1. Spdx-Legal
  2. Messages

Re: SPDX License List coverage for a full distro

Warner Losh
 



On Mon, Aug 16, 2021, 1:37 PM Kate Stewart <kstewart@...> wrote:
Hi Jilayne,

    My 2 cents.   The license list should be able to have all non-proprietary licenses in it that are used in a distro image(be it Debian or Fedora or Yocto-derivative, etc.)  If a license is in a common distro,  it should be considered in common use. 
If a license is in common use, I don't see any strong reason not to include it (except for those pesky non-free firmware ones - they can go in SDKs with LicenseRef's though).

LicenseRef is a good escape valve, even for the Free Licenses that aren't yet part of SPDX, or that are marginal cases until they can be prompted to full SPDX identifiers. It's also a good way to collect data the "long tail" of the less frequently used licenses...

Warner

Kate

On Mon, Aug 16, 2021 at 2:16 PM Steve Winslow <swinslow@...> wrote:
Hi Jilayne,

My gut reaction (not knowing specifics about the number of licenses in question) is, yes, ideally the scope of licenses on the license list would be sufficient to cover at least any FOSS-licensed components in a FOSS distro.

In the typical case, if a license satisfies the Open Source Definition and/or Free Software Definition, and is in actual use in a distro like Fedora / Debian / FreeBSD, then my expectation is that it is likely to satisfy the criteria for the license inclusion principles [1].

To the question of "how would SPDX handle that," there's really two steps: (1) approval to add a new license, and (2) actually creating the XML and test text files for the license.

For step 1, the approval process is described at [2] and my hope is that in the typical case for licenses as described above, that this can be a quick check and confirmation.

For step 2, I think that will depend on the people who desire to see a significant number of these licenses added, being willing to participate in creating and submitting the XML and test files.  :)  We've had some great participation from newer participants on the SPDX Legal Team, but I'm not anticipating that the Legal Team participants will be in a position to add hundreds of new licenses (if that's the scale involved) without broader community involvement.

Steve


On Mon, Aug 16, 2021 at 1:10 PM J Lovejoy <opensource@...> wrote:
Hi all,

I wanted to raise a question I've been thinking of in light for Fedora and other open source OS distros looking to adopt use of SPDX license identifiers in various ways.

One concern that has been raised in the context of Fedora is: what if there are a bunch of permissive license variants not in the SPDX License List that would need to be added? How will SPDX handle that? My gut response is that SPDX would have to answer that question when it arises and it may depend on how many new entries we are talking about (an unknown at this point).

But this raises a broader more philosophical question:
Should the SPDX License List have enough coverage of licenses that a free/open operating system (eg Fedora, Debian, FreeBSD, etc) could rely on their use (with maybe the exception of non-free, firmware)?

What do you all think?

Jilayne









--
Steve Winslow
VP, Compliance and Legal
The Linux Foundation

Join {Spdx-legal@lists.spdx.org to automatically receive all group messages.