Introduction + question about CC0/confidentiality in SPDX 2.2
Haipola, Anna (Nokia - FI/Espoo)
I have recently joined the SPDX legal mailing list and wanted to give a short introduction. My name is Anna Haipola and I am a Legal Counsel supporting the Open Source Program Office at Nokia. I am based in Espoo, Finland. I attended my first external event related to open source software last week at the OSPOlogy.live workshop in Stockholm, and it was truly inspiring to meet professionals working with the same topics in other organizations. I look forward to more collaboration.
The reason why I wanted to get in touch with the SPDX legal team was that I had a question related to the section 2.2.2 of the SPDX Specification (version 2.2). SPDX-Metadata is subject to the terms of the Creative Commons CC0 1.0 Universal license. Section 2.2.2 further states: “This approach
avoids intellectual property and related restrictions over the SPDX file, however individuals can still contract with each other to restrict release of specific collections of SPDX files (which map to software bill of materials) and the identification of the supplier of SPDX files.”
I was unsure whether this meant that even though the data related to the SPDX fields can be distributed freely under CC0, collections of SPDX files could be protected under confidentiality clauses agreed upon between the SPDX document creator and the recipient. I would be happy to discuss this matter in one of the upcoming Legal Team meetings. I will be joining tomorrow’s meeting, so happy to provide some more details on this proposed agenda item there if there is time.
Looking forward to meeting you tomorrow.
This e-mail and any attachments hereto may contain information that is privileged or confidential,
Please consider the environment before printing this e-mail.