Re: A proposal for SPDX Private License Identifiers. Example: .com.amazon.-.ASL-2.0


Mark Atwood (Amazon.com)
 

Just following up, does anyone have any comments or suggestions for my
proposal for SPDX Private License Identifiers?

-----Original Message-----
From: Spdx-legal@... <Spdx-legal@...> On Behalf Of
Mark Atwood via Lists.Spdx.Org
Sent: Thursday, January 24, 2019 10:31 AM
To: spdx-tech@...; spdx-legal@...
Cc: Spdx-legal@...
Subject: A proposal for SPDX Private License Identifiers. Example:
.com.amazon.-.ASL-2.0

I would like to propose a syntax for SPDX "Private License Identifiers".

SPDX short identifiers and SPDX-License-Identifier declarations in source
code and in compliance documents have proven to be useful. This proposal
extends SPDX license tags to licenses created and used by organizations,
that are unlikely to be applied to content by anyone other than the license
author.

And when I see an expanding namespace with worries about collisions and an
overworked central naming authority, I always think "why not use the DNS?"

Examples (these URLs are not correct):

SPDX-License-Identifier: .com.amazon.-.ASL-2.0

SPDX-License-Identifier: .com.amazon.-.ASL-2.0
https://aws.amazon.com/doc/ASL-2.0

SPDX-License-Identifier: .com.amazon.-.ASL-2.0
https://github.com/aws/AmazonSoftwareLicense

Private License Identifiers are indicated by a leading dot, followed by the
reversed DNS name of the organization who created or authored the license,
followed by a dot dash dot and then a short name of the same general form of
a SPDX license short identifier.

The leading dot is sufficient to separate this namespace from the registered
SPDX short identifiers, and is inspired by the fact that DNS names have an
implied trailing dot. The dot dash dot is to prevent someone from
reversing the entire identifier string into a DNS name and trying to
dereference it, because a bare dash is not a valid DNS name part.
. DNS names be IDN (Internationalized Domain Name) and thus can contain
non-ASCII characters. IDN components can be encoded in IDN Punycode, or in
UTF-8, or in the Unicode encoding appropriate to the document.

In a SPDX-License-identifier declaration, a Private License Identifier can
optionally be followed by a URI pointing to the canonical license text.
This URI should be under the control of the entity that controls the DNS
namespace of the Private License Identifier.

..m


Mark Atwood <atwoodm@...>
Principal, Open Source
+1-206-604-2198

Join Spdx-legal@lists.spdx.org to automatically receive all group messages.