Re: Removing the Appendix from the canonical Apache 2.0 license
Hi Hen,toggle quoted messageShow quoted text
Thanks for letting us know.
As per SPDX License List Matching Guideline 1.2, “extraneous” text that is not part of the substantive license text can be ignored for purposes of matching. See https://spdx.org/spdx-license-list/matching-guidelines
This is notated in our master license XML makeup via the “optional” tag, which you can see here: https://github.com/spdx/license-list-XML/blob/master/src/Apache-2.0.xml#L197
This means that whether that text is present or is missing, will not matter for matching the license as Apache-2.0
If the ASF moves this info to an FAQ and removes it from the license Appendix, I’d think that we would want to leave the XML markup as is, since many existing instances of Apache-2.0 will still have the Appendix, and thus can still be a match. Thoughts from other SPDX’ers on that?
Incidentally, the bug issue you noted below is what got the ball rolling to implement the matching guidelines in a more complete way (which ended up being the XML markup that was developed). :)
As for changing the URL to https:// - the URL does not appear in the license text, we’d just want to update the URL in the URL section at that point, https://github.com/spdx/license-list-XML/blob/master/src/Apache-2.0.xml#L5 If/when that happens, if you could log an issue in the repo, that would be immensely helpful.
Finally, if the ASF is considering any other updates to the standard license headers, might I suggest considering the use of SPDX identifiers along these lines: https://spdx.org/ids - which is also consistent with the FSFE’s Reuse principles. Happy to discuss more, if it’d be easier to talk through.
SPDX Legal co-lead