Greetings SPDX Tech and Legal Teams,

The follow-up meeting to discuss license related issues and requests for the SPDX Specification version 2.3 will be this Friday at 15:00 UTC (8AM Pacific time).

We will be using the Legal Team’s JITSI meeting coordinates:

https://meet.jit.si/SPDXLegalMeeting

Dial-in: +1.512.647.1431 PIN: 3275 0470 68#

The main topic will be the license namespace proposal.  If there is time available, we will also discuss the snippet license in source file proposal (https://github.com/spdx/spdx-spec/pull/464).

We will follow-up before the meeting with some good background reading and a more detailed agenda.

Best regards,

Gary

-------------------------------------------------

Gary O'Neall

Principal Consultant

Source Auditor Inc.

Mobile: 408.805.0586

Email: gary@...

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Attached is a .ics calendar file for the upcoming meeting.

Gary

Greetings SPDX Legal and Tech teams,

Below is a more detailed agenda for our joint call this Friday 8AM Pacific time (see the forwarded message below for the meeting coordinates).

To make the meeting as productive as possible, please read through this email in its entirety as well as the Change Proposal: Clarify External Licenses in SPDX Documents prior to the meeting.

Note that we didn’t leave much time for the Snippets in Source files discussion – we may need to pick that up during the next legal or tech call.

Topic 1 – “License Namespaces”

Topic 1 Discussion Objectives:

• Agree on specifically which problems we plan to solve and which problems we won’t solve as it relates to referencing license texts which are not included on the SPDX license list
• For any problems we agree to solve, identify what work needs to be done, who will work on it and by when
• If we have enough time, agree on the syntax we will use for referencing external license texts
• If we have enough time, agree on the process we will implement to register and maintain external license texts

Topic 1 Agenda:

• Discuss specific problems we are trying to solve with namespaces and decide if the SPDX community should solve those problems (see problem list below) 10 minutes
• Discuss the policy the SPDX legal team would use as it relates to external license texts (see policy considerations below) 15 minutes
• Discuss what work needs to be done (who, what, when) 15 minutes
• Discuss syntax and process 10 minutes

Topic 2 – “License Snippets in Source Files” – If there is time available

Topic 2 Discussion Objects:

• Agree if this is a problem we want to tackle
• Agree on outstanding remaining issues which need to be resolved
• Agree on the who, what and when for the remaining issues

Topic 2 Agenda:

• Discuss the problem statement
• Discuss remaining work that needs to be done (who, what, when)

Below is a list of namespace problem statements related to “license namespaces” we’ve collected from various threads and conversations:

1. Unable to reference or locate LicenseRef text where the reference is in one document and the text is outside that document. 
• This may well just be a documentation and communication issue – see the Change Proposal: Clarify External Licenses in SPDX Documents for a proposed solution
2. Unable to reference or locate text for non-listed licenses when used in license expressions within source files
• See the REUSE for their proposed solutions to this issue
3. Unable to reference or locate text for non-listed licenses when license expressions are used in package manager meta-data files
4. Ability to efficiently reference common licenses which do not meet the SPDX license inclusion principles
5. Ability to advertise the availability of license lists other than the SPDX license list

Below is a list of policy considerations for when we should use “license namespaces”:

1. Licenses submitted for external namespaces MUST NOT match the text of existing SPDX listed licenses (at the time of submittal)
2. Licenses submitted SHOULD NOT meet the license inclusion guidelines (otherwise – they should be submitted to be included on the license list)
3. Licenses namespaces MUST HAVE a contact
4. Licenses within the namespaces MUST BE maintained
5. Licenses within the namespace MUST BE publicly accessible

Best regards,

Gary, Jilayne, Steve, and Alexios