Date   

Re: [spdx-tech] License model updated

Steve Winslow
 

(cc'ing spdx-legal for additional visibility)

Thanks for this, Gary! I added a few comments in "suggestion" mode in the document. I like the direction the revised model is heading, and will be interested to get feedback from folks who weren't able to attend the call last week.

For clarity, note that this is about a _draft_ discussion for proposed revisions to the license expression syntax / model for SPDX 3.0. For comparison, the existing model in SPDX 2.2 can be seen in https://spdx.github.io/spdx-spec/appendix-III-RDF-data-model-implementation-and-identifier-syntax/ (in the lower-left-hand corner, with the "AnyLicenseInfo" class and its children).

Steve


On Sun, Oct 18, 2020 at 1:09 PM Gary O'Neall <gary@...> wrote:

The license model has been updated based on the decisions made in the last SPDX tech team meeting: https://docs.google.com/document/d/1_9jkthfa5Pjpqb62gV-8WGplANQ7MD-V9Y64KOTFZ3c/edit?ts=5f871b0e

 

Please review and add any comments for any remaining issues.

 

Minutes from last week tech call are available at https://github.com/spdx/meetings/blob/master/tech/2020-10-13.md

 

Gary

 

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

 



--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


Re: New tools in the repo

ANSHUL DUTT SHARMA <anshuldutt21@...>
 

Thankyou everyone for providing me an opportunity to work with SPDX. It was a pleasure working with the community. I will keep trying and improving the project in many possible ways in the future.

On Thu, 8 Oct 2020, 4:17 am Kate Stewart, <kstewart@...> wrote:
Thank you Anshul for your hard work on making this improved capability available to our community!



On Wed, Oct 7, 2020 at 5:43 PM Gary O'Neall <gary@...> wrote:

Thanks to Anshul’s contributions through the community bridge program, there is a new Python tool in the SPDX GitHub repository – the spdx_python_licensematching repo contains a Python implementation of a license matcher which follows the SPDX license matching guidelines.  Following all of the license matching guidelines is a much more compute intensive operation relative to other matching algorithms but will provide a more accurate result.  Please check it out and if you find any issues or have any suggestion, add an spdx_python_licensematching issue.

 

Gary

 

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

 


Re: New tools in the repo

Kate Stewart
 

Thank you Anshul for your hard work on making this improved capability available to our community!



On Wed, Oct 7, 2020 at 5:43 PM Gary O'Neall <gary@...> wrote:

Thanks to Anshul’s contributions through the community bridge program, there is a new Python tool in the SPDX GitHub repository – the spdx_python_licensematching repo contains a Python implementation of a license matcher which follows the SPDX license matching guidelines.  Following all of the license matching guidelines is a much more compute intensive operation relative to other matching algorithms but will provide a more accurate result.  Please check it out and if you find any issues or have any suggestion, add an spdx_python_licensematching issue.

 

Gary

 

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

 


New tools in the repo

Gary O'Neall
 

Thanks to Anshul’s contributions through the community bridge program, there is a new Python tool in the SPDX GitHub repository – the spdx_python_licensematching repo contains a Python implementation of a license matcher which follows the SPDX license matching guidelines.  Following all of the license matching guidelines is a much more compute intensive operation relative to other matching algorithms but will provide a more accurate result.  Please check it out and if you find any issues or have any suggestion, add an spdx_python_licensematching issue.

 

Gary

 

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

 


Invitation: SPDX legal team call @ Every 2 weeks from 12pm to 1pm on Thursday from Thu Oct 8 to Fri Jan 1, 2021 (EDT) (spdx-legal@lists.spdx.org)

Steve Winslow
 

You have been invited to the following event.

SPDX legal team call

When
Every 2 weeks from 12pm to 1pm on Thursday from Thu Oct 8 to Fri Jan 1, 2021 Eastern Time - New York
Where
https://zoom.us/j/94885520778?pwd=Wm5LVzhjU1ZaQkdQZVpibjBKSUtYUT09 (map)
Calendar
spdx-legal@...
Who
swinslow@... - organizer
spdx-legal@...
Replacement invite for SPDX legal team calls for remainder of 2020.

