1. Spdx
  2. Messages

Re: "Scope" of licenses to be covered by SPDX

Ciaran Farrell
 

On Sat, 2012-06-23 at 00:23 +0000, Jilayne Lovejoy wrote:
In so far as Phil and Michael's previous comment regarding the SPDX
License List – it is correct to say that we have endeavored to include
the most common open source licenses (not freeware, shareware, various
abominations of the above, proprietary, or what have you) as stated in
the license list description at the top of the page found
here: http://spdx.org/wiki/spdx-license-list The goal is not to try to
capture every license you might find, as that would be impossible, but
the most commonly found. There are currently 168 licenses on the SPDX
License List. We have been discussing coordinating with a few of the
community groups to add licenses they may have, that SPDX doesn't
(e.g. Gentoo, Fedora, Debian), but haven't had enough people-power to
get this task completed (yet).


When I responded earlier, I did not mention this as I could not
remember accurately if we discussed the idea of adding other
"free" (but not necessary source-code-is-provided licenses). In any
case, it's certainly something we could discuss, but I think there are
some good reasons not to expand too far (which I will raise if and
when we have that discussion, instead of rattling on unnecessarily
here) That being said, there are probably other licenses that are not
"open source" per se, but commonly found and lumped into that broader
category (the Sun/Oracle license come to mind) that perhaps should be
added.


In any case, anyone can suggest adding a license via this process:
http://spdx.org/wiki/spdx-license-list-process-requesting-new-licenses-be-added We are largely "under-staffed" and "under-paid," so I would encourage anyone who wants to see the list expanded to get involved.
To chime in on this, at openSUSE we have exactly the problem described
above - we'd like to adopt SPDX, but the license list does not provide
anywhere need the coverage that we need. What we've done in the interim
is create a spreadsheet on Google Docs where we add those licenses we
need to track with a SUSE- prefix. We'd hope to push these (or
substitutes for those) upstream to the SPDX license list.

In response to another idea on this list, I also think it makes sense to
use operators like + and - instead of basic strings for license
shortnames. It is certainly not consistent that the list contains e.g.
GPL-2.0-with-openssl-exception but not GPL-2.0+-with-openssl-exception.
Rather than coming up with n- strings for all those licenses out there,
surely using an operator would make more sense.

In summary, the SPDX format (well, for us as a linux distribution, the
SPDX shortnames) looks like it could help provide considerable
consistency, but (and this is a huge but) it is currently unusable for
linux distributions.

Ciaran
Join spdx@lists.spdx.org to automatically receive all group messages.