Date   

Re: documentation/examples of License Ref?

Kyle Mitchell
 

Luis,

`LicenseRef-*` is technically part of the license expression
syntax, too. But it mostly comes up in the context of
(private, shared) SPDX XML files. I'm not aware of any
package managers that leverage it as a way for package
authors to express their own license terms.

--
Kyle Mitchell, attorney // Oakland // (510) 712 - 0933


documentation/examples of License Ref?

Luis Villa
 

ūüĎčūüŹľ hope everyone is doing as well as they can under the circumstances.

Is there any documentation for, or examples of, correct usage of License Ref? I've been looking this morning and can't find much, but I may just be looking in the wrong places.

Thanks!
Luis


Re: [spdx] Chime instead of Zoom, a modest proposal

Bradley M. Kuhn <bkuhn@...>
 

This would be a good time to note that folks who care about their software
freedom cannot effectively participate in SPDX, and not only because the
conferencing solution is proprietary software (although in the past I was
able to join non-video via a phone number using PSTN line -- this thread
indicates to me that feature might go away now).

In particular, the mailing lists silently one night a year or two ago changed
from GNU Mailman to a proprietary software service with almost no notice. (I
discovered later SPDX was apparently the "test list" that LF used when they
switched all their mailing lists wholesale from a FOSS solution to a
proprietary one, which is why SPDX switched first.) That new service
requires agreement to a proprietary license to interact with its web
interface at all (including to just manage subscription requests), which of
course installs proprietary Javascript on one's computer while using it [0].

I have invited FOSS licensing folks to the SPDX list who refused to join the
mailing list because they didn't want to agree to this proprietary license.
There are thus non-hypothetical examples of SPDX's lack of inclusivity
discouraging participation.

Meanwhile, with the slow move to GitHub for more and more SPDX items, SPDX
has slowly begun to cross the line into using proprietary-access-only GitHub
features. The CLI GitHub clients that use the API can interact with GitHub
issues somewhat. I think (although I haven't checked in about a year) that
GitHub doesn't require you to agree to a proprietary license just to make an
account and use the API. However, the standard web interface to most GitHub
features requires the installation of proprietary software.

So, while James' "must work on Linux" is of course a must, I think this would
be a good moment for SPDX to consider if it wants to dig even deeper into
being a project that has been for some time fundamentally unfriendly to FOSS
enthusiasts. The trend has been in a FOSS-unfriendly direction, and this is
a factor in why I've reduced my volunteer time substantially for SPDX in the
last 6-9 months. I noticed and read through this thread because the subject
line was related to that very issue, and it confirms that I should be
recommending that folks who care about software freedom will probably just
need to avoid the SPDX project.


[0] The only reason I'm still on this mailing list is that the GNU Mailman
subscriptions were auto-imported to the proprietary system, and I since
was a founding member of the inaugural FOSS-Bazaar-Package-Facts list
that became the SPDX lists eventually, I'm still on it. As such, I've
never actually agreed to Linux Foundation's new proprietary license for
its mailing list software, now LF is just sending me (now-unsolicited)
email that I happen to find in my inbox.
--
Bradley M. Kuhn - he/him

Pls. support the charity where I work, Software Freedom Conservancy:
https://sfconservancy.org/supporter/


Re: [spdx] Chime instead of Zoom, a modest proposal

Jonas Smedegaard
 

Quoting Jeremiah C. Foster (2020-04-15 18:57:24)
On Tue, 2020-04-14 at 16:45 -0400, John Sullivan wrote:
"James Bottomley" <James.Bottomley@...> writes:

Well, I'm glad you asked ... so far the most promising fully open
trial
is this one:

https://bigbluebutton.org/
I've used Jitsi meet a bit and it is pretty decent too;
https://github.com/jitsi/jitsi-meet
For the pragmatic angle of "does it work reliably" I agree that Jitsi is
a viable option.

Any conferencing service _can_ become unreliable when stressed.
Stability for all improves when a) fewest possible participants use
their camera, and b) use newest release of a Chromium-based web browser
(i.e. best to avoid¬Ļ Firefox or Safari or GNOME Web).


