Re: Hello world and additional licenses


Philip Odence
 

Yes, that's clearly the tradeoff, Soeren. I think the question is how "expensive" it is to add licenses to the list and maintain them. I suspect that as with the spec, we'll have a working area for candidate licenses and a process for promoting to the official list. 

We had some in person discussion about this at the LinuxCon BoF session last night and it was clear that this subject needs more discussion and work. Thanks for joining in and shining some light on it.



On Aug 11, 2010, at 7:44 AM, <Soeren_Rabenstein@...> <Soeren_Rabenstein@...> wrote:

Hi Phil
 
Wouldn’t it make sense to include as many licenses as possible? (except maybe the very strange ones)
Sure this will all more data to the specification. But limiting the specification may bloat Software BOMs with license texts (which would be required to be included under spdx, as I understand it).
 
If you want to limit the covered licenses, I still definitely would vote for including
·         Ruby
·         Xfree
·         RhEcos and Ecos (the old version eCos is still surprisingly often present in embedded devices, regardless of the fact that RedHat dropped the project long time ago)
·         OSSL
·         OLDAP-2.8
 
Cheers
 
Soeren
 
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Philip Odence
Sent: Wednesday, August 11, 2010 6:33 PM
To: Soeren Rabenstein(Soeren Rabenstein, II.M.)
Cc: spdx@...
Subject: Re: Hello world and additional licenses
 
Welcome, Soeren. Glad to have you aboard. 
 
This is certainly fair discussion. The goal has been to have the standard license list cover a large majority of cases (Kate's been talking about 90% coverage). Beyond that we have provided a mechanism for including licenses that are not on the list, the main differences being that for the latter the user will include the text of the license in the SPDX file, not just a reference to our list. 
 
So, that fact that you have run across a license in your work would not on the face say that it meets the criteria for being included on the list. Do you think the licenses you list are fairly common and would belong on the list for that reason? Or do you think our criteria are too tight and that we should try to be more comprehensive in our coverage?
 

Phil

L. Philip Odence
Vice President of Business Development
Black Duck Software, inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502
 
On Aug 11, 2010, at 2:30 AM, <Soeren_Rabenstein@...> wrote:


Hello spdx mailing list

I guess I am the first new subscriber, since you went public?
My name is Soeren Rabenstein, I am in ASUSTeK's legal department since early 2009 and responsible for European legal compliance as well as implementation of a FOSS license compliance program.

Thank you for creating the specification. We are very interested in bringing forward the standard, since "Software-BOMs" form a key element of our compliance program (we actually switched to the term "BOC"="Bill of Code", to avoid confusion with actual, physical BOMs) and supply chain management turned out to be the biggest challenge over here.

As a first contribution, I compared the list of specified licenses in the spdx-draft with my own approval list. As a result I would like to propose the following licenses to be added to spdx. With the exception of the last item, these are all licenses I came across during my practice. I may add them myself through the wiki, but currently I cannot see a working wiki page on this.
I am also happy to dig our more licenses that are not yet listed.


License Identifier: ClArtistic
Formal Name: Clarified Artistic License 1.0
URL: http://www.ncftp.com/ncftp/doc/LICENSE.txt 

License Identifier: XFree86-1.1
Formal Name: XFree86 License 1.1
URL: http://www.xfree86.org/current/LICENSE4.html 

License Identifier: Ruby
Formal Name: Ruby License
URL: http://www.ruby-lang.org/en/LICENSE.txt 

License Identifier: RHeCos
Formal Name: Red Hat eCos Public License v1.1
URL: http://ecos.sourceware.org/old-license.html 

License Identifier: eCos
Formal Name: The eCos license version 2.0
URL: http://www.gnu.org/licenses/ecos-license.html 

License Identifier: OSSL
Formal Name: OpenSSL License
URL: ? (No direct web source known, license text therefore attached to this mail)

License Identifier: ErlPL
Formal Name: Erlang Public License Version 1.1
URL: http://www.erlang.org/EPLICENSE 

License Identifier: gsoPL
Formal Name: gSOAP Public License Version 1.3b
URL: http://www.cs.fsu.edu/~engelen/license.html

License Identifier: SugPL
Formal Name: SugarCRM Public License
URL: http://www.sugarcrm.com/crm/SPL

License Identifier: YPL
Formal Name: Yahoo! Public License 1.1
URL: http://www.zimbra.com/license/yahoo_public_license_1.1.html 

License Identifier: OLDAP-2.8
Formal Name: OpenLDAP Public License Version 2.8
URL: http://www.openldap.org/software/release/license.html 

License Identifier: ZimPL
Formal Name: Zimbra Public License, Version 1.3
URL: http://www.zimbra.com/license/zimbra-public-license-1-3.html 


...AND OF COURSE ;)

License Identifier: WTFPL
Formal Name: Do What The Fuck You Want To Public License
URL: http://sam.zoy.org/wtfpl/ 


Kind regards

Soeren Rabenstein

____________________________________________________________
 
ASUSTeK COMPUTER INC.
 
Soeren Rabenstein, LL.M.
Legal Affairs Center - Legal Compliance Dept.
15, Li-Te Rd., Taipei 112, Taiwan
Tel.: (+886) 2 2894 3447 Ext.2372
Fax.: (+886) 2 2890 7674
soeren_rabenstein@...
____________________________________________________________



=====================================================================================================================================
This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it 
is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete 
the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized 
disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views 
or opinions expressed are solely those of the author and do not represent those of ASUSTeK. Thank you for your cooperation.
=====================================================================================================================================
<OpenSSL-License.txt><ATT00001..c>
 
=====================================================================================================================================
This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it 
is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete 
the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized 
disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views 
or opinions expressed are solely those of the author and do not represent those of ASUSTeK. Thank you for your cooperation.
=====================================================================================================================================

Join spdx@lists.spdx.org to automatically receive all group messages.