Re: remove recommendation re: standard license headers

Warner Losh

On Mon, Oct 25, 2021 at 9:43 AM J Lovejoy <opensource@...> wrote:
Hi all,

We have some text at the bottom of this page regarding the use of SPDX ids related to a recommendation about using and retaining standard headers when using/adding an SPDX id in source code.

If memory serves, we wrote this at the time when use of SPDX ids in source code was a very new thing. We didn't know if some license stewards might have discomfort with the use of SPDX ids *instead* of their suggested standard license header, and thus felt the need to take a sort of conservative approach.

Now that SPDX ids are used more widely and we know a bit more about how scanning tools identify license headers in total - I think we can remove this section altogether. I don't think SPDX needs to make a statement either way and projects can make their own call, as we've seen with the Linux kernal and other projects.


I've been grappling with this in the FreeBSD project. I'll share my perspective.

There's two parts to that advice. The first is to include the standard boilerplate text to invoke the license ("the standard header," though that phrase means something different in my world, so it should be eliminated for that reason alone). I think we can toss that. This project found dozens (hundreds) of variations in the prescribed text from the FSF GPL, suggesting that the suggested text is more of a suggestion than a requirement.

The suggestion of not removing the boilerplate text for a license is tricky. There's a lot of inertia and received wisdom that one must never do this (since often the text includes statements that it must be retained). With the SPDX, though, the text is substantially reproduced, in durable form by a 3rd party and the reference to that third party's copy could be construed to be reproducing the text (in fact, this notion seems like a bedrock SPDX principal axiom: giving a pointer to the license is just as good as reproducing the whole license). There's much consternation in the FreeBSD project, none-the-less, with wholesale removal of these standard license texts because the variations or slight word changes means we're not reproducing the conditions exactly, and that delta may put us out of license compliance. It's an open question for the chat I hope to have with a competent attorney before the project finalizes its policies towards SPDX. So removing the advice not to remove the license text is fine, imho, since that's legal advice for what constitutes compliance (imho). Replacing it with text that says it's OK or always OK, though would not be cool, imho. Though having that there might encourage others to adopt the SPDX-only policies that have become widespread but not universal.

Does that help?


Join to automatically receive all group messages.