= = = = =


Join Zoom Meetinghttps://zoom.us/j/94885520778?pwd=Wm5LVzhjU1ZaQkdQZVpibjBKSUtYUT09

Meeting ID: 948 8552 0778
Passcode: 708594


One tap mobile
+13017158592,,94885520778# US (Germantown)+13126266799,,94885520778# US (Chicago)

Dial by your location
        +1 301 715 8592 US (Germantown)
        +1 312 626 6799 US (Chicago)
        +1 646 558 8656 US (New York)
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        855 880 1246 US Toll-free
        877 369 0926 US Toll-free
        +1 204 272 7920 Canada
        +1 438 809 7799 Canada
        +1 587 328 1099 Canada
        +1 647 374 4685 Canada
        +1 647 558 0588 Canada
        +1 778 907 2071 Canada
        855 703 8985 Canada Toll-free
Meeting ID: 948 8552 0778
Find your local number: https://zoom.us/u/aMjLFWVV5

Going (spdx-legal@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account spdx-legal@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Replacement SPDX legal team invite; call tomorrow

Steve Winslow
 

Hello SPDX legal team,

I am sending (in a separate email) a replacement recurring calendar invite for the legal team calls for the remainder of 2020. Updated dial-in instructions are below.

The next regularly-scheduled SPDX legal team meeting will be tomorrow, Thursday, Oct. 8, at 9AM PDT / noon EDT. We will focus on a review of the in-process licensing profile draft for the 3.0 spec, and looking at which questions remain open. If we have time, after that we will turn back to looking at open license list requests that are tagged for 3.11.

Thanks,
Steve

= = = = =

Join Zoom Meeting
https://zoom.us/j/94885520778?pwd=Wm5LVzhjU1ZaQkdQZVpibjBKSUtYUT09

Meeting ID: 948 8552 0778
Passcode: 708594

One tap mobile
+13017158592,,94885520778# US (Germantown)
+13126266799,,94885520778# US (Chicago)

Dial by your location
        +1 301 715 8592 US (Germantown)
        +1 312 626 6799 US (Chicago)
        +1 646 558 8656 US (New York)
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        855 880 1246 US Toll-free
        877 369 0926 US Toll-free
        +1 204 272 7920 Canada
        +1 438 809 7799 Canada
        +1 587 328 1099 Canada
        +1 647 374 4685 Canada
        +1 647 558 0588 Canada
        +1 778 907 2071 Canada
        855 703 8985 Canada Toll-free
Meeting ID: 948 8552 0778
Find your local number: https://zoom.us/u/aMjLFWVV5


--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


Invitation: SPDX joint tech / legal call (if enough attendance) @ Tue Sep 29, 2020 1pm - 2pm (EDT) (spdx-legal@lists.spdx.org)

Steve Winslow
 

You have been invited to the following event.

SPDX joint tech / legal call (if enough attendance)

When
Tue Sep 29, 2020 1pm – 2pm Eastern Time - New York
Where
https://zoom.us/j/663426859 (map)
Calendar
spdx-legal@...
Who
swinslow@... - organizer
spdx-legal@...
https://zoom.us/j/663426859


Meeting ID: 663 426 859

Tuesday at 17:00 UTC (and best guess for local time - 10:00AM PDT, 11:00 MDT, 12:00PM CDT, 1:00PM EDT, 18:00 WAT, 19:00 CEST).

Dial by phone: Australia +61 2 8015 2088
 Canada +1 647 558 0588
 Germany +49 30 3080 6188
 Japan +81 3 4578 1488
 US Toll-free 877 369 0926
 Find your local number: https://zoom.us/u/ac9KKJWzJT

Going (spdx-legal@...)?   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account spdx-legal@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Joint tech/legal call today 1PM Eastern

Steve Winslow
 

Hi spdx-legal list,

With apologies for the late notice, I'm sending this as a reminder following from our discussion on the call last Thursday.

Today at 1PM Eastern / 10AM Pacific, during the tech team's usual time slot, we will have a joint legal/tech team call to continue the discussion of the licensing profile for SPDX 3.0. (That is, if we are able to have enough legal team participants attend, given the late notice!)

Dial-in details are below. I'll also send a calendar invite shortly.

Best,
Steve

= = = = =

https://zoom.us/j/663426859
Meeting ID: 663 426 859

Tuesday 9/29 at 17:00 UTC (and best guess for local time - 10:00AM PDT, 11:00 MDT, 12:00PM CDT, 1:00PM EDT,  18:00 WAT, 19:00 CEST).

Dial by phone:
 Australia +61 2 8015 2088
Canada +1 647 558 0588
 Germany +49 30 3080 6188
 Japan +81 3 4578 1488
 US Toll-free 877 369 0926
 Find your local number: https://zoom.us/u/ac9KKJWzJT

--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


Using SPDX for Python packages license documentation

Philippe Ombredanne
 

Dear Special People Doing eXceptional things:

FYI, I have been working with the Python community to specify how
Python package distributions can use SPDX license expressions for
their Core metadata.

The draft of this spec (called a PEP for Python Enhancement Proposal) is at:
https://www.python.org/dev/peps/pep-0639/

Comments and feedback are welcomed at:
https://discuss.python.org/t/2154

--
Cordially
Philippe Ombredanne

+1 650 799 0949 | pombredanne@...
DejaCode - What's in your code?! - http://www.dejacode.com
AboutCode - Open source for open source - https://www.aboutcode.org
nexB Inc. - http://www.nexb.com


Re: [spdx-tech] joint legal/tech team call: Licensing Profile

Steve Winslow
 

All, the minutes from today's joint call are available at: https://github.com/spdx/meetings/blob/master/legal/2020-09-24.md


On Tue, Sep 22, 2020 at 1:03 PM J Lovejoy <opensource@...> wrote:
Hi all,

In follow-up to Steve’s email and invite - we will resume our joint legal/tech team review of the License Profile draft on the legal call this week (Thursday) and the next tech team call (next Tuesday), as needed.

Please see the original email below to jog your memory.


We left off last time with 3.4 Copyright Text- so we’ll pick up on Thursday at that point and move through the rest!  Feel free to review and comment in the Gdoc in advance as well.

Thanks,
Jilayne 

On Aug 12, 2020, at 8:25 AM, J Lovejoy <opensource@...> wrote:

Hi all,

Tomorrow’s regularly scheduled legal team call will be a joint call with the tech team to continue the conversation about the licensing fields and consolidation of such for the 3.0 spec.

By way of background or reminder:
Currently, all license-related fields are contained within the main spec, and are specified as different properties on each SPDX artifact type, i.e., package, Filenes and snippet.

For 3.0, licensing information will be broken out from the base spec and put in a separate "licensing" profile. There was a proposal to consolidate the license fields to have common names and meanings, which can then be applied at the package, file and snippet level.

Steve and I drafted a first pass and we began to go through it on yesterday’s joint tech/legal call. We will continue that review tomorrow. The draft has some comments as per the discussion in the document and the meeting minutes have been posted. Please have a look at both and be ready to hit the ground running!



Call info:
Thursday @ 9am Pacific / noon Eastern US time


Thanks!
Jilayne





--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


joint legal/tech team call: Licensing Profile

J Lovejoy
 

Hi all,

In follow-up to Steve’s email and invite - we will resume our joint legal/tech team review of the License Profile draft on the legal call this week (Thursday) and the next tech team call (next Tuesday), as needed.

Please see the original email below to jog your memory.


We left off last time with 3.4 Copyright Text- so we’ll pick up on Thursday at that point and move through the rest!  Feel free to review and comment in the Gdoc in advance as well.

Thanks,
Jilayne 

On Aug 12, 2020, at 8:25 AM, J Lovejoy <opensource@...> wrote:

Hi all,

Tomorrow’s regularly scheduled legal team call will be a joint call with the tech team to continue the conversation about the licensing fields and consolidation of such for the 3.0 spec.

By way of background or reminder:
Currently, all license-related fields are contained within the main spec, and are specified as different properties on each SPDX artifact type, i.e., package, Filenes and snippet.

For 3.0, licensing information will be broken out from the base spec and put in a separate "licensing" profile. There was a proposal to consolidate the license fields to have common names and meanings, which can then be applied at the package, file and snippet level.

Steve and I drafted a first pass and we began to go through it on yesterday’s joint tech/legal call. We will continue that review tomorrow. The draft has some comments as per the discussion in the document and the meeting minutes have been posted. Please have a look at both and be ready to hit the ground running!



Call info:
Thursday @ 9am Pacific / noon Eastern US time


Thanks!
Jilayne




Invitation: SPDX joint legal / tech team call @ Thu Sep 24, 2020 12pm - 1pm (EDT) (spdx-legal@lists.spdx.org)

Steve Winslow
 

You have been invited to the following event.

SPDX joint legal / tech team call

When
Thu Sep 24, 2020 12pm – 1pm Eastern Time - New York
Where
https://zoom.us/j/97874176804?pwd=cnc3SFpsSFFzdnE5L2pZZUh2eEc3dz09 (map)
Calendar
spdx-legal@...
Who
(Guest list has been hidden at organizer's request)
Steve Winslow is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting
https://zoom.us/j/97874176804?pwd=cnc3SFpsSFFzdnE5L2pZZUh2eEc3dz09

Meeting ID: 978 7417 6804

Passcode: 874420
One tap mobile
+16465588656,,97874176804# US (New York)
+13017158592,,97874176804# US (Germantown)

Dial by your location
        +1 646 558 8656 US (New York)
        +1 301 715 8592 US (Germantown)
        +1 312 626 6799 US (Chicago)
        +1 669 900 6833 US (San Jose)
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        855 880 1246 US Toll-free
        877 369 0926 US Toll-free
        +1 587 328 1099 Canada
        +1 647 374 4685 Canada
        +1 647 558 0588 Canada
        +1 778 907 2071 Canada
        +1 204 272 7920 Canada
        +1 438 809 7799 Canada
        855 703 8985 Canada Toll-free
Meeting ID: 978 7417 6804
Find your local number: https://zoom.us/u/adJiCF3gzz

Going (spdx-legal@...)?   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account spdx-legal@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Joint legal / tech meeting this Thursday, September 24

Steve Winslow
 

Hello legal and tech teams,

This Thursday, September 24, will be a joint legal / tech team call. The call will be focused on continuing the discussions of the new "licensing" profile for SPDX 3.0. If more time is needed for discussion beyond this Thursday's call, I believe we will also be able to use the tech team call on Sept. 29 to continue.

Jilayne will be following up in a separate email with relevant links for the conversation.

I will be sending a calendar invite for this call in a separate email; details are also included below. Note that it is not the same as the existing recurring invite. I will be cancelling the recurring invite and after this Thursday I will send a replacement recurring invite for calls going forward.

Best,
Steve

= = = = =

Thursday, September 24, 12:00 PM - 1:00 PM (Eastern)

Join Zoom Meeting
https://zoom.us/j/97874176804?pwd=cnc3SFpsSFFzdnE5L2pZZUh2eEc3dz09

Meeting ID: 978 7417 6804
Passcode: 874420

One tap mobile
+16465588656,,97874176804# US (New York)
+13017158592,,97874176804# US (Germantown)

Dial by your location
        +1 646 558 8656 US (New York)
        +1 301 715 8592 US (Germantown)
        +1 312 626 6799 US (Chicago)
        +1 669 900 6833 US (San Jose)
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        855 880 1246 US Toll-free
        877 369 0926 US Toll-free
        +1 587 328 1099 Canada
        +1 647 374 4685 Canada
        +1 647 558 0588 Canada
        +1 778 907 2071 Canada
        +1 204 272 7920 Canada
        +1 438 809 7799 Canada
        855 703 8985 Canada Toll-free
Meeting ID: 978 7417 6804
Find your local number: https://zoom.us/u/adJiCF3gzz

--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


SPDX Tools - update bookmark and request for review and feedback

Gary O'Neall
 

Greetings SPDX Tech and SPDX legal teams,

 

A new URL for the SPDX online tools is now be available at https://tools.spdx.org.  Please change any bookmarks or links from http://spdxtools.sourceauditor.com or http://13.57.134.254/app/ to https://tools.spdx.org.

 

A new version of the online SPDX implementing several enhancements and an improved deployment infrastructure is currently in test.

 

Once the testing and the upgrade is complete in 2 to 4 weeks, http://spdxtools.sourceauditor.com and http://13.57.134.254/app/ will no longer be available.

 

The new version has the following enhancements:

 

  • License submittals will now check for existing license matches
    • If there is an exact match, the application will inform the user and not accept the new submittal
    • If there is a close match, the user is presented with the differences and can chose to submit an issue that the licenses should match, or chose to submit a new license request
  • A higher performance license matching implementation
  • A license namespace registry has been added to allow organizations to submit license namespace requests
  • Various application enhancements and fixes

 

Please feel free to check out and test the new version at http://52.32.53.255/app

 

If you find any issues or would like to request any enhancements, please add them to the spdx-online-tools Issues list.

 

Thanks to the many students, mentors and SPDX team members who have contributed to the online tools including Rohit  who was the originator of the online tools and mentor to many students, Smith who contributed the namespace functionality, Umang who implemented the improved license submittal, Mehant who contributed the Docker deployment implementation, and Steve who help us obtain the new URL.

 

Feel free to email me if you have any question or feedback.

 

Thanks,
Gary

 


Meeting today, Sept. 10

Steve Winslow
 

Hello all,

The next regularly-scheduled SPDX legal team meeting will be today, Thursday, Sept. 10, at 9AM PDT / noon EDT.

