On Dec 1, 2021, at 12:05 PM, Karen Sandler <karen@...
I'm a bit confused by the discussion here.
Understandably! This thread began over a month ago with a rather specific question relating to updating a web page and then it sort of wandered around a bit. I’m somewhat confused at this point as well ;)
It seems to me that keeping the recommendation is the safer course of action here and respectful of the licenses that ask for this information to be retained. I recall FSF had some strong opinions about this, and they literally make the same recommendation in the "How to Apply" section of GPL-2.0... maybe someone from FSF can participate in this discussion and share their opinion now?
Given that the Apache Foundation suggests either (their standard header or the SPDX identifier) be used http://www.apache.org/foundation/license-faq.html#Apply-My-Software
and the FSF supports generally the use of SPDX identifiers (not in the explicit way as ASF, but this is the last statement I know of: https://www.fsf.org/blogs/rms/rms-article-for-claritys-sake-please-dont-say-licensed-under-gnu-gpl-2
- It seems more appropriate for SPDX to simply not make any recommendation either way related to using standard headers. At least that was the original question/point!
Karen M. Sandler
Executive Director, Software Freedom Conservancy
Become a Sustainer today! http://sfconservancy.org/sustainer/
On 2021-12-01 07:31, Phil Odence via lists.spdx.org
Mike, this is really interesting input and provides great perspective.
When we first started advocating SPDX headers in files, we were
concerned that there would be a backlash of concern about using them
instead of standard headers and felt, therefore, we could not be
silent. These many years later with the use well-established, I’m in
agreement with advocating the use of SPDX heading and leaving it up to
projet what else then include in the file.
FROM: Spdx-legal@... <Spdx-legal@...> on behalf
of Michael Dolan <mdolan@...>
DATE: Tuesday, November 30, 2021 at 8:28 PM
TO: Warner Losh <imp@...>
CC: Richard Purdie <richard.purdie@...>, Neal Gompa
<ngompa13@...>, Sebastian Crane <seabass-labrax@...>,
SUBJECT: Re: remove recommendation re: standard license headers
On Tue, Nov 23, 2021 at 11:12 AM Warner Losh <imp@...> wrote:
I'll point out that the variations are an enormous pain in the assI'll just add that with the Linux kernel I was stunned when Kate
and create more uncertainty and compliance issues not less. If I
every single license in the tree, verbatim, is that a material
breach of the license?
Stewart and a few others analyzed how many unintentional minor
variations there were in the "standard" GPLv2 header in just the
kernel project. And similar to Warner's comment, it creates more
compliance issues and uncertainty - definitely not less. The number of
"Can you confirm...?" requests from lawyers or others in the industry
about Linux kernel license information has dropped from dozens per
year to zero. In most cases, each request we fielded probably had
multiple people, and hours of internal debate among knowledgeable
people within an organization, before they came to us.
I know another person who analyzed the number of variations of the
"standard" GPLv2 header on the FSF's own website and materials. They
found in excess of 500 unique variations. None of these variations are
indications of an author's intent. They are copy/paste errors or
oversights that are perpetually propagated without realizing it.
I'd also just remind everyone that the source tree of a git project
retains the historical information. If you remove the text, the git
history is still available if anyone wants to go back and look at the
One other point I remind many of is to not remove copyright notices in
the process. For reference, see 17 U.S. Code § 1202 "Integrity of
copyright management information".
Back to Jilayne's original question, I don't see anything on the
website that says to retain original headers (maybe it's already been
removed?), but if there was I'd support removing it. If a project
decides they want to retain them, that's fine, but I don't see why the
SPDX community would need to provide any particular guidance one way
or another. The page Jilayne cited does include the reminder not to
remove Copyright notices, which I think makes sense to keep there.