Introduction + question about CC0/confidentiality in SPDX 2.2

Haipola, Anna (Nokia - FI/Espoo)

Hi all,


I have recently joined the SPDX legal mailing list and wanted to give a short introduction. My name is Anna Haipola and I am a Legal Counsel supporting the Open Source Program Office at Nokia. I am based in Espoo, Finland. I attended my first external event related to open source software last week at the workshop in Stockholm, and it was truly inspiring to meet professionals working with the same topics in other organizations. I look forward to more collaboration.


The reason why I wanted to get in touch with the SPDX legal team was that I had a question related to the section 2.2.2 of the SPDX Specification (version 2.2). SPDX-Metadata is subject to the terms of the Creative Commons CC0 1.0 Universal license. Section 2.2.2 further states: “This approach

avoids intellectual property and related restrictions over the SPDX file, however individuals can still contract with each other to restrict release of specific collections of SPDX files (which map to software bill of materials) and the identification of the supplier of SPDX files.”


I was unsure whether this meant that even though the data related to the SPDX fields can be distributed freely under CC0, collections of SPDX files could be protected under confidentiality clauses agreed upon between the SPDX document creator and the recipient. I would be happy to discuss this matter in one of the upcoming Legal Team meetings. I will be joining tomorrow’s meeting, so happy to provide some more details on this proposed agenda item there if there is time.


Looking forward to meeting you tomorrow.


Kind regards,
Anna Haipola




Anna Haipola
Legal Counsel, TECH Legal
Nokia Technologies Oy
At Nokia, we create technology that helps the world act together



This e-mail and any attachments hereto may contain information that is privileged or confidential,
and is intended for use only by the individual or entity to which it is addressed. Any disclosure, copying or distribution
of the information by anyone else is strictly prohibited. If you have received this document in error, please notify us
promptly by responding to this e-mail. Thank you.


Please consider the environment before printing this e-mail.


Join { to automatically receive all group messages.