Re: Project: Registry and repository of License List Namespaces

J Lovejoy

Hi Tanjong,

Thanks for sending this to the SPDX legal team and sorry for the delayed response.

This looks good, but I have one main concern: how will people know when to submit a license to the namespace repository versus submitting a license for inclusion in the SPDX License List? Also, who will curate the submissions to the namespace list (or will this all be automated)?  

We have a legal team call tomorrow (Thursday) at noon US eastern time - if that’s not too last minute, maybe we can discuss. 
Another idea might be to do a joint legal/tech team call, as I see Gary already suggested a discussion on the tech team call, maybe we could combine efforts.

SPDX legal team co-lead

On Jul 8, 2019, at 4:15 AM, Smith Tanjong Agbor <stanjongagbor@...> wrote:

Hi all,

This is a follow-up email to inquire whether you read my previous email.

Please it is important that the legal team do read up on this.

Best regards,

On Mon, Jul 1, 2019, 1:50 PM Smith Tanjong Agbor <stanjongagbor@...> wrote:
Hello all,

I beg your indulgence in reading this email. It is long, but the purpose is worth it

I am Tanjong Agbor Smith; contributor of SPDX for the project: Registry and repository of License List Namespaces.

Given that the legal team will be the main people to use the application I am building, my mentors thought it wise to involve you more into this.

So, I will start by describing the project, then the approach I am using to develop this, the work done so far, and I will conclude by indicating the future work to be done.

SPDX provides a license list for commonly used open source license - the SPDX License List. SPDX also supports defining licenses within the SPDX document using a LicenseRef syntax defined in section 6 of the SPDX specification. In the next release of SPDX, we plan to introduce a mechanism for other organizations or individuals to maintain lists of licenses outside of the SPDX license list, but allow those licenses to be valid without requiring the text to be in the SPDX document itself. This enhancement has been documented in the SPDX specification issues list. This project automates the registration and management of the namespaces.

2. Approach:
Given that the spdx legal team are already at ease in using SPDX Online tools to submit license requests, we thought it wise to include the functionalities of this project in SPDX online tools too.
This shall provide a single application to perform the tasks of submitting license requests, submitting license namespace requests, etc.

3. Work done so far:
So far, (though you all might not see these in your instance of spdx online tools), I have added the necessary models for namespace submission, and pull requests of license namespaces are done automatically on this repository: repo.
You can see examples of license namespace issues submitted with our tool on this link.
Below is an image of the form that has to be filled on spdx online tools to be able to create the necessary requests(issue) on the repository:

<license namespace request form.png>
NB: you can share your views on this form and request changes. ☺

4. Features to implement:
- namespace validation
- single place to store organisations names(possibly a json file?)
- URL validation (as mentioned by one of my Mentors; Tushar)
- pop-up display after successful submission of a namespace
- prefill submitter's email(if logged in)
- A committer to the namespace repository accepts the pull request
- When accepted, the namespace is published to a known website
- REST based API's are available to query the namespace repository
- See if the license text for a license matches license text for other licenses within other repositories
- Maintain a list of license aliases, preferably as a file in a github repositories.The aliases would include all license ID's for licenses with the same text.
- Provide a service that allows for text to be compared against all existing licenses.
- Promote a license to the license list - this would call the REST API's for the online tool to add a license to the SPDX license list.a.If the verification of whether the license is already present prior to adding it, I shall write an API that will perform this check to avoid duplicates.
- Remove a license repository. This would also update the license aliases.a.I will write a django REST API that will expose a function which will remove a license reference and update the aliases.
- Provide metrics on use for licenses to help the SPDX legal team propose licenses which should be on the SPDX license list

Thank you for your patience.

Please feel free to provide suggestions to this email, as your ideas could be valuable.

Best regards,

Join { to automatically receive all group messages.