Hi Jilayne,
sorry for answering so late.
I’ll try to be more precise.
I have attached the COPYING file of my tar scenario. The file contains for sure the text of the GPL-3.0. But it is _not_ licensed under GPL-3.0, it is licensed under “Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.” (as you can see in line 5 and 6 of the file) Due to this in my opinion this should result in the following information for the file COPYING.txt:
LicenseInfoInFile= GPL-3.0
LicenseInfoInFile: LicenseRef-1
LicenseConcluded: LicenseRef-1
And LicenseRef-1 (since I did not find it in the SPDX License list)
“Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.”
Is it more clear now?
My second example deals with the same problem asking, what kind of information do I have to provide if I have a license text in a file and there is not information on how the text itself is licensed (like the Boost Software License 1.0, see my second example and my second attachement)
What has to be provided in SPDX for this file BSL-1.0.txt
LicenseInfoInFile= BSL-1.0
LicenseConcluded: ??????
What terms of use for the Boost Software License itself? Is the Boost Software License itself licensed under the Boost Software License 1.0 (this could be assumed because the text says “…accompanying documentation covered by
this license (the "Software")…” so one can think that the text of the Boost Software License is available under the terms and conditions of the Boost Software License. But is this really the case)?
I hope I was more clear and precise
Regards
Oliver
Von: J Lovejoy [mailto:opensource@...]
Gesendet: Dienstag, 29. Juli 2014 17:39
An: Fendt, Oliver
Cc: SPDX-legal
Betreff: Re: question regarding the information to be provided in case of files containing a license text
Hi Oliver,
If I understand the scenario you describe below (which I’d agree is quite common), which is: you have a COPYING.txt file at the top-level directory that contains the full text of a license, in this case, GPL-3.0; and then you have a bunch of files in sub-directories that have no actual license info, then the SPDX info at the file level (see Section 6 of the spec), would look something like this:
For the COPYING.txt file:
6.5 License Information in File = GPL-3.0 —> use the short identifier because you should have gotten an exact match on GPL-3.0
6.4 Concluded License = GPL-3.0 —> for obvious reason!
For the other files in the sub-directory:
6.5 License Information in File = NONE —> assuming there is no license information in the individual files; no header for GPLv3, nothing.
6.4 Concluded License = GPL-3.0
6.6 Comments on License = The concluded license was taken from the package level that the file was included in. This information was found in the COPYING.txt file in the xyz directory. —> this is actually the exact example in the spec itself for this section!
I’m not sure why you come up with “Distribute_No_Modifications” - if the license is GPLv3, then you’d identify it in the SPDX file using the short identifier, GPL-3.0 as per the instructions in the spec and the SPDX License List.
sorry for the cryptic subject, but perhaps you can help me.
When doing package analysis with FOSSology or other tools we often find files which contain a license text (e.g. usually the file COPYING contains the text of the GPL) my question is what kind of value has to be provided in the “Concluded License” in the file context?
In the root directory of the package tar version 1.2.7 you find a file COPYING. Content of the file is the text of the GPL-3.0. So the file is obviously licensed under “Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.” Which might end up in a name like (Distribute_No_Modifications) (Btw. Is this license element of the SPDX license list? I think it would be worth to have it since many files are under this license J).
So the “concluded license” element for the file COPYING has the value “Distribute_No_Modifications” in this example and not GPL-3.0, which is quite clear.
But what about the following example
In the root directory of the package Boost version 1.55 you find a file LICENSE_1_0.txt. Content of the file is the text of the Boost Software License - Version 1.0. But no information is available how the file itself is licensed. So my question is what value to provide in the “concluded license” element for the file? In my opinion it can’t be the Boost software license (since there is no hint that the text of the Boost Software License is licensed under the Boost Software license). Do you have an idea?
I think it that this is a very common problem and probably was raised already, sorry that I missed the solution.
