1. posterid:1160316
  2. Messages

Re: question regarding the information to be provided in case of files containing a license text

J Lovejoy
 

Hi Oliver,

If I understand the scenario you describe below (which I’d agree is quite common), which is: you have a COPYING.txt file at the top-level directory that contains the full text of a license, in this case, GPL-3.0; and then you have a bunch of files in sub-directories that have no actual license info, then the SPDX info at the file level (see Section 6 of the spec), would look something like this:

For the COPYING.txt file:
6.5 License Information in File = GPL-3.0 —> use the short identifier because you should have gotten an exact match on GPL-3.0
6.4 Concluded License = GPL-3.0 —> for obvious reason!

For the other files in the sub-directory:
6.5 License Information in File = NONE —> assuming there is no license information in the individual files; no header for GPLv3, nothing.
6.4 Concluded License = GPL-3.0 
6.6 Comments on License = The concluded license was taken from the package level that the file was included in. This information was found in the COPYING.txt file in the xyz directory. —> this is actually the exact example in the spec itself for this section!

Does that make sense?

I’m not sure why you come up with “Distribute_No_Modifications” - if the license is GPLv3, then you’d identify it in the SPDX file using the short identifier, GPL-3.0 as per the instructions in the spec and the SPDX License List.

Jilayne

SPDX Legal Team co-lead
opensource@...


On Jul 29, 2014, at 8:26 AM, Fendt, Oliver <oliver.fendt@...> wrote:

Hi all,
 
sorry for the cryptic subject, but perhaps you can help me.
 
When doing package analysis with FOSSology or other tools we often find files which contain a license text (e.g. usually the file COPYING contains the text of the GPL) my question is what kind of value has to be provided in the  “Concluded License” in the file context?
As an example:
In the root directory of the package tar version 1.2.7  you find a file COPYING. Content of the file is the text of the GPL-3.0. So the file is obviously licensed under  “Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.” Which might end up in a name like (Distribute_No_Modifications) (Btw. Is this license element of the SPDX license list? I think it would be worth to have it since many files are under this license J).
So the “concluded license” element for the file COPYING  has the value “Distribute_No_Modifications” in this example and not GPL-3.0, which is quite clear.
 
But what about the following example
In the root directory of the package Boost version 1.55 you find a file LICENSE_1_0.txt. Content of the file is the text of the Boost Software License - Version 1.0. But no information is available how the file itself is licensed.  So my question is what value to provide in the  “concluded license” element for the file? In my opinion it can’t be the Boost software license (since there is no hint that the text of the Boost Software License is licensed under the Boost Software license). Do you have an idea?
 
I think it that this is a very common problem and probably was raised already, sorry that I missed the solution.
 
Thanks in advance
 
Oliver
Join Spdx-legal@lists.spdx.org to automatically receive all group messages.