1. Spdx-Legal
  2. Messages

Re: GPL Cooperation Commitment variations

Alexios Zavras
 

Hi Richard,

Let me try to answer, since I was the one who did the "unifying" markup.
Our goal is obviously to match the three GPLCC variants and (ideally) not match anything else. Unfortunately, the latter part is not 100% achievable, but I feel the stuff we allow on top of the original variants is negligible and too low risk.

For example:

- in only one of the three variants there is a colon after the "Definition" header (i.e., two of them have "Definitions" and one has "Definitions:"). I have marked the colon as optional, so any variant may or may not include it.

- in only one of the three variants there is a notice about the licensing (under CC-BY-SA-4.0) of the text. Again, this is marked as optional in any case.

- a more typical example (found in 3-4 places in the text) are the variants of "I commit" (Individual), "we commit" (Project), or "COMPANY commits" (Corporate). By the simplistic word-by-word current matching, we also allow the grammatically incorrect "I commits", for example. If this is considered to be an issue, I can change the match to consider the whole phrase.

- however, in general, there is no way to eliminate the possibility of matching different variants in different parts of the text. I mean, it will eventually match a "Frankenstein-Commitment" which starts "we commit" (from Project), but on the next paragraph talks about "my copyright" (from Individual, instead of "our copyright"). Or has, at the end, a phrase like "XXX means XXX and its subsidiaries." (from Corporate).

I personally consider this to be low-risk, but it's definitely a case of, as you write, "some unknown set of additional variants, unauthorized by the GPLCC initiative, could match to the GPLCC SPDX identifier".
Given what I described, do you think it's acceptable to have this variant matching?

-- zvr -

-----Original Message-----
From: Spdx-legal@... <Spdx-legal@...> On Behalf Of Richard Fontana
Sent: Saturday, 8 December, 2018 07:52
To: J Lovejoy <opensource@...>
Cc: SPDX-legal <spdx-legal@...>
Subject: Re: GPL Cooperation Commitment variations

I've thought further about the issue of whether GPLCC, as a possible future SPDX exception identifier, should cover the three GPLCC variants (Corporate, Indivdiual and Project), as seemed to be the consensus on the recent call, or whether instead it should just refer to the Project version (which was my original proposal).

There's an argument that someone might want to use a convenient SPDX identifier to reference the non-Project variants when annotating some source code wholly or partially covered by one of those commitments. (This is related to some of the arguments Bradley has been making in connection with the Kernel Enforcement Statement, I
think.) I suspect this will be unlikely, but who knows?

My concern though is the effort to use markup to generalize the textual differences among the three variants might have the problematic effect (from Red Hat's perspective) that some unknown set of additional variants, unauthorized by the GPLCC initiative, could match to the GPLCC SPDX identifier. To put it simply, I see value in an SPDX identifier for GPLCC if the identifier can be mapped to from the three official GPLCC variants, but I see no value in the possibility of anything else matching GPLCC. I am not clear on whether the markup can be crafted so precisely that it could only match the three documents in question. I think the problem I am highlighting would be tolerable if we (Red Hat) actually cared about having an identifier for the Corporate and Individual variants, but we really don't. If SPDX adopts an identifier solely for the Project variant, let's say "GPLCC-1.0", we'd be happy to use that as an abbreviation for all three variants on https://gplcc.github.io/gplcc and other informational and promotional materials.

Richard






On Thu, Nov 29, 2018 at 11:54:08AM -0700, J Lovejoy wrote:
Hi all,

I know I just wrote in the minutes that this task was on Richard F, but I was too curious not to have a cursory look myself!

Attached is a compare of the project to corporate variant; and of the individual to project variant. The main difference seem to be:
- in the use of pronouns (I, We, name of coroporation) - easily accommodated with markup.
- likewise, the associated definition of We or the corporation name,
or the absence of a definition for individual at the end
- likewise, lead-in text for the individual version clarifying it only
applies to their sole copyright
- there is also an additional term that the corporate variant has
about the ability to modify the commitment by posting a new edition -
this is not included at all in the project or individual variants. I
think this could be omitable in some way? if a cooperation did make a
modified version, then it would not match


Interested to hear other thoughts. This will still need some expert markup attention!!


Jilayne








Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928
Join {Spdx-legal@lists.spdx.org to automatically receive all group messages.