Today's meeting will focus on reviewing and addressing questions from folks who are taking the lead on the issues currently tagged for 3.11: https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+milestone%3A%223.11+release%22

Best,
Steve

= = = = =

Join Zoom Meeting
https://zoom.us/j/611416785

Meeting ID: 611 416 785

One tap mobile
+16465588656,,611416785# US (New York)
+16699006833,,611416785# US (San Jose)

Dial by your location
        +1 646 558 8656 US (New York)
        +1 669 900 6833 US (San Jose)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
        +1 647 558 0588 Canada
        855 703 8985 Canada Toll-free
Meeting ID: 611 416 785
Find your local number: https://zoom.us/u/aceZFvRyln


--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


Meeting today, Aug. 27

Steve Winslow
 

Hello all,

With apologies for the late reminder, the next regularly-scheduled SPDX legal team meeting will be today, Thursday, Aug. 27, at 9AM PDT / noon EDT.

We'll start the meeting today with a quick review of current status of the ongoing conversations around the "licensing" profile proposal for SPDX 3.0. After that, we'll turn to reviewing and triaging issues for the 3.11 release cycle.

Best,
Steve

= = = = =

Join Zoom Meeting
https://zoom.us/j/611416785

Meeting ID: 611 416 785

One tap mobile
+16465588656,,611416785# US (New York)
+16699006833,,611416785# US (San Jose)

Dial by your location
        +1 646 558 8656 US (New York)
        +1 669 900 6833 US (San Jose)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
        +1 647 558 0588 Canada
        855 703 8985 Canada Toll-free
Meeting ID: 611 416 785
Find your local number: https://zoom.us/u/aceZFvRyln


--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


call tomorrow: joint legal/tech teams

J Lovejoy
 

Hi all,

Tomorrow’s regularly scheduled legal team call will be a joint call with the tech team to continue the conversation about the licensing fields and consolidation of such for the 3.0 spec.

By way of background or reminder:
Currently, all license-related fields are contained within the main spec, and are specified as different properties on each SPDX artifact type, i.e., package, Filenes and snippet.

For 3.0, licensing information will be broken out from the base spec and put in a separate "licensing" profile. There was a proposal to consolidate the license fields to have common names and meanings, which can then be applied at the package, file and snippet level.

Steve and I drafted a first pass and we began to go through it on yesterday’s joint tech/legal call. We will continue that review tomorrow. The draft has some comments as per the discussion in the document and the meeting minutes have been posted. Please have a look at both and be ready to hit the ground running!



Call info:
Thursday @ 9am Pacific / noon Eastern US time


Thanks!
Jilayne



Meeting minutes posted

Gary O'Neall
 

Greetings SPDX tech and legal team – I just posted minutes from our call at https://wiki.spdx.org/view/Technical_Team/Minutes/2020-08-11

 

A lot of good discussion, and I probably didn’t capture everything – so those of you on the call, feel free to update.


Thanks,
Gary

 

 

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

 


Re: Update on project: Validate license cross references

Mark D Baushke <mdb@...>
 

My comments are in-line. Look for MDB:

On Aug 9, 2020, at 12:33 PM, Smith Tanjong Agbor <stanjongagbor@...> wrote:

After discussing with mentors: Steve and Gary; we thought it wise to seek everyone's opinion on two topics:

1. Change back the isMatch field to Boolean(true/false)
In the previous email thread on this project; Michael Kaelbling suggested that the "isMatch" field value be changed from boolean to text; and the said value should contain the results of the comparison(between the license text in the xml and that in each of the crossref urls). He suggested that values could be:
  • verbatim
  • noassertion – if no test result is available (for invalid links perhaps)
  • todo – no match attempted
  • “” – no match asserted
  • verbatim2 – matches with \r == \r\n == \n
  • verbatim3 – matches “ignoring whitespace differences” reflowed text
  • verbatim4 – matches ignoring decoration (comments, flower-boxes)
  • template – matches template verbatim (see ppalaga’s comment)
  • et cetera as they become available
One of the issues we identified concerning this approach was
a. The above results are not mutually exclusive. Given that they are not mutually exclusive, we might be compelled to store those text values in a list.
ex: isMatch: [verbatim2, verbatim4, etc]
That said, we thought; do we need all that information? Aren't we over-engineering?

b. Is such detailed information necessary? Parsing this will entail knowing all possible values, and any update on this values will require updating the projects that parse this information.

