Re: Some SPDX 1.0 beta examples


Two more things about the zlib example:

1. The license of the ada subdirectory is GPLv2+ not, GPLv2.

2. There is another interesting example, which is labelled BSD-3 in
the SPDX. Same issues regarding this than the variability of the zlib
license apply here.

* match.S -- optimized version of longest_match()
* based on the similar work by Gilles Vollant, and Brian Raiter, written 1998
* This is free software; you can redistribute it and/or modify it
* under the terms of the BSD License. Use by owners of Che Guevarra
* parafernalia is prohibited, where possible, and highly discouraged
* elsewhere.

On Wed, Sep 29, 2010 at 1:32 PM, dmg <dmg@...> wrote:
This is good. It can start some discussion on the standard.

First, one question:

I scanned the file for zlib and I found some issues with it, but I
think are worth discussing:

1.  Some files do not contain a license, yet they are marked as one:

dmg@i:/tmp/zlib-1.2.5$ more contrib/minizip/zip.c
/* zip.c -- IO on .zip files using zlib
  Version 1.1, February 14h, 2010
  part of the MiniZip project - ( )

        Copyright (C) 1998-2010 Gilles Vollant (minizip) ( )

        Modifications for Zip64 support
        Copyright (C) 2009-2010 Mathias Svensson ( )

        For more info read MiniZip_info.txt

  Oct-2009 - Mathias Svensson - Remove old C style function prototypes
  Oct-2009 - Mathias Svensson - Added Zip64 Support when creating new
file archives
  Oct-2009 - Mathias Svensson - Did some code cleanup and refactoring
to get better overview of some functions.
  Oct-2009 - Mathias Svensson - Added zipRemoveExtraInfoBlock to
strip extra field data from its ZIP64 data
                                It is used when recreting zip archive
with RAW when deleting items from a zip.
                                ZIP64 data is automaticly added to
items that needs it, and existing ZIP64 data need to be removed.
  Oct-2009 - Mathias Svensson - Added support for BZIP2 as
compression mode (bzip2 lib is required)
  Jan-2010 - back to unzip and minizip 1.0 name scheme, with
compatibility layer


2. Some files refer to zlib.h as the file with a license. Now, if the
SHA1 of the file does not change, I would presume (as a user) that I
don't need to scan it again, which is good. But what if zlib.h
changes? Would it be useful in the SPDX to
use a "reference" field to denote such a thing?

3. Is it the same to include a license than to refer to a license?

4. In some files the zlib iicense varies slightly:

 This software is provided 'as-is', without any express or implied
 warranty.  In no event will the author be held liable for any damages
 arising from the use of this software.

and in others

 This software is provided 'as-is', without any express or implied
 warranty.  In no event will the authors be held liable for any damages
 arising from the use of this software.


On Wed, Sep 29, 2010 at 12:52 PM, Philip Odence
<podence@...> wrote:
I moved it to
Home » Wiki » Software Package Data Exchange (SPDX) » Spec
Development » Sandbox For Sharing Examples, Ideas, Etc.
Not sure if it way my knowledge or permissions or both, but anyway, it's
Good stuff, Peter.

On Sep 29, 2010, at 3:45 PM, Peter Williams wrote:

Hi all,

I have posted some examples, along with some notes about them at
<>.  The examples
are intended to conform to the 1.0 beta version of the spec except that
we used sha-256 checksums -- rather than sha-1 -- to identify the files.

I was not able to figure out how to add that page to the examples
sandbox.  (Perhaps i do not permission to do that? )   Would someone
with more knowledge of (or permissions with) the wiki do that for me?

Comments and feedback are welcome.

Peter Williams
Spdx mailing list

Spdx mailing list


Daniel M. German

Daniel M. German

Join to automatically receive all group messages.