Re: Some SPDX 1.0 beta examples


Peter Williams <peter.williams@...>
 

On 9/29/10 2:32 PM, dmg wrote:
This is good. It can start some discussion on the standard.

First, one question:

I scanned the file for zlib and I found some issues with it, but I
think are worth discussing:

1. Some files do not contain a license, yet they are marked as one:
We assume any that file that does not contain explicit license info and does not match any of the open source in our database is licensed under the declared license of the project. In this case the Zlib license.

2. Some files refer to zlib.h as the file with a license. Now, if the
SHA1 of the file does not change, I would presume (as a user) that I
don't need to scan it again, which is good. But what if zlib.h
changes? Would it be useful in the SPDX to
use a "reference" field to denote such a thing?
I think this is outside the scope of the spdx proper. Many of the decisions about what licenses govern a file will be made on criteria other than an explicit license declaration, direct or indirect. For example, some part of a file might be matched against a database of open source and that open source file might have a license associated with it.

In the short term this could be handled as comment on the file object. It might be an interesting follow on project to create an extension to allow expressing the decision criteria for why a particular license was chosen.

3. Is it the same to include a license than to refer to a license?
We treat those the same. This is a policy issue to be worked out between the producer and the consumers of the spdx file. I think the spec should avoid specify the copyright/license analysis process. Spdx should just provide a way to express the results of such an analysis.


4. In some files the zlib iicense varies slightly:


This software is provided 'as-is', without any express or implied
warranty. In no event will the author be held liable for any damages
arising from the use of this software.

and in others

This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
This also feels like a policy issue to me. We treat those as the same.

Peter Williams
<http://openlogic.com>

Join spdx@lists.spdx.org to automatically receive all group messages.