Spdx-legal@lists.spdx.org | [spdx-tech] Are there SPDX placeholders?

Home Messages Hashtags Subgroups

Date Date 1 - 2 of 2

[spdx-tech] Are there SPDX placeholders?

Kate Stewart #2670 +SPDX-legal team for discussion. Thanks, Kate toggle quoted message Show quoted text On Mon, Sep 16, 2019 at 4:11 AM <michael.kaelbling@...> wrote: I understand // SPDX-License-Identifier: SPDX-ID But how does the community usually indicate unresolved decisions? Is (anything starting with) TBD reserved for "to be determined"? Some unresolved conditions: - we have not yet decided on a license // SPDX-License-Identifier: ((TBD)) - we have narrowed down our choices for a license // SPDX-License-Identifier: ((MIT-0 OR MIT) AND ((TBD))) - we have not yet gotten internal approval for our choice // SPDX-License-Identifier: MIT AND ((TBD-pending-internal-approval)) - we have submitted a new license, but the ID has not yet been approved by SPDX.org // SPDX-License-Identifer: EUPL-2.0 AND ((TBD-pending-SPDX-registration)) Or does one simply use an ungrammatical expression? // SPDX-License-Identifier: * we need to pick a license // SPDX-License-Identifier: EUPL-2.0 MODULO SPDX-registration
More All Messages By This Member
Steve Winslow #2672 I'm not aware of a standardized license expression that would be used _in a short-form source code identifier_ to express these cases. Within the context of an SPDX document, one can use NOASSERTION to mean several different things that kind of boil down to "I'm not making any statement about what license applies"; and NONE to mean there is no license for the file. See [1] You could also define a LicenseRef- expression to mean whatever you wanted. [2] has some details about how LicenseRef- expressions work, though again primarily for use in the context of an SPDX document. The REUSE Software spec [3] describes a way to use LicenseRef- expressions together with where to put copies of the corresponding license text. Regardless, though, if this is code that you are looking to release as part of an open source project, I'd say community expectations are typically that it should have a specified license -- not a "license TBD" notice. If the license is TBD then downstream users, redistributors, etc. won't know what their rights or obligations are. So a project in this situation might want to wait until a license has been selected, and then just start using the corresponding identifier. Best, Steve [1] https://github.com/spdx/spdx-spec/blob/development/v2.2/chapters/4-file-information.md#45-concluded-license- [2] https://github.com/spdx/spdx-spec/blob/development/v2.2/chapters/appendix-IV-SPDX-license-expressions.md [3] https://reuse.software/spec/ toggle quoted message Show quoted text On Mon, Sep 16, 2019 at 5:19 AM Kate Stewart <kstewart@...> wrote: +SPDX-legal team for discussion. Thanks, Kate On Mon, Sep 16, 2019 at 4:11 AM <michael.kaelbling@...> wrote: I understand // SPDX-License-Identifier: SPDX-ID But how does the community usually indicate unresolved decisions? Is (anything starting with) TBD reserved for "to be determined"? Some unresolved conditions: - we have not yet decided on a license // SPDX-License-Identifier: ((TBD)) - we have narrowed down our choices for a license // SPDX-License-Identifier: ((MIT-0 OR MIT) AND ((TBD))) - we have not yet gotten internal approval for our choice // SPDX-License-Identifier: MIT AND ((TBD-pending-internal-approval)) - we have submitted a new license, but the ID has not yet been approved by SPDX.org // SPDX-License-Identifer: EUPL-2.0 AND ((TBD-pending-SPDX-registration)) Or does one simply use an ungrammatical expression? // SPDX-License-Identifier: * we need to pick a license // SPDX-License-Identifier: EUPL-2.0 MODULO SPDX-registration -- Steve Winslow Director of Strategic Programs The Linux Foundation swinslow@...
More All Messages By This Member

1 - 2 of 2

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms