Re: License of an open source license text


Matija Šuklje
 

Die 19. 06. 20 et hora 03:00 J Lovejoy scripsit:

Thanks Till for weighing in here!
FWIW, another lawyerly +1 on Till‘s analysis from me.


(a) A technical question: When generating SPDX data at the file level, how
does one identify the LICENSE.txt file? Various ideas have been raised
here.
[…]
This is what really matters. If I find a LICENSE.txt file and it’s an exact
match to MIT - why wouldn’t I simply identify it as MIT? I guess I don’t
understand why having a new license identifier is needed or how that helps.
I’d be really curious to hear what other lawyers think on this bit - as we
are the ones who are going to consume/review the license fields part of the
SPDX data.
This is why REUSE <https://reuse.software> requires the license texts to be
stored with SPDX ID names inside a LICENSES/ folder – e.g.:

LICENSES/GPL-2.0-or-later.txt
LICENSES/MIT.txt

and requires a modified text to use the LicenseRef-* prefix, e.g.:

LICENSES/Licenses-MIT-Matija.txt

That way you can see at a quick glance see:
• all the licenses in the repo/package at a glance – just check LICENSES/*
• match each file through the SPDX ID in it with the license text in LICENSES/
* due to the shared name between the tag and the file
• if the license text is the same as the SPDX reference text – look out for
LicenseRef-*

I think this is a very elegant solution that piggy-backs on top of SPDX.

But in any case, let’s please start with the understanding that the license
of the LICENSE.txt file doesn’t matter.
Aye!

(unless you want to modify/fork the license text, in which case the license of
the license text is probably your least concern)

The (very few) open source licenses that do have a copyright notice or some
other such communication as to the license text itself, I would interpret
more as an artifact of trying to prevent license proliferation or at least
encourage people to name the license something else, so avoid confusion
(now we have scanners that can and SPDX identifiers to help too).
This is an issue that is felt also in REUSE, where because of this the current
suggestion for MIT &sim. is to use a LicenseRef-MIT-{$vendor_or_project} SPDX
ID for the license name for every different copyright holder. Which apart from
making sure the copyright holders are preserved in the license texts, only
takes extra work and space while giving no practical benefits.

See this issue for more details, some proposed solutions, and feel free to
chip in:
https://github.com/fsfe/reuse-docs/issues/16

The sooner we crack this problem, the faster it will get (even) easier to mark
code with licensing info :)


cheers,
Matija
--
gsm: tel:+386.41.849.552
www: https://matija.suklje.name
xmpp: matija.suklje@...
sip: matija_suklje@...

Join Spdx-legal@lists.spdx.org to automatically receive all group messages.