One caveat with tools that use WebRTC - there is no E2E encryption yet
in the protocol. Matrix however does have this and I've used its'
video and audio and that works quite well.
True, no general-purpose web browser support E2E encryption for WebRTC
calls, so if you want the convenience of "calling from your browser"
then you cannot have the strongest of security.

That said, WebRTC security is still _better_ than that of non-WebRTC
services like Zoom².

For conferences crucially needing it, WebRTC with E2E encryption _is_
possible, using a dedicated tool (i.e. not a web browser) and the
advanced WebRTC+MLS service at https://wire.com/en/


- Jonas


¬Ļ Because Jitsi until next release (expected few days from now) only
reliably supports Chromium-based web browsers -
https://github.com/jitsi/jitsi-meet/issues/4758 - and Firefox is known
to cause trouble not only for themselves but also for other participants
- https://github.com/jitsi/jitsi-meet/issues/5439 and
https://bugzilla.mozilla.org/show_bug.cgi?id=1164187

² Because Zoom is known to jeopardize security and even practice
newspeak by advertising that they support "e2e" (meaning something else
by that term than the rest of the world):
https://onezero.medium.com/zoom-is-a-nightmare-so-why-is-everyone-still-using-it-1b05a4efd5cc

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/

[x] quote me freely [ ] ask before reusing [ ] keep private


Re: Chime instead of Zoom, a modest proposal

John Sullivan
 

"James Bottomley" <James.Bottomley@...> writes:

Well, I'm glad you asked ... so far the most promising fully open trial
is this one:

https://bigbluebutton.org/
Yeah, FSF is running an instance that is being used to successfully
teach classes at MIT right now. We'll post more about it soon, but can
confirm that it works for 20+, with video and screen sharing. Also have
quite a bit of info at
https://libreplanet.org/wiki/Remote_Communication.

-john

--
John Sullivan | he/his/him | Executive Director and VP, Free Software Foundation
GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B
https://status.fsf.org/johns | https://fsf.org/blogs/RSS

Do you use free software? Donate to join the FSF and support freedom at
<https://my.fsf.org/join>.


Re: Chime instead of Zoom, a modest proposal

Alexios Zavras
 

The good folks at FSFE maintain a wiki page with Free Software alternatives:
https://wiki.fsfe.org/Activities/FreeSoftware4RemoteWorking

I should point out that in the SPDX calls we don't actually use video -- it's audio and screen sharing.

-- zvr

-----Original Message-----
From: Spdx-legal@... <Spdx-legal@...> On Behalf Of James Bottomley
Sent: Tuesday, 14 April, 2020 06:35
To: Kyle Mitchell <kyle@...>
Cc: atwoodm@...; Kate Stewart <kstewart@...>; Spdx-legal@...; spdx@...
Subject: Re: Chime instead of Zoom, a modest proposal

On Mon, 2020-04-13 at 20:55 -0700, Kyle Mitchell wrote:
Others have more religious affinity for the Linux desktop.
Wow that's a blast from the early part of this millenium. Since Linux now runs over 80% of the world's computing resources, I thought we'd got over stigmatizing people who actually run it on their desktops.

It's not for want of others trying: my workplace keeps sending me windows laptops, but they aren't really useful for my daily activities and it turns out that if you don't switch them on very often, they simply stop working and eventually the capital expense isn't worth it.

But I haven't seen any libre option that stacks up to Zoom's
reliability. Other closed competitors---Hangouts especially---never
met that bar, either.
Well, I'm glad you asked ... so far the most promising fully open trial is this one:

https://bigbluebutton.org/

But the trials are still ongoing so that's by no means the final answer. It's actually somewhat obvious: bigbluebutton was developed for teaching remotely in under resourced schools, so of course they brought it up on a free (as in beer) OS because everything else was cost prohibitive. No one's heard of it because their advertising budget matches the available resources ...

