Re: Clarification regarding "FSF legal network" (was Re: Import and export function of SPDX)
Jilayne Lovejoy <jilayne.lovejoy@...>
Responses inline below and to this email, since Bradley hit upon several
salient issues :)
On 6/14/12 8:39 AM, "Bradley M. Kuhn" <bkuhn@...> wrote:
RUFFIN, MICHEL (MICHEL) wrote today:Would agree to the extent that, considering that what Michel is proposingI know that the discussion on this subject should be in FTFE mailingActually, I caution against being too quick to move discussion to
doesn't (yet) seem to have a directly on-point mailing list, discussing it
across multiple platforms (and multiple times, in order to finally get a
response ;) seems about right!
I feel like I need to at least suggest an alternative view for
balance-sakes, especially since, as a member, I have greatly benefited
from the discussions on that list-serve. The network is made up of mostly
lawyers and from all different kinds of organizations and, due to the
Chatham House Rule, provides a space for open conversation among members
without fear of being quoted/attributed outside the network. Given the
reluctance most lawyers have in terms of making public statements, etc,
this is a pretty valuable forum, as it provides a chance to discuss things
that just may not be ready to take public or that a lawyer cannot risk
having attributed or implied to the company he or she works for.
In so far as what Michel is suggesting here re: the license clauses, I can
imagine quite a few companies being quite resistant/hesitant about sharing
this information initially. This is where some discussion that is limited
in its exposure can be helpful to begin to break down that barrier.
Just like scanning, multiple methods of attacking the problem leads to the
best results?? (bad analogy, but seemed fitting ;)
Lurking is completely fine for whomever. More involvement means more
opportunity to shape the process, so it's up to each participant to
determine their level of participation (just reiterating something said at
the SPDX Forum, for benefit of all).
I'm not sure it's the role of SPDX to address this problem (at least
directly - the goal/mission in terms of license compliance has been more
of facilitation, than doing the job of compliance itself). In any case -
we all have limited resources/time/energy, but I do think that the various
efforts (yours, SPDX, Yocto, and so forth...) come together at the common
goal of making the use, proliferation, health, compliance with licenses...
of open source software easier for all!
But all the tools coming out of the SPDX working groups are open source!
http://spdx.org/wiki/sandbox-tools (I think there are more than this, but
I'm not the one to appropriately answer that question).
To be fair, of course the companies who have commercial scanning tools are
going to include the ability to generate SPDX files as a feature - because
their customers are asking for it. So, there's both - that can't be all