On 10/25/21 3:35 PM, Warner Losh wrote:
We have some text at the bottom of this page https://spdx.dev/ids/
regarding the use of SPDX ids related to a
recommendation about using and retaining standard
headers when using/adding an SPDX id in source code.
If memory serves, we wrote this at the time when use of
SPDX ids in source code was a very new thing. We didn't
know if some license stewards might have discomfort with
the use of SPDX ids *instead* of their suggested
standard license header, and thus felt the need to take
a sort of conservative approach.
Now that SPDX ids are used more widely and we know a bit
more about how scanning tools identify license headers
in total - I think we can remove this section
altogether. I don't think SPDX needs to make a statement
either way and projects can make their own call, as
we've seen with the Linux kernal and other projects.
I've been grappling with this in the FreeBSD project.
I'll share my perspective.
There's two parts to that advice. The first is to include
the standard boilerplate text to invoke the license ("the
standard header," though that phrase means something
different in my world, so it should be eliminated for that
reason alone). I think we can toss that. This project found
dozens (hundreds) of variations in the prescribed text from
the FSF GPL, suggesting that the suggested text is more of a
suggestion than a requirement.
"standard header" is narrowly defined in the context of the SPDX
License List -
I am not sure where the FSF stands re: suggestion v. requirement,
but the reality of lots of variations in the wild even when there is
a specific standard header text provided by the license steward
leans heavily towards the advantage of simply using SPDX
identifiers, IMHO :)
Worth noting that the steward of one of the other well known
licenses with standard header agrees -
It's an open question for the chat I hope to have with a
competent attorney before the project finalizes its policies
towards SPDX. So removing the advice not to remove the
license text is fine, imho, since that's legal advice for
what constitutes compliance (imho). Replacing it with text
that says it's OK or always OK, though would not be cool,
imho. Though having that there might encourage others to
adopt the SPDX-only policies that have become widespread but
Totally agree. We felt the need to say something in the beginning,
but given time and how things have played out in reality - I really
think this is up to the project to make a determination (like the
kernel did and Uboot did, etc.) and with their own attorney's advice
as they see fit. Thus, better for us to remove any such specific
You receive all messages sent to this group.
View/Reply Online (#3014) | Reply To Sender | Reply To Group | Mute This Topic | New Topic
Your Subscription | Contact Group Owner | Unsubscribe