James






Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Chime instead of Zoom, a modest proposal

Till Jaeger
 

I have not the technical expertise to judge the security level of the
following solution that works with Zoom on Linux:

https://www.linux.com/news/how-to-install-and-use-firejail-on-linux/


----
For some distros like Ubuntu:

$ sudo apt install firejail

$ sudo ln -s /usr/bin/firejail /usr/local/bin/zoom
$ which -a zoom
/usr/local/bin/zoom
/usr/bin/zoom
/bin/zoom

zoom (to start from the shell)

$ firejail --list
3339:username::/usr/bin/firejail /usr/bin/zoom

------


Best,

Till


Re: Chime instead of Zoom, a modest proposal

James Bottomley
 

On Mon, 2020-04-13 at 20:55 -0700, Kyle Mitchell wrote:
Others have more religious affinity for the Linux desktop.
Wow that's a blast from the early part of this millenium. Since Linux
now runs over 80% of the world's computing resources, I thought we'd
got over stigmatizing people who actually run it on their desktops.

It's not for want of others trying: my workplace keeps sending me
windows laptops, but they aren't really useful for my daily activities
and it turns out that if you don't switch them on very often, they simply stop working and eventually the capital expense isn't worth it.

But I haven't seen any libre option that stacks up to Zoom's
reliability. Other closed competitors---Hangouts
especially---never met that bar, either.
Well, I'm glad you asked ... so far the most promising fully open trial
is this one:

https://bigbluebutton.org/

But the trials are still ongoing so that's by no means the final
answer. It's actually somewhat obvious: bigbluebutton was developed
for teaching remotely in under resourced schools, so of course they
brought it up on a free (as in beer) OS because everything else was
cost prohibitive. No one's heard of it because their advertising
budget matches the available resources ...

James


Re: Chime instead of Zoom, a modest proposal

Kyle Mitchell
 

I've used the Linux Zoom client nearly every day for a few
weeks now, and less often for several months before that.
It's been seamless for all the core talk-and-watch
functionality.

It does lag a bit behind on lesser features. For example,
some of the call-recording options on Windows and Mac still
haven't made it over to Linux. So it goes.

I don't usually attend SPDX calls, so this is just FYI. If
I do end up joining in again, I can always use a phone.
Which had sprouted six or seven different apps for VoIP,
last I checked.

Others have more religious affinity for the Linux desktop.
But I haven't seen any libre option that stacks up to Zoom's
reliability. Other closed competitors---Hangouts
especially---never met that bar, either.

--
Kyle Mitchell, attorney // Oakland // (510) 712 - 0933


Re: Chime instead of Zoom, a modest proposal

James Bottomley
 

On Mon, 2020-04-13 at 20:31 +0000, Mark Atwood via lists.spdx.org
wrote:
Chime has clients for Win, and for Mac, it runs in Browser on Firefox
and on Chrome on all OSes, it has clients for mobile OSes, and also
has local and tollfree telephone dialin in most countries.
So no app for Linux then? As you can appreciate, a lot of us have now
been evaluating a whole range of video conference technologies and one
of the empirical rules I've been seeing is that solutions that don't
provide a Linux client usually can't provide app equivalent
functionality on the web either ... and actually there are several
solutions (cough, bluejeans, cough) that allegedly provide a linux app
but not with the full range of capability and have similar problems on
the web.

One of the things I will give zoom in the pantheon of proprietary crap
for meetings is that they have a full range of supported linux clients,
for almost every distribution you can think of, with functionality
equivalent to windows and mac.

James


Re: Chime instead of Zoom, a modest proposal

Kate Stewart
 

Hi Mark,
     Thanks for the generous offer.  :-)  We're not paying for zoom, however I'm definitely up for doing an experiment during our spdx-tech meeting tomorrow, and if it works for the regular attendees, changing to a system with better security.

Can you send  me the details for the account to use,  and we'll do an experiment during the tech call,  and feedback to the wider group.

Thanks again!
Kate

On Mon, Apr 13, 2020 at 3:31 PM Atwood, Mark <atwoodm@...> wrote:

Hi Kate and other SPDX folk,


We have been using Zoom to provide teleconference for SPDX meetings.  In light of recent events, Zoom has  gotten very popular, and also been failing many security audits, and so many companies and governments have started banning its use.


