1. Spdx
  2. Messages

Re: Purpose of licensing info

kate.stewart@...
 

Hi Scott,
The meaning of the declared and detected at the package is different than what we've been discussing at the file level, and separation of the two different cases (package level vs. file level) is important and significant.

At the package level the intention of declared license, is to reflect the contents of what the package author believes the license is for the package (based on something like the LICENSE, COPYING file, etc.). The detected license field can create multiple instances, and is meant to simply records ALL the licenses (either detected directly or asserted at the file level).

If declared license is different from detected license(s) listed at the package level, its a signal to consider going down to the file level to understand the details - because there may be some areas that require legal judgement.

In terms of the example that you give at the file level, given the our current license list, and given the syntax proposed below, I'd recommend they be encoded as

"This file is licensed under the same terms as Perl."
LicenseAsserted: Fulllicense-1
LicenseDetected: Fulllicense-1
since LicenseAsserted matches LicenseDetected, a LicenseComment is not required.
Fulllicense-1 has the verbatim text above.
It is recorded as a non-standard license, since none of our short form templates or headers match this.

"For license terms, see the file LICENSE."
LicenseAsserted: ?? (see what is in the file LICENSE if it exists and either use a short form or full license, else Unknown)
LicenseDetected: Unknown
LicenseComment: <text> For license terms, see the file LICENSE </text>

Hope this clarifies things a bit.

Kate

--- On Thu, 1/13/11, Peterson, Scott K (HP Legal) <scott.k.peterson@...> wrote:

From: Peterson, Scott K (HP Legal) <scott.k.peterson@...>
Subject: RE: Purpose of licensing info
To: "Peter Williams" <peter.williams@...>, "kate.stewart@..." <kate.stewart@...>
Cc: "spdx@..." <spdx@...>
Date: Thursday, January 13, 2011, 4:46 PM
Kate and Peter --

I am trying to understand the meaning and value of
"detected" and/or "declared" as distinguished from "your
best guess", i.e., "asserted".

What would be the value of the detected or declared field
for the two cases where the file included one of these
strings:

"This file is licensed under the same terms as Perl."

"For license terms, see the file LICENSE."

-- Scott

-----Original Message-----
From: spdx-bounces@...
[mailto:spdx-bounces@...]
On Behalf Of Peter Williams
Sent: Thursday, January 13, 2011 3:52 PM
To: spdx@...
Subject: Re: Purpose of licensing info

What about naming the field that represents the actual
license of a
file/package "License".  In the current spec File
already has such a
property so all that would have to be done is adjust the
verbiage
slightly and make it apply to packages too.

"LicenseDetected" is a little ambiguous for what this field
actually
represents.  "DeclaredLicenses" would be
clearer.  "DeclaredLicenses"
also has the advantage already being defined on package and
it means
the same thing there.   We could just make
that property apply to
files too.

Peter
openlogic.com

On Thu, Jan 13, 2011 at 12:46 PM,  <kate.stewart@...>
wrote:
Based on discussions on the SPDX call today, I think
we are closing in on the following proposal for the file
level to address the concerns raised by Open Logic.

There will be a special call tomorrow at 9am EST to
get resolution on this issue.  Please let Esteban Rockett
or myself know,  off-list, if you are interested in
participating and were not in the legal call yesterday or
the coordination call today.

Proposal:  section 5.3 (License(s)) of the spec will
become 3 fields:

5.3a Asserted License

5.3a.1 Purpose: This field contains the license
governing the file if it can be determined.  If no license
information can be determined, the license is denoted as
"Unknown".   The licenses should use the standard short
form names.   See Appendix I for standardized license short
forms.  If a Detected License is not one of the
standardized license short forms, this field must contain a
reference to the full licenses text included in this SPDX
file in section 4.  If more than one license is detected in
the file, then each should be listed.  If any of the
detected licenses offer the recipient a choice of licenses,
then each of the choices will be declared as a "disjunctive"
license.

5.3a.2 Intent: Here, the intent is to have a uniform
method to refer to the license that is determined to
represent the file with specificity to eliminate any license
confusion.  For example, the 3 clause BSD would have a
different license identifier then the 4 clause BSD.

5.3a.3 Cardinality:  Mandatory, one.

5.3a.4 Tag: "LicenseAsserted:"

5.3a.5 RDF: TBD  (include Disjunctive form here)

5.3a.6 Data Format: <short form identifier in
Appendix I> | "FullLicense"-N

5.3a.7 Example:
LicenseAsserted: GPL-2.0


5.3b Detected License(s)

5.3b.1 Purpose: This field contains the license
governing the file if it is known.  It will be explicit
from the file header or other information found in the
file's source code.    If no license information is found
it should be denoted as "NotSpecified".  If no license
information can be determined, the license is denoted as
"Unknown".   The licenses should use the standard short
form names.   See Appendix I for standardized license short
forms.  If a Detected License is not one of the
standardized license short forms, this field must contain a
reference to the full licenses text included in this SPDX
file in section 4.  If more than one license is detected in
the file, then each should be listed.  If any of the
detected licenses offer the recipient a choice of licenses,
then each of the choices will be declared as a "disjunctive"
license.

5.ba.2 Intent: Here, the intent is to have a uniform
method to refer to each license with specificity to
eliminate any license confusion.  For example, the 3 clause
BSD would have a different license identifier then the 4
clause BSD.

5.3b.3 Cardinality:  Mandatory, one or many.

5.3b.4 Tag: "LicenseDetected:"

5.3b.5 RDF: TBD (not including disjunctive form, if
multiple many should be specified )

5.3b.6 Data Format: <short form identifier in
Appendix I> | "FullLicense"-N

5.3b.7 Example:
LicenseDetected: GPL-2.0
LicenseDetected: FullLicense-2


5.3c License Comments

5.3c.1 Purpose: This field is a detailed description
of the analysis and any relevent background references that
went in to making the asserted license for a file, if the
asserted license does not match the detected license that
the person creating the SPDX file wants to share with the
reviewers.

5.3c.2 Intent:  Here, the intent is to provide
technical readers/reviewers with a detailed technical
explanation of how the asserted license was determined if it
does not match the detected license.

5.3c.3 Cardinality: Optional, single instance

5.3c.4 Tag: "LicenseComments:"

5.3c.5 RDF: TBD

5.3c.6 Data Format: free form text than can span
multiple lines, preceded with <text> and ending with
</text>.

5.3c.7 Example: LicenseComments: <text> The
asserted license was taken from the package level that the
file was included in.  </text>

The above is preliminary at this point, so needs some
polishing.  I've entered it in bugzilla (http://bugs.linux-foundation.org/show_bug.cgi?id=625),
so after the discussion tomorrow, feel free to subscribe,
and make improvements there.

Kate
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Join spdx@lists.spdx.org to automatically receive all group messages.