Re: [spdx-tech] A proposal for SPDX Private License Identifiers. Example: .com.amazon.-.ASL-2.0

Home Messages Hashtags Subgroups

#2532

Re: [spdx-tech] A proposal for SPDX Private License Identifiers. Example: .com.amazon.-.ASL-2.0

Alexios Zavras #2532 Since these will be "private" (which I understand to simply mean "not in the official list"), why don't we simplify our lives and use URLs for naming as well? SPDX-License-Identifier: <https://aws.amazon.com/doc/ASL-2.0> The enclosure in "<"/">" takes care of not being an approved SPDX short identifier, and marks it "private"; the ownership of the domain URL takes care of namespace collisions -- and we have a single line so that our grep-like tools continue working. I agree with Gary's remark that ideally the URL should point to an XML format that can provide some more info than the bare text (e.g., some matching alternatives). -- zvr - toggle quoted message Show quoted text -----Original Message----- From: Spdx-tech@... <Spdx-tech@...> On Behalf Of Gary O'Neall Sent: Sunday, 27 January, 2019 19:50 To: atwoodm@...; spdx-tech@...; spdx-legal@... Subject: Re: [spdx-tech] A proposal for SPDX Private License Identifiers. Example: .com.amazon.-.ASL-2.0 HI Mark, I like the idea of a DNS naming approach to the private license identifiers. It neatly solves the namespace issue. Rather than having a URL pointing to the canonical license text, I wonder if we could have a URL pointing to metadata about the entire license which would include the license text and reference URL's for the source. We could use the same license XML format we use for the license list. This would be more work for the creators of the private license identifier but would enable better machine matching algorithms. There is a use case we've been discussing where we could have an identifier for a license which has been submitted to the license list but not yet approved. Perhaps we solve this using a similar approach. Gary -----Original Message----- From: Spdx-legal@... <Spdx-legal@...> On Behalf Of Mark Atwood via Lists.Spdx.Org Sent: Thursday, January 24, 2019 10:31 AM To: spdx-tech@...; spdx-legal@... Cc: Spdx-legal@... Subject: A proposal for SPDX Private License Identifiers. Example: .com.amazon.-.ASL-2.0 I would like to propose a syntax for SPDX "Private License Identifiers". SPDX short identifiers and SPDX-License-Identifier declarations in source code and in compliance documents have proven to be useful. This proposal extends SPDX license tags to licenses created and used by organizations, that are unlikely to be applied to content by anyone other than the license author. And when I see an expanding namespace with worries about collisions and an overworked central naming authority, I always think "why not use the DNS?" Examples (these URLs are not correct): SPDX-License-Identifier: .com.amazon.-.ASL-2.0 SPDX-License-Identifier: .com.amazon.-.ASL-2.0 https://aws.amazon.com/doc/ASL-2.0 SPDX-License-Identifier: .com.amazon.-.ASL-2.0 https://github.com/aws/AmazonSoftwareLicense Private License Identifiers are indicated by a leading dot, followed by the reversed DNS name of the organization who created or authored the license, followed by a dot dash dot and then a short name of the same general form of a SPDX license short identifier. The leading dot is sufficient to separate this namespace from the registered SPDX short identifiers, and is inspired by the fact that DNS names have an implied trailing dot. The dot dash dot is to prevent someone from reversing the entire identifier string into a DNS name and trying to dereference it, because a bare dash is not a valid DNS name part. . DNS names be IDN (Internationalized Domain Name) and thus can contain non-ASCII characters. IDN components can be encoded in IDN Punycode, or in UTF-8, or in the Unicode encoding appropriate to the document. In a SPDX-License-identifier declaration, a Private License Identifier can optionally be followed by a URI pointing to the canonical license text. This URI should be under the control of the entity that controls the DNS namespace of the Private License Identifier. ..m Mark Atwood <atwoodm@...> Principal, Open Source +1-206-604-2198 Intel Deutschland GmbH Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de Managing Directors: Christin Eisenschmid Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928
More All Messages By This Member

#2532

Join {Spdx-legal@lists.spdx.org to automatically receive all group messages.

Home Hashtags Subgroups Terms