Thanks Gary, Steve - in process of updating now and adding text files. Gary - I followed the workflow instructions you added. Looks good. One question I had was - do we need to do any “special”

I took a look at the automated build failures under #1 below. These are caused by the missing license text. I think it would be good for the tooling to generate the license text, but it currently

Hi Jilayne, for #1 I'll take a look at the XML files and will add comments in the PRs. But, someone else with more Git / Github skills than me may need to weigh in on separating out files per your

I reviewed and merge #2: https://github.com/spdx/license-list-XML/pull/698 - PR for copyleft-next-0.3.1 The build failures were due to a problem already fixed in the master branch, so it should

Hi all, We are a bit late on the 3.3 release and need some help getting it over the line. We did a good job of prioritizing what to finish up (preferably this week) for 3.3 and labeling anything we

Hi Hen, Thanks for letting us know. As per SPDX License List Matching Guideline 1.2, “extraneous” text that is not part of the substantive license text can be ignored for purposes of matching. See

Just to close the loop on this one: the TPM2 engine project got a request from gnutls to reuse the code for their TPM2 handling. To effect this, we need to move to LGPL instead of GPL so we can

No, the license isn't changing :) Another more license-text affecting change would be to change the url in the license text itself to use https. That one gives me more pause. Hen

This section of the reference text is often enough customized by projects (including Apache's own projects) leading to quite a few too many variants of full license text in the wild so I am all for

I’m not a frequent flyer on the Legal Team, but my understanding is that the matching guidelines handle text that comes after “end of terms” language explicitly, and with the markup language we

Hi SPDX folk, Over at Apache, I'm looking to remove the "How to apply" Appendix from the canonical Apache 2.0 text and instead move that content to a FAQ. I see this came up a few years ago (

First of all, I apologise for the long delay. I got distracted by illness, work etc. I see this discussion has progressed a bit since then. I’ll try to weave the new parts of the thread into my

Hi All, We have our next call tomorrow at the usual time and place: https://wiki.spdx.org/view/Legal_Team We are a bit late on getting version 3.3 of the SPDX License List out, so we’ll focus on

Thanks to Rohit, Tushar and Galo, the SPDX license list online tools have now been integrated and deployed at https://spdxtools.sourceauditor.com I’m sure we will find some areas for improvement

calumlind+deluge@... writes: Those names are deprecated, instead, GPL-2.0-only or GPL-2.0-or-later or GPL-3.0-only or GPL-3.0-or-later right? It won't be moot if you want to apply spdx to old

I was looking for the same generic OpenSSL exception and surprised that there was only a specific OpenVPN one. This is my suggestion based upon our Deluge project text:

correct. SPDX’s goal is to create a common language with which to communicate information about (open source) software. The SPDX License List was born out of the recognition for efficiency in

Philippe is correct. We didn’t have written guidelines (aka, the “inclusion principles) for the first few iterations of the license list. If memory serves, all the CC licenses were recommended to

Mike: If I recall correctly: when we started we did add wholesale all the CC licenses without much discrimination. That's an incongruity that I can live with alright. -- Cordially Philippe

This interests me also. It's my impression, from both the license-list explanation and the actual list, that SPDX casts a broader net than either OSI or FSF. Substantial compliance is sufficient. I