Re: Expanded SPDX License List Recommendation as Means to Add Value and Accelerate SPDX Adoption

David A. Wheeler

I like this.  I would add a few more key pieces of information:

- URL for a “canonical” copy of the license text (where available)

- Canonical/common header file text, if any.

- Dispositions from other common license analysis sites, if any: Free Software Foundation (FSF), Fedora, Debian.

  Even if it’s not open source software, it’s helpful to be able to point to OTHER people’s analysis.

  Also, if they took the time to analyze it and report on it, it’s probably common enough to be identified.

- I think it’d be important to make it clear that it doesn’t have to be OSI-approved, you’d just like to know if it is.  It’s useful to be able to refer to common licenses that are NOT OSI-approved.

- Under justification, add “Please identify one or more programs that use this or a previous version of the license” – since in most cases, if no one has adopted it, you probably don’t need to include it in the list.  It’s reasonable to add an *update* to a license before a program starts using it, so that everyone has a canonical name to refer to.


As I said earlier, the more you can make *proposers* provide information, the less everyone else needs to do.  Proposers will generally know more about the license anyway, since they live with it.




--- David A. Wheeler



From: spdx-legal-bounces@... [mailto:spdx-legal-bounces@...] On Behalf Of Tom Incorvia
Sent: Thursday, March 22, 2012 7:00 AM
To: spdx-legal@...; spdx-tech@...; spdx-biz@...
Subject: Expanded SPDX License List Recommendation as Means to Add Value and Accelerate SPDX Adoption


Some of the information below is based on the SPDX Legal call yesterday; some is based on excellent recommendations from David Wheeler, and some is just made up.


I believe that the foundation of SPDX, and the most valuable driver of adoption will be a large, vetted, standardized license list that is agreed upon across the open source community.  Done right, this assures traffic to the SPDX site, and broad visibility.


Accomplishing this will require some compromise and collaboration with stakeholders supporting  other license lists (such as Fedora), but will add substantial value – without standardization of the license list, we will have piecemeal compromises on every issue going forward.


To that end, I recommend that we (1) find ways to accelerate the vetting of the “initial list”, and (2) put in a streamlined process to add individual license to the list and (even better) to consolidate with other substantial license lists such as Fedora. 


Regarding an approval process: my apologies, I cannot remember who volunteered to put together the license approval process on the Legal call, but here are some key pieces of information:


-          A formatted text copy of the license from a source as close as possible to the original copyright holder

-          A proposed Full Name for the license, in line with the SPDX naming guidelines

-          A proposed License Identifier, in line with the SPDX naming guidelines

-          Justification for adding this license (or list of licenses) to the SPDX list

-          Tools Definition: guidelines for the tools group to match this license

-          If this license is OSI approved


The above list is certainly not comprehensive, but may be sufficient to get a license through an approval.


With regards to the timing for approval of a license for adoption:


-          Recommend moving the approval process to the Legal working group, since that is where it will get done anyway

-          Recommend a time limit, such as 5-business days for approval of an individual license

-          For license lists (e.g., Fedora), we may be able to establish timelines for individual licenses or groups of licenses, but will need a volunteer to manage this as a project if we are to be successful in merging the lists in a fashion that consolidates support across SPDX and substantial licensing projects such as Fedora


I will volunteer to be a member of the license approval team, but cannot volunteer at this time to drive the approval process or drive the consolidation of the larger lists such as Fedora




Tom Incorvia


Direct:  (512) 340-1336

Mobile: (408) 499 6850


This message has been scanned by MailController.


Join { to automatically receive all group messages.