Re: Names of licenses we currently support / where should license text live?

Home Messages Hashtags Subgroups

#36

Re: Names of licenses we currently support / where should license text live?

Jeff Luszcz #36 Hi Kate et al, As we discussed on the call a few times, I think having this amazing list of license in one place is a great asset to the community and I believe will help reduce license proliferation (esp. if spdx.org, Linux foundation, OSI, etc... continue to work on anointing certain license as preferred.) One of my concerns in having the SPDX document only contain links to these reference licenses instead of the actual full text is that we have the chance of drift and incompleteness a few years down the road, especially if the list of licenses we anointed as "reference license" becomes as large as it looks like it is becoming. We see analogies to this in our day to day license analysis in these current cases: Files that say "see License.txt file for more info" and the License.txt is missing "See http://www.gnu.org/licenses/lgpl.html" in a file where this used to mean lgpl 2.1 in 2006, it now means lgpl 3.0 since the link target text was changed by the FSF "Download from my university page http://www.ccsf.edu/~someStudent" which is now gone and no longer alive "This is under a BSD license" when in fact they've added Copyleft style terms or other strange things to the actual license text. My thoughts: A SPDX doc should be completely self contained for long term validity, but can reference out to the spdx.org web site as a hook for optional data that may appear down the road Some organizations have serious confidential concerns about outside web links/dependencies in Intellectual Property reports such as SPDX By this I mean, if to render or validate the text of a license for a spdx report an organization has to hit the spdx.org website, this may cause leakage of confidential info Having a large list of references licenses is great, especially if common names can be created for them Template licenses / references are great for scanning tool verification / spec compliance etc but the SPDX doc should contain the actual text of the license in effect Regards, Jeff toggle quoted message Show quoted text -----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@... Sent: Thursday, August 26, 2010 4:30 PM To: spdx@...; dmg@... Subject: Re: Names of licenses we currently support Thanks Daniel. As the reference page for each license and its header emerge - cross checking against this is going to be useful. Hmm, am a little concerned about putting some of them into the standard set of reference licenses. ... in particular some I think should be flagged as exceptions so they get looked at. ie. BeerWareV42 ;) SameTermsAs and SeeFile are likely not licences but references to licenses. Can I assume that the mapping of names to the actual license search strings can be found in Ninka sources? In particular the BSD and MIT varients look worrisome. Any volunteers to review the details there and make some recommendations? Kate --- On Thu, 8/26/10, D M German <dmg@...> wrote: From: D M German <dmg@...> Subject: Names of licenses we currently support To: spdx@... Date: Thursday, August 26, 2010, 5:39 PM these the licenses we currently identify. Look particularly at the BSDs and MIts. Some are not licenses but their exception statements. I have the feeling that these cover around 75-86% of files in Debian/Fedora (the source code files that have a license) --dmg AGPLv3+ Apachev1.1 Apachev2 artifex ArtisticLicensev1 autoConfException BeerWareVer42 BindMITX11Var BisonException boost boostV1 BSD1 BSD2 BSD2AdvInsteadOfBinary BSD2aic700 BSD2EndorseInsteadOfBinary BSD2SoftAndDoc BSD2var1 BSD2var2 BSD3 BSD3NoWarranty BSD4 BSD4NoEndor BSDCairoStyleWarr BSDdovecotStyle BSDOnlyAdv CDDLic CDDLicV1 CDDLv1orGPLv2 Cecill ClassPathException CPLv0.5 CPLv1 dovecotSeeCopying DoWhatTheFuckYouWantv2 emacsLic EPLv1 FreeType GhostscriptGPL GPLnoVersion GPLv1 GPLv1+ GPLv1orArtistic GPLv2 GPLv2+ GPLv2orLGPLv2.1 GPLv2orv3 GPLv2orv3qtException GPLv3 GPLv3+ IBMv1 intelBSDLicense InterACPILic kerberos LesserGPLnoVersion LesserGPLv2 LesserGPLv2+ LesserGPLv2.1 LesserGPLv2.1+ LesserGPLv3 LesserGPLv3+ LGPLv2 LGPLv2+ LGPLv2_1 LGPLv2.1 LGPLv2.1+ LGPLv2_1orv3 LGPLv2MISTAKE LGPLv2+MISTAKE LGPLv2orv3 LGPLv3 LGPLv3+ LibGCJLic LibraryGPLv2 LibraryGPLv2+ LinkException LinkExceptionBison LinkExceptionGPL LinkExceptionLeGPL LinkExceptionOpenSSL MITandGPL MITCMU MITCMUvar2 MITCMUvar3 MITmodern MITold MIToldMichiganVersion MIToldwithoutSell MIToldwithoutSellandNoDocumentationRequi MIToldwithoutSellCMUVariant MITVariant MITX11BSDvar MITX11noNotice MITX11NoSellNoDocDocBSDvar MITX11simple MPL1_1andLGPLv2_1 MPLGPL2orLGPLv2_1 MPL_LGPLsee MPL-MIT-dual MPLv1_0 MPLv1_1 MX4J MX4JLicensev1 NCSA NPLv1_0 NPLv1_1 openSSL openSSLvar1 openSSLvar2 openSSLvar3 phpLicV3.01 Postfix postgresql publicDomain QtGPLv2or3 QTv1 SameAsPerl SameTermsAs SeeFile sequenceLic SimpleLic simpleLic simpleLic2 simpleLicense1 SimpleOnlyKeepCopyright SleepyCat SSLeay subversion subversion+ subversionError sunRPC SunSimpleLic svnkit svnkit+ tmate+ W3CLic WxException X11 X11CMU X11Festival X11mit zendv2 ZLIB ZLIBref -- -- Daniel M. German http://turingmachine.org/ http://silvernegative.com/ dmg (at) uvic (dot) ca replace (at) with @ and (dot) with . _______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx _______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx
More All Messages By This Member

View All 6 Messages In Topic

#36

Join spdx@lists.spdx.org to automatically receive all group messages.

Home Hashtags Subgroups Terms