Thanks Warner!

On Mon, Oct 25, 2021 at 9:43 AM J Lovejoy <opensource@...> wrote:

Hi all,

We have some text at the bottom of this page https://spdx.dev/ids/ regarding the use of SPDX ids related to a recommendation about using and retaining standard headers when using/adding an SPDX id in source code.

If memory serves, we wrote this at the time when use of SPDX ids in source code was a very new thing. We didn't know if some license stewards might have discomfort with the use of SPDX ids *instead* of their suggested standard license header, and thus felt the need to take a sort of conservative approach.

Now that SPDX ids are used more widely and we know a bit more about how scanning tools identify license headers in total - I think we can remove this section altogether. I don't think SPDX needs to make a statement either way and projects can make their own call, as we've seen with the Linux kernal and other projects.

Thoughts?

I've been grappling with this in the FreeBSD project. I'll share my perspective.

There's two parts to that advice. The first is to include the standard boilerplate text to invoke the license ("the standard header," though that phrase means something different in my world, so it should be eliminated for that reason alone). I think we can toss that. This project found dozens (hundreds) of variations in the prescribed text from the FSF GPL, suggesting that the suggested text is more of a suggestion than a requirement.

"standard header" is narrowly defined in the context of the SPDX License List - https://github.com/spdx/license-list-XML/blob/master/DOCS/license-fields.md
I am not sure where the FSF stands re: suggestion v. requirement, but the reality of lots of variations in the wild even when there is a specific standard header text provided by the license steward leans heavily towards the advantage of simply using SPDX identifiers, IMHO :)

Worth noting that the steward of one of the other well known licenses with standard header agrees - http://www.apache.org/foundation/license-faq.html#Apply-My-Software

 It's an open question for the chat I hope to have with a competent attorney before the project finalizes its policies towards SPDX. So removing the advice not to remove the license text is fine, imho, since that's legal advice for what constitutes compliance (imho). Replacing it with text that says it's OK or always OK, though would not be cool, imho. Though having that there might encourage others to adopt the SPDX-only policies that have become widespread but not universal.

Totally agree. We felt the need to say something in the beginning, but given time and how things have played out in reality - I really think this is up to the project to make a determination (like the kernel did and Uboot did, etc.) and with their own attorney's advice as they see fit. Thus, better for us to remove any such specific advice.

---

Links:

You receive all messages sent to this group.

View/Reply Online (#3014) | Reply To Sender | Reply To Group | Mute This Topic | New Topic
Your Subscription | Contact Group Owner | Unsubscribe [opensource@...]

_._,_._,_