Re: An example of a super simple SPDX licenses registry, for discussion


Kyle Mitchell
 

The word "registry" always gives me flashbacks. Shared
namespaces offer a unique kind of value, but always come
with carrying costs, scaling stepwise with popularity.

For example, the statutory process of copyright-based
takedown requests, the DMCA, doesn't cover trademark-based
claims. There is no special safe harbor from trademark
infringement for service providers, just generally
applicable rules of secondary liability.

How will you handle name disputes? How will you deal with
complaints (to SPDX/LF) about the identifiers being used by
private parties under their assigned namespaces?

Prior art: https://www.npmjs.com/policies/disputes

The npm public registry was originally one, flat namespace
for packages. `jquery` is a package name. In time, the
registry expanded to support scoped packages, with a
separate namespace for scopes, and another for each scope,
for packages within it. `@blueoak/list` is a scoped package
name. Some scopes exist on the public registry, and some
exist only in private registries.

--
Kyle Mitchell, attorney // Oakland // (510) 712 - 0933

Join Spdx-legal@lists.spdx.org to automatically receive all group messages.