Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the

I was involved implementing SPDX license IDs as package license metadata for a few package managers. How to handle licenses that don't have IDs came up every time. `LicenseRef-*` would get mentioned,

Sorry for the short notice reminder. Given the end of the month and next release time frame is rapidly approaching, we’ll focus today’s meeting on divvying up work to get licenses added. I also

+1 to everything Steve just wrote, with one comment. License namespaces were the first thing that came to my mind when reading the thread. Thanks that you confirmed that the proposal was never really

Thanks all for your comments in this thread. I'm not going to try to reply here to every comment, but wanted to note a few pieces that might be informative to folks who are less deep in the SPDX

If the idea is really to hunt down every license lurking in every potentially popular public package, I can see how distro adoption's a real big deal. Congrats! I worry about more work for distro

Could I make a suggestion rooted in some engineering history here. In the early days we tried to make global lists of relevant features (IANA port numbers, reference constants, etc) and allowed

Maybe start assigning ids for these with a format like vanity-xxx and that might make people think twice about it and actually put some work into really explaining why they need yet-another-license

D had always bothered me a little, but mostly in the context of historically preserved licenses. The BSD, CMU and MIT license families have undergone a fair amount of copying with errors and mutation.

Hi Kyle, You raise some specific points that highlight some things we have worked on recently, so responding here inline. Jilayne On 1/24/23 4:13 PM, Kyle

Thanks for this write-up, Richard. Having spent an exorbitant amount of my time over the years of my involvement in SPDX trying to politely say "no" to licenses for the reasons

+1 to Richard!

If distros are seeing packaged-but-not-identified licenses in numbers to the point of pain, I'd suggest addressing that pain directly. Perhaps by laying a wider pipe from distros' workflows to

As I've been following the issue queue for github.com/spdx/license-list-XML/issues over the past several months, it seems to me that you get a significant number of license submissions like this

Hi: If you drop by FOSDEM, there is this one day event before FOSDEM, on Feb. 3rd 2023, in

I just finished publishing a new version of the SPDX online tools. It solves a couple of issues with the license submission utility and upgrades the NTIA Conformance Checker with an improved

Hi all, This is a reminder that Thursday, Jan 12th at the regular legal-team call time, we will have a joint call for the tech and legal teams to discuss the change

SPDX Legal Team - 4th Thursdays 2023 https://meet.jit.si/SPDXLegalMeeting https://meet.jit.si/SPDXLegalMeeting WhenMonthly from 12pm to 1pm on the fourth Thursday from Thursday Jan 26 to Monday

SPDX Legal Team - 2nd Thursdays 2023 https://meet.jit.si/SPDXLegalMeeting https://meet.jit.si/SPDXLegalMeeting WhenMonthly from 12pm to 1pm on the second Thursday from Thursday Jan 12 to Monday