Amazon has a service very similar to Zoom, called Amazon Chime.  Amazon Chime has 1) it's got much better security, 2) it doesn't give your personal, login, and meeting info to the adtech tracking industry, 3) it is gratis with all professional features to the end of June, and 4) as an Amazonian and this being part of my work, I can provide gratis usage to the SPDX group even after the end of June.


Chime has clients for Win, and for Mac, it runs in Browser on Firefox and on Chrome on all OSes, it has clients for mobile OSes, and also has local and tollfree telephone dialin in most countries.


So, what do you think?  Switch to Chime?  It's especially a win if we are paying for Zoom.


..m


-- 

Mark Atwood <atwoodm@...>

Principal, Open Source, Amazon


Chime instead of Zoom, a modest proposal

Mark Atwood (Amazon.com)
 

Hi Kate and other SPDX folk,


We have been using Zoom to provide teleconference for SPDX meetings.  In light of recent events, Zoom has  gotten very popular, and also been failing many security audits, and so many companies and governments have started banning its use.


Amazon has a service very similar to Zoom, called Amazon Chime.  Amazon Chime has 1) it's got much better security, 2) it doesn't give your personal, login, and meeting info to the adtech tracking industry, 3) it is gratis with all professional features to the end of June, and 4) as an Amazonian and this being part of my work, I can provide gratis usage to the SPDX group even after the end of June.


Chime has clients for Win, and for Mac, it runs in Browser on Firefox and on Chrome on all OSes, it has clients for mobile OSes, and also has local and tollfree telephone dialin in most countries.


So, what do you think?  Switch to Chime?  It's especially a win if we are paying for Zoom.


..m


-- 

Mark Atwood <atwoodm@...>

Principal, Open Source, Amazon


milestones for SPDX License List

J Lovejoy
 

Hi all,

We’ve been doing quarterly releases for new SPDX License List versions on a calendar quarterly basis. We adopted this some time ago (before using Github) to provide some expectation and reliability for when people could see the new version. (Now, due to using Github, anyone can see the latest and greatest by pulling from the master repo).

We proposed on the call today to still do a quarterly official release, but shift by a month to: end of Jan, April, July, and October - to avoid alignment with other end-of-quarter rush and end-of-year holiday time.

Does anyone have any objections to adopting this schedule?

Thanks,
Jilayne
SPDX legal team co-lead


Meeting today, Apr. 9

Steve Winslow
 

Hello all, the next regularly-scheduled SPDX legal team meeting will be today, Thursday, Apr. 9 at 9AM PDT / noon EDT.

The primary agenda item will be to discuss license requests currently tagged for the 3.9 release, viewable at: https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+milestone%3A%223.9+release%22

Best,
Steve

= = = = =

Join Zoom Meeting
https://zoom.us/j/611416785

Meeting ID: 611 416 785

One tap mobile
+16465588656,,611416785# US (New York)
+16699006833,,611416785# US (San Jose)

Dial by your location
        +1 646 558 8656 US (New York)
        +1 669 900 6833 US (San Jose)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
        +1 647 558 0588 Canada
        855 703 8985 Canada Toll-free
Meeting ID: 611 416 785
Find your local number: https://zoom.us/u/aceZFvRyln


--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


Re: New License/Exception Request: The 0810 Software simple and permissive open source license (rev. 1.0)

Steve Winslow
 

Hello Marnix, thank you for your email. You can submit this as a license for consideration in the SPDX license list repo, at https://github.com/spdx/license-list-XML/issues, for the community to review and evaluate.

However, I'd encourage you to take a close look first at the license inclusion guidelines, at https://github.com/spdx/license-list-XML/blob/master/DOCS/license-inclusion-principles.md. In particular, if this is a brand new license that does not have actual, substantial use in the wild, I expect it is unlikely to be added to the list at this time.

