Re: Removing the Appendix from the canonical Apache 2.0 license


J Lovejoy
 

Hi Hen,

Thanks for letting us know.

As per SPDX License List Matching Guideline 1.2, “extraneous” text that is not part of the substantive license text can be ignored for purposes of matching. See https://spdx.org/spdx-license-list/matching-guidelines

This is notated in our master license XML makeup via the “optional” tag, which you can see here: https://github.com/spdx/license-list-XML/blob/master/src/Apache-2.0.xml#L197 

This means that whether that text is present or is missing, will not matter for matching the license as Apache-2.0

If the ASF moves this info to an FAQ and removes it from the license Appendix, I’d think that we would want to leave the XML markup as is, since many existing instances of Apache-2.0 will still have the Appendix, and thus can still be a match.  Thoughts from other SPDX’ers on that?

Incidentally, the bug issue you noted below is what got the ball rolling to implement the matching guidelines in a more complete way (which ended up being the XML markup that was developed). :)

As for changing the URL to https:// - the URL does not appear in the license text, we’d just want to update the URL in the URL section at that point, https://github.com/spdx/license-list-XML/blob/master/src/Apache-2.0.xml#L5   If/when that happens, if you could log an issue in the repo, that would be immensely helpful.

Finally, if the ASF is considering any other updates to the standard license headers, might I suggest considering the use of SPDX identifiers along these lines: https://spdx.org/ids - which is also consistent with the FSFE’s Reuse principles.  Happy to discuss more, if it’d be easier to talk through.


Cheers,
Jilayne

SPDX Legal co-lead

On Oct 7, 2018, at 1:15 PM, Hen <flamefew@...> wrote:

Hi SPDX folk,

Over at Apache, I'm looking to remove the "How to apply" Appendix from the canonical Apache 2.0 text and instead move that content to a FAQ.

I see this came up a few years ago ( https://bugs.linuxfoundation.org/show_bug.cgi?id=1302 ) and it sounds like this won't affect SPDX, but I wanted to let you know first before charging on and making the change.

My thinking is to change the primary text, then send a note around to Apache projects to encourage them to do the same over time. I imagine it will take years before it's the norm not to have it, but that doesn't stop it being a good thing to do.

Thanks,

Hen

Join Spdx-legal@lists.spdx.org to automatically receive all group messages.