Re: "Scope" of licenses to be covered by SPDX
Bradley M. Kuhn <bkuhn@...>
Jilayne Lovejoy wrote at 16:28 (EDT) on Friday:
compute any function that's computable, but to create a non-trivial one
by hand takes months of work. In other words, the argument that a
system is *flexible* enough to cover an entire complexity space is only
an argument for its completeness, not its usability.
key GNU/Linux infrastructural programs succinctly?
Peter Bigot wrote at 11:58 (EDT) on Friday:
Indeed, I thought that, by now, folks were already writing SPDX files.
I'd assume GCC would be one of the very first packages that you all
would want to write an SPDX file for.
Jilayne Lovejoy wrote:
consuming, detailed work. Most licensing and compliance work is so,
even for the most seemingly trivial matters.
I think the most interesting point coming out of this discussion is that
it seems pretty clear that no one has actually tried to use SPDX for a
real world example yet.
Frankly, I actually hope that's true. The more grim story I've
suspected since the Linux Collaboration Summit legal track last April is
that many so-called "compliance" companies are now using SPDX as an
internal standard for their proprietary products. If that suspicion is
true, SPDX will surely suffer the usual problem of a standard without
adequate Free Software tools: it will be useless to the Free Software
community because it's most extensive and complete use is by proprietary
products. TCP/IP would've probably failed if the best implementation of
it hadn't been Sam's and Kirk's Free Software implementation.
Peter Bigot wrote at 11:58 (EDT) on Friday:
and the Affero GPL. I'm thus unlikely to write the BMKL, and I'd call
it bkuhn-license if I did anyway. :)
Jilayne Lovejoy wrote at 15:23 (EDT) on Friday:
I'm offering assistance to *do* work on the GCC licensing cataloging to
repair the existing flaws in SPDX's license list that Peter identified.
Perhaps you've conflated the fact that I didn't offer to *lead* such
work as an indication that I wasn't offering to *do* any actual work?
I have been making offers to help SPDX for some time, such as my offer
to help shepherd patches carrying SPDX files in upstream projects where
I might have enough influence to help get your SPDX patches accepted
(e.g., BusyBox). That's substantial work (and a significant spending of
political capital) that I've offered to SPDX as well.
--
-- bkuhn
_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal
But it DOES have the flexibility to represent ANY license found... and one can create a Gödel number or a Turing Machine tape that can
accurately.
compute any function that's computable, but to create a non-trivial one
by hand takes months of work. In other words, the argument that a
system is *flexible* enough to cover an entire complexity space is only
an argument for its completeness, not its usability.
It just may not have the capability to do so succinctly,It's not SPDX's intention to make it possible to represent licenses of
key GNU/Linux infrastructural programs succinctly?
Peter Bigot wrote at 11:58 (EDT) on Friday:
+1.Missing GPL-2.0+-with-GCC-exception and other GPL variants in common
use, and/or requiring all such variants to be listed explicitly in
the spec or named arbitrarily at the discretion of independent
compilers of SPDX files, seems to be a more fundamental weakness in
the technical description of licenses.
Indeed, I thought that, by now, folks were already writing SPDX files.
I'd assume GCC would be one of the very first packages that you all
would want to write an SPDX file for.
Jilayne Lovejoy wrote:
This is actually quite a bit of work and has been done by a smallNeither Peter nor I are denying that work done so far was time
number of people.
consuming, detailed work. Most licensing and compliance work is so,
even for the most seemingly trivial matters.
I think the most interesting point coming out of this discussion is that
it seems pretty clear that no one has actually tried to use SPDX for a
real world example yet.
Frankly, I actually hope that's true. The more grim story I've
suspected since the Linux Collaboration Summit legal track last April is
that many so-called "compliance" companies are now using SPDX as an
internal standard for their proprietary products. If that suspicion is
true, SPDX will surely suffer the usual problem of a standard without
adequate Free Software tools: it will be useless to the Free Software
community because it's most extensive and complete use is by proprietary
products. TCP/IP would've probably failed if the best implementation of
it hadn't been Sam's and Kirk's Free Software implementation.
Peter Bigot wrote at 11:58 (EDT) on Friday:
Indeed, I've co-written enough licenses including the GCC RTL exceptionMissing a "BMKL" is one thing.
and the Affero GPL. I'm thus unlikely to write the BMKL, and I'd call
it bkuhn-license if I did anyway. :)
Jilayne Lovejoy wrote at 15:23 (EDT) on Friday:
Great, Bradley. When I find someone who will *do* that work, we willPlease don't underestimate my offer. I'm not offering *merely* input;
definitely ask for you input!
I'm offering assistance to *do* work on the GCC licensing cataloging to
repair the existing flaws in SPDX's license list that Peter identified.
Perhaps you've conflated the fact that I didn't offer to *lead* such
work as an indication that I wasn't offering to *do* any actual work?
I have been making offers to help SPDX for some time, such as my offer
to help shepherd patches carrying SPDX files in upstream projects where
I might have enough influence to help get your SPDX patches accepted
(e.g., BusyBox). That's substantial work (and a significant spending of
political capital) that I've offered to SPDX as well.
--
-- bkuhn
_______________________________________________
Spdx-legal mailing list
Spdx-legal@...
https://lists.spdx.org/mailman/listinfo/spdx-legal