Yes, I would agree with that, Bill.
spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bill Schineller
Sent: Friday, January 14, 2011
To: Peter Williams;
Subject: Re: Seen in file license
No, I don’t think we should
limit the values in “seen in file licenses” to just those which
“exact” match the standard header set.
Because I don’t think it is reasonable to expect that SPDX will maintain
a comprehensive set of all the variants of headers/texts encountered in files
which refer to a specific license in the SPDX license list. Different
producers will ‘see’ header variants in files that the SPDX
community hasn’t yet ‘seen’ before (e.g. differing from
standard headers by insignificant punctuation, spelling), but which are clearly
referencing a specific license known to SPDX. SPDX producers should still
get to record these observations as ‘seen in file licenses’,
Different producers of spdx will inevitably disagree on the values in the list,
depending on the thoroughness of their analyses.
The CreatedBy and ReviewedBy fields in SPDX documents will let consumers of
SPDX documents know who produced them.
The consumers can consider this information when assessing their risk.
On 1/14/11 11:00 AM, "Peter Williams" <peter.williams@...> wrote:
It was clear from the call this
morning that when and spdx producer
sees a standard header in a file that license ends up in the "seen in
file licenses" list. However, for all other licenses/license headers
do we expect those to be listed? Do we want to limit the values in
"seen in file licenses" to just those that match the standard header
set? If we don't then different producers of spdx will not agree on
the values in that list.
Spdx mailing list
Knowledge Base Manager
Black Duck Software Inc.