Re: SPDX License List coverage for a full distro

J Lovejoy

Hi all,

Thanks for the quick feedback and I'm glad to see that we basically all seem to agree that, yes, the SPDX License List should have enough coverage of licenses that a free/open operating system (or the kernel itself) could rely on use of SPDX license identifiers. Yeah!

As for a few related topics:

Re: Richard and Warner's digging into how the SPDX ids are used: I noted in my original email "use of SPDX license identifiers in various ways" as I was trying to capture the different ways of using SPDX identifiers in the source code. e.g., like the Linux kernel has undertaken and what I think Free BSD is in the midst of, or using in something like the Fedora spec file.  I think we can also all agree, that the net result is that SPDX License List would need enough coverage of free/open licenses to accommodate full adoption for either use case.

Related to the topic of licenses on the SPDX License List versus LicenseRef and the new namespace protocol: while I have been supportive of the need and efficiency-mindedness of the namespace concept, I have had the same concern all along that people might just use that and not or wait to submit things that should be on the SPDX License List. The goal of the namespace option, as propsed and consistently explained by Mark Atwood, was for capturing licenses that should not be on the SPDX License List. If a license is clearly free/open and present in a major open source operating system, then it should be on the SPDX License list. Period.

If there turns out to be an onslaught of new license submissions due to such an end-goal, then the SPDX legal team will have to figure out how to best and most efficiently deal with that. But one real advantage of that process, which seems to be glossed over, is that by way of that review multiple lawyers are looking at the text; determining any non-substantive, replaceable or omitable text for matching purposes; and adhering to a set of established guidelines. I don't know of any list "curation" that applies such attention involving the collaboration of legal experts in this field. :)

As a side note that I got thinking about related to all of this: we have seen massive adoption of SPDX license ids in a variety of ways over the years. This is great. We often don't even know about adoption until later (or yet)! And while there is no requirement to be involved with the SPDX community to use the SPDX License List, the most successful adoption seems to occur when there is cross-collaboration. For example, I don't think the Linux kernel's use of SPDX ids would have been smooth and gone as well without the support and involvement for the SPDX community. The effort that FreeBSD is undertaking started with Warner joining the SPDX community to reach out for advice and contribute to the very thing his project is now using. Hence, I'm pretty fired up to ensure Fedora has cross-collaboration (and that means, not just me as the only bridge!) along its path.


On 8/17/21 11:41 AM, Alexios Zavras wrote:

Since we're all expressing agreement, let me add mine...
and remind that we have this wonderful construct that can be used for "list of licenses curated by a single entity but not necessarily on the SPDX License List": namespaces!
We can have a couple of hundred "Fedora--" or "Debian--" identifiers immediately, while waiting for the official inclusion in the list.

-- zvr

-----Original Message-----
From: Spdx-legal@... <Spdx-legal@...> On Behalf Of Matija Šuklje
Sent: Tuesday, 17 August, 2021 16:35
To: spdx-legal@...
Subject: Re: SPDX License List coverage for a full distro

Die 16. 08. 21 et hora 19:10 J Lovejoy scripsit:
What do you all think?
I don’t have much to add to what has been said so far, but just want to add a big fat +1 on everything said so far.


Join to automatically receive all group messages.