Best regards,
Steve
 

On Thu, Apr 9, 2020 at 5:14 AM Marnix B <programmer.marxin0810@...> wrote:

Hello dear SPDX moderators,

 

I have created an open-source license that I published through my organisation (0810 Software) and I would like it to get indexed on your list.

 

The license is available at our website: https://software0810.wordpress.com/2020/03/27/the-0810-software-simple-and-permissive-open-source-license/

And in attachements in both PDF and Markdown form.

 

I hope I have given enough information and I am sorry if there is any incorrect English, it is not my first language, if you need any more information feel free to mail me.

 

 

Yours Faithfully,

 

Marnix B

 

https://software0810.wordpress.com

 

https://stories0810.wordpress.com

 



--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


New License/Exception Request: The 0810 Software simple and permissive open source license (rev. 1.0)

Marnix B <programmer.marxin0810@...>
 

Hello dear SPDX moderators,

 

I have created an open-source license that I published through my organisation (0810 Software) and I would like it to get indexed on your list.

 

The license is available at our website: https://software0810.wordpress.com/2020/03/27/the-0810-software-simple-and-permissive-open-source-license/

And in attachements in both PDF and Markdown form.

 

I hope I have given enough information and I am sorry if there is any incorrect English, it is not my first language, if you need any more information feel free to mail me.

 

 

Yours Faithfully,

 

Marnix B

 

https://software0810.wordpress.com

 

https://stories0810.wordpress.com

 


Re: MIT License

Steve Winslow
 

Hello,

The SPDX legal team list is used for the development of the SPDX License List at https://spdx.org/licenses. However, this list is not used for providing legal advice about the interpretation of licenses.

You may want to consult resources such as the OSI's license-discuss list (https://opensource.org/lists) or the FSF's comments on various licenses (https://www.gnu.org/licenses/license-list.en.html).

Best,
Steve


On Tue, Apr 7, 2020 at 12:38 PM <ashkardev@...> wrote:
Hi, 
can anyone explain the MIT License point that says to include the license of used code, but can it be included inside the file but not directly with copied code?
 
 
 



--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


MIT License

ashkardev@...
 

Hi, 
can anyone explain the MIT License point that says to include the license of used code, but can it be included inside the file but not directly with copied code?
 
 
 


License list - 3.9 issues

Steve Winslow
 

Hello spdx-legal list,

This is a friendly reminder that the next release of the License List (version 3.9) is targeted for the end of April.

I'd encourage folks to review the list of open issues, available at:

Comments are welcome, or even simple "+1" notes if you are in favor of adding a proposed license under the updated license inclusion guidelines [1]. Community involvement is very welcome even if you don't have time to write up a lengthy thought process  :)

Best,
Steve


--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


Re: CERN-OHL version 2

J Lovejoy
 

Hi Andrew, 

Great!  FYI - this email got moderated because you are not on the mailing list with this address. I have unmoderated you, but would be best if you could join the mailing list or use the email if you are already otherwise on it.

Would you mind submitting each of the 3 variants via the online submission tool? http://13.57.134.254/app/submit_new_license/  - that will create an issue for each one, which is part of our current workflow for tracking.  Also see: https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md

While we are on the subject of open hardware licenses, I believe we still don’t have Solderpad 2.0 on it, as we may have needed some feedback from you - https://github.com/spdx/license-list-XML/issues/945 - I will try to find the thread we had going on that.

We will be doing a release at the end of April - would be great to get all of these on the list for that. Just need a bit of help and it’s do-able!

Thanks,
Jilayne

On Mar 31, 2020, at 4:47 AM, Andrew <andrewjskatz@...> wrote:

Hi All

Now that version 2 of CERN-OHL has been released, we are keen to see the 3 variants allocated an appropriate SPDX licence identifier.

You can find the licences here: 


We propose the following SPDX identifiers for each of the 3 variants:

CERN-OHL-2.0-P
CERN-OHL-2.0-W
CERN-OHL-2.0-S

These seemed to us to most closely match the existing SPDX licence criteria, but we are happy to discuss any other suggestions (or indeed answer any other questions).

All the best



Andrew





501 - 520 of 3288