Re: TR: SPDX standard: files are placed in public domain

Jilayne Lovejoy <jilayne.lovejoy@...>

In response to Michel's initial question about CC-0 (and subsequent

Here's some of the back story:
This was an issue that the legal work group spent a vast amount of time
discussing. Initially we had decided on the PddL license, but got some
pretty severe push-back for that license during LinuxCon North America and
1.0 release last August. So, it was back to the drawing board. Due to
the many meetings spent discussing this (which may be captured to varying
degrees in the meeting minutes around that time...), Mark Gisi (thanks
Mark!) posted a summary of the reason for having a license and then the
pros and cons of the various license options discussed on its own page
(see for easy
reference, transparency, and historical purposes. Once we decided on CC-0,
we reached out to various community members (including those specifically
who had expressed discomfort with PddL) to make sure the new decision was

That is a very short summary of the process. The webpage referenced above
provides a good overview, but naturally does not capture the nuances and
details of the concerns, rationale, and so forth raised during those

Michel - from, your previous email, it sounds like you've got an eye brow
raised, but are still formulating exactly what the exact concern is. (I do
think that the goal of using an open, permissive license, if one at all,
was to facilitate free exchange, which appears to be part of your
concern.) In any case, perhaps the above information will help a bit and
if you have further concerns, I might suggest either asking for an agenda
item on one of the legal calls or I can simply set up a call with some of
the key people who were involved in the above process - which ever is
more appropriate.

Consequently, I have now included this email on the SPDX Legal group list
as well, as others may be able to weigh in. The relevant bits from the
various emails are cut and pasted below (separated by a dotted line) for
reference for those who missed this on the general SPDX mailing list.

Incidentally - Kevin and Bradley both had good points in regards to the
potential legal analysis. The other piece of that puzzle concerns the
reality that E.U. law does allow database protection (of facts, that would
otherwise not be considered protectable under, U.S. law, for example). If
anyone is interested in learning more about this, there is an excellent
article here:
(but don't go learning too much about this law stuff, as you might put us
out of work ;)


Jilayne Lovejoy | Corporate Counsel
OpenLogic, Inc.

jlovejoy@... | 720 240 4545


On Fri Jun 15 09:37:17 2012, RUFFIN, MICHEL (MICHEL) wrote:
I am not very happy that data must be made in public domain. For the
following reasons:

- ALU should not be responsible of the data if we export it. And I
understand that ther e is a clause that loow us to do exception (ALU
name not exported with the data, but it should be the other way around
by default any export file should not imply any responsibility from
exporting company).

- if by mischance there are some comments which we will not want to
share with the rest of the world. It should be protected by the
licensing conditions.
Just to clarify, is it your desire to be allowed to license SPDX files
that you produce under terms of your choice? Or are you suggesting that
we change the required licensing of SPDX to include a disclaimer of
some sort?

Regarding the second bullet, can you provide examples of scenarios
where confidentiality agreements (which until now have been the
proposed solution to this problem) between you and your partners would
be insufficient?

Thanks in advance,


What I want is freedom, to exchange information between companies without
constraints. If we need constraints, we put it in the contract. It is not
to SPDX to put the constraints.

Let us time to think about consequences/consraints, ... before addressing
the issue. But the question is what was the purpose of this initially?

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France


On 6/15/12 3:05 PM, "Kevin P. Fleming" <kpfleming@...> wrote:

On 06/15/2012 03:53 PM, Peter Williams wrote:
On Fri Jun 15 14:40:49 2012, RUFFIN, MICHEL (MICHEL) wrote:
But the question is what was the purpose of this initially?
It is a excellent question. I have never understood this purpose of this
"feature" of SPDX so someone else will have to provide the answer.
I suspect that it may be at least partially based on the fact that the
SPDX file consists almost exclusively of data collected from original
sources, and copyright law (at least as I've been told, I'm no lawyer)
doesn't provide my copyright protection at all for aggregation of
otherwise available data. In essence, an SPDX file may not adequately
constitute a 'work of authorship' that warrants copyright protection,
and thus there really wouldn't be a legitimate way to control its
distribution via licensing.

This is just a mildly educated guess late on a Friday afternoon, though.
I could be 1000% off base :-)

Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming@... | SIP: kpfleming@... | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at &
Spdx mailing list

Join to automatically receive all group messages.