So, we would like to know your thought process on this, and if storing this information is of utmost importance.

MDB

My opinion is that the isMatch operator should be true/false only.

I would also favor the addition of another operator with the name isValid for ensuring that the links exist.

If there is a need for the other functionality, then providing other operators may be desirable.

Perhaps isFuzzyMatch or listOfFuzzyMatches would deal with non-verbatim matches...

In the end, it is desirable if a producer of a package utilizing multiple license F/OSS elements is able to determine if the license is not able to comply with the source licenses if it were to be distributed (such as having something built from a GPLv2.0-only + Apache1.1 set of sources).

To get to that level of usefulness, one needs to know which licenses are equivalent via isMatch or other such idioms.
 

----------------------------------------------------------------------------------------------------------------------------

2. Html formatting of the details on the crossrefs
The progress I made on the project also concerned the html template(that is used to generate the spdx website) to display the license crossrefs details.
Here is the 0BSD license on the website(spdx.org)
<0BSD1.png>
and Here is the updated license I have locally, with the crossref details:
<0BSD2.png>
<0BSD3.png>

So the questions that popped up were the following:
  • Do we need all this information displayed on the website?
MDB

I do not believe the extra material is needed. However, if it is 'free' and accurate, I do not mind it being present.
  • Do we need the isWayBackLink parameter(wayback links can be identified visually already)
MDB

I am not a fan of information being only visible. I know of many people that are visually impaired, be it via being color blind or blind where funky icons hold no meaning whatever.

  • If the url is not valid, we should not make the url clickable(remove the link as an anchor tag)
MDB
It is better to not provide a link which is not able to be followed.
  • Can we use an accordion to display url details?
MDB
No thank you.
  • Could we use icons to indicate truth values of fields?

MDB
ICONS are mostly evil if they are the only providers of information.
They CAN provide additional information for some kinds of users
who are looking for patterns in the visual presentation, but generally
have problems when the display device is not the one used by the
original graphic designer. Hint: Look at the wide variation in display
on the various kinds of mobile devices as compared with a high resolution 
graphics monitor.


So, design experts' ideas are welcome on this topic.


MDB
I am NOT a design expert.

These were the two main topics that require your intervention and contributions.

MDB
Thank you for asking.

        Be safe, stay healthy,
        -- Mark



Update on project: Validate license cross references

Smith Tanjong Agbor
 

Hi everyone,

After discussing with mentors: Steve and Gary; we thought it wise to seek everyone's opinion on two topics:

1. Change back the isMatch field to Boolean(true/false)
In the previous email thread on this project; Michael Kaelbling suggested that the "isMatch" field value be changed from boolean to text; and the said value should contain the results of the comparison(between the license text in the xml and that in each of the crossref urls). He suggested that values could be:
  • verbatim
  • noassertion – if no test result is available (for invalid links perhaps)
  • todo – no match attempted
  • “” – no match asserted
  • verbatim2 – matches with \r == \r\n == \n
  • verbatim3 – matches “ignoring whitespace differences” reflowed text
  • verbatim4 – matches ignoring decoration (comments, flower-boxes)
  • template – matches template verbatim (see ppalaga’s comment)
  • et cetera as they become available
One of the issues we identified concerning this approach was
a. The above results are not mutually exclusive. Given that they are not mutually exclusive, we might be compelled to store those text values in a list.
ex: isMatch: [verbatim2, verbatim4, etc]
That said, we thought; do we need all that information? Aren't we over-engineering?

b. Is such detailed information necessary? Parsing this will entail knowing all possible values, and any update on this values will require updating the projects that parse this information.

So, we would like to know your thought process on this, and if storing this information is of utmost importance.

----------------------------------------------------------------------------------------------------------------------------

2. Html formatting of the details on the crossrefs
The progress I made on the project also concerned the html template(that is used to generate the spdx website) to display the license crossrefs details.
Here is the 0BSD license on the website(spdx.org)
0BSD1.png
and Here is the updated license I have locally, with the crossref details:
0BSD2.png
0BSD3.png

So the questions that popped up were the following:
  • Do we need all this information displayed on the website?
  • Do we need the isWayBackLink parameter(wayback links can be identified visually already)
  • If the url is not valid, we should not make the url clickable(remove the link as an anchor tag)
  • Can we use an accordion to display url details?
  • Could we use icons to indicate truth values of fields?

So, design experts' ideas are welcome on this topic.

These were the two main topics that require your intervention and contributions.


Thanks, 

401 - 420 of 3278