS-2016 (done)
- TCP-wrappers (done)
- Net-SNMP (done)
And perhaps also some/all of the licenses still under review: - CDLA-Permissive-1.0
- CDLA-Sharing-1.0
- OSCAT
- Linux-syscall-note (done)
- Bootloader-exception
And perhaps the same for exceptions under review, although I'm not as familiar with these and they may be stale at this point. But as marked, these are "under review": - aptana-exception-3.0
- Cygwin-exception-2.0
- FOSS-License-exception
- MySQL-Connector-ODBC-exception-2.0
- OCaml-exception
- rrdtool-floss-exception-2.0
- sencha-exception-3.0
- trolltech-gpl-exception-1.2
- wolfcms-exception-2.0
- Zarafa-trademark-exception-3.0
Best, Brad
On Thu, Nov 16, 2017 at 8:35 PM, Copenhaver, Karen <kcopenhaver@...> wrote: There are so many things I admire about the people involved and the process that has been followed to get to this proposal for consensus. Many thanks for all Jilayne and Kate and so many others have done to bring SPDX to a point that exceeds all of our expectations.
________________________________
From: spdx-legal-bounces@....org [spdx-legal-bounces@lists.spdx.org] on behalf of J Lovejoy [opensource@...]
Sent: Thursday, November 16, 2017 7:37 PM
To: SPDX-legal
Subject: update on only/or later etc.
Hi All,
Kate and I just had a call with Richard Stallman of the FSF to try and come to a resolution everyone can be happy with, taking into consideration the ask from the FSF and the many thorough discussions we’ve had on the mailing list and calls. This is similar to an approach we discussed on the last call, with one variation. As such, I’d like to propose the followingath forward (again, using GPL-2.0 but for all GNU licenses):
Deprecate the "GPL-2.0" identifier and add the word “only” for GPL version 2 only, e.g., "GPL-2.0-only"
- this should not be problematic as it does not change the meaning of the identifier. GPL-2.0 has meant ‘version 2 only’ since the SPDX License List was born. We are simply adding explicit language for the identifier. No backwards compatibility issues in terms of the meaning.
- we can do a “warning” for people using the deprecated identifier for a period before “GPL-2.0" becomes invalid to give people a chance to update. This will also encourage people who have been sloppy to fix their sloppiness.
Add GPL version 2 or later back to the SPDX License List as it’s own entry with the short identifier of “GPL-2.0+” or “GPL-2.0-or-later”
- This would essentially put us in the same position we are now: with two options - “only” and “or later” - it just alters how one gets there, where one finds it
- this would also put both options back on the license list thus highlighting that the GNU licenses provides these options more obviously and hopefully providing a more overt encouragement to using one or the other
- the identifier here could be “GPL-2.0+” (same as always) or “GPL-2.0-or-later” (differentiation from the + modifier might be better for tooling?) - we can discuss which is better, FSF is fine with either.
- if we go with “GPL-2.0-or-later”, can take same approach with warning re: “GPL-2.0+” then invalid?
Keep the + modifier in the license expression language
- this allows use of + with other licenses as always, no change, no backwards compatibility
Do NOT add a identifier or operator, etc. for the found-license-text-only scenario where you don’t know if the intent of the copyright holder was “only or “or later” and are thus left to interpret clause 9
- on the last call, we came up with two proposals that both incorporate 3 options for each GNU license, see: https://wiki.spdx.org/view/Legal_Team/Minutes/2017-11-09<https://wiki.spdx.org/view/Legal_Team/Minutes/2017-11-09> - the above proposal is the same as “Paul’s alternative” / hard-coded proposal but omits adding the ‘text alone” option
- we don’t need to solve this right now and we can always add this option later
- without adding a third option, we are in the same position we have been in since the birth of the SPDX License List. incremental changes have always been our go-to strategy; let’s take a first step to clarify the current identifiers in a way that the FSF can get behind. If, for a later release, we think we need this third option, then we can discuss that further once we have some time under our belts with this change.
I am really hoping we can all get behind this approach and spend the time on Tuesdays’ call discussing the specifics of implementation, whatever else needs to be done for the next release (for this change and generally), and then get the next release out in time for a nice Christmas present to us all :)
Thanks,
Jilayne
SPDX Legal Team co-lead
opensource@...<mailto:opensource@...>
Choate Hall & Stewart LLP Confidentiality Notice:
This message is transmitted to you by or on behalf of the law firm of Choate, Hall & Stewart LLP. It is intended exclusively for the individual or entity to which it is addressed. The substance of this message, along with any attachments, may contain information that is proprietary, confidential and/or legally privileged or otherwise legally exempt from disclosure. If you are not the designated recipient of this message, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please destroy and/or delete all copies of it and notify the sender of the error by return e-mail or by calling 1-800-520-2427.
For more information about Choate, Hall & Stewart LLP, please visit us at choate.com
_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal
|
