Date   

Re: Hello world and additional licenses

Tom Incorvia
 

Soeren, welcome, and thanks for the incremental licenses -- Licenses that come up in day-to-day practice are high value for SPDX. Thanks, Tom

Tom Incorvia
tom.incorvia@...
Direct:  (512) 340-1336
Mobile: (408) 499 6850

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Soeren_Rabenstein@...
Sent: Wednesday, August 11, 2010 1:30 AM
To: spdx@...
Subject: Hello world and additional licenses

Hello spdx mailing list

I guess I am the first new subscriber, since you went public?
My name is Soeren Rabenstein, I am in ASUSTeK's legal department since early 2009 and responsible for European legal compliance as well as implementation of a FOSS license compliance program.

Thank you for creating the specification. We are very interested in bringing forward the standard, since "Software-BOMs" form a key element of our compliance program (we actually switched to the term "BOC"="Bill of Code", to avoid confusion with actual, physical BOMs) and supply chain management turned out to be the biggest challenge over here.

As a first contribution, I compared the list of specified licenses in the spdx-draft with my own approval list. As a result I would like to propose the following licenses to be added to spdx. With the exception of the last item, these are all licenses I came across during my practice. I may add them myself through the wiki, but currently I cannot see a working wiki page on this.
I am also happy to dig our more licenses that are not yet listed.


License Identifier: ClArtistic
Formal Name: Clarified Artistic License 1.0
URL: http://www.ncftp.com/ncftp/doc/LICENSE.txt

License Identifier: XFree86-1.1
Formal Name: XFree86 License 1.1
URL: http://www.xfree86.org/current/LICENSE4.html

License Identifier: Ruby
Formal Name: Ruby License
URL: http://www.ruby-lang.org/en/LICENSE.txt

License Identifier: RHeCos
Formal Name: Red Hat eCos Public License v1.1
URL: http://ecos.sourceware.org/old-license.html

License Identifier: eCos
Formal Name: The eCos license version 2.0
URL: http://www.gnu.org/licenses/ecos-license.html

License Identifier: OSSL
Formal Name: OpenSSL License
URL: ? (No direct web source known, license text therefore attached to this mail)

License Identifier: ErlPL
Formal Name: Erlang Public License Version 1.1
URL: http://www.erlang.org/EPLICENSE

License Identifier: gsoPL
Formal Name: gSOAP Public License Version 1.3b
URL: http://www.cs.fsu.edu/~engelen/license.html

License Identifier: SugPL
Formal Name: SugarCRM Public License
URL: http://www.sugarcrm.com/crm/SPL

License Identifier: YPL
Formal Name: Yahoo! Public License 1.1
URL: http://www.zimbra.com/license/yahoo_public_license_1.1.html

License Identifier: OLDAP-2.8
Formal Name: OpenLDAP Public License Version 2.8
URL: http://www.openldap.org/software/release/license.html

License Identifier: ZimPL
Formal Name: Zimbra Public License, Version 1.3
URL: http://www.zimbra.com/license/zimbra-public-license-1-3.html


...AND OF COURSE ;)

License Identifier: WTFPL
Formal Name: Do What The Fuck You Want To Public License
URL: http://sam.zoy.org/wtfpl/


Kind regards

Soeren Rabenstein

____________________________________________________________
 
ASUSTeK COMPUTER INC.
 
Soeren Rabenstein, LL.M.
Legal Affairs Center - Legal Compliance Dept.
15, Li-Te Rd., Taipei 112, Taiwan
Tel.: (+886) 2 2894 3447 Ext.2372
Fax.: (+886) 2 2890 7674
soeren_rabenstein@...
____________________________________________________________



=====================================================================================================================================
This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views or opinions expressed are solely those of the author and do not represent those of ASUSTeK. Thank you for your cooperation.
=====================================================================================================================================


This message has been scanned for viruses by MailController - www.MailController.altohiway.com


Re: Hello world and additional licenses

Kim Weins
 


I know that the Ruby license is pretty common.  I would vote to add that one.

Kim

Sent from my Verizon Wireless Phone



----- Reply message -----
From: "Philip Odence" <podence@...>
Date: Wed, Aug 11, 2010 6:33 am
Subject: Hello world and additional licenses
To: "<Soeren_Rabenstein@...>" <Soeren_Rabenstein@...>
Cc: "spdx@..." <spdx@...>

Welcome, Soeren. Glad to have you aboard.

This is certainly fair discussion. The goal has been to have the standard license list cover a large majority of cases (Kate's been talking about 90% coverage). Beyond that we have provided a mechanism for including licenses that are not on the list, the main differences being that for the latter the user will include the text of the license in the SPDX file, not just a reference to our list.

So, that fact that you have run across a license in your work would not on the face say that it meets the criteria for being included on the list. Do you think the licenses you list are fairly common and would belong on the list for that reason? Or do you think our criteria are too tight and that we should try to be more comprehensive in our coverage?

Phil


L. Philip Odence
Vice President of Business Development
Black Duck Software, inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502
podence@...<mailto:podence@...>
http://www.blackducksoftware.com
http://twitter.com/podence
http://www.linkedin.com/in/podence
http://www.networkworld.com/community/odence (my blog)

On Aug 11, 2010, at 2:30 AM, <Soeren_Rabenstein@...<mailto:Soeren_Rabenstein@...>> wrote:

Hello spdx mailing list

I guess I am the first new subscriber, since you went public?
My name is Soeren Rabenstein, I am in ASUSTeK's legal department since early 2009 and responsible for European legal compliance as well as implementation of a FOSS license compliance program.

Thank you for creating the specification. We are very interested in bringing forward the standard, since "Software-BOMs" form a key element of our compliance program (we actually switched to the term "BOC"="Bill of Code", to avoid confusion with actual, physical BOMs) and supply chain management turned out to be the biggest challenge over here.

As a first contribution, I compared the list of specified licenses in the spdx-draft with my own approval list. As a result I would like to propose the following licenses to be added to spdx. With the exception of the last item, these are all licenses I came across during my practice. I may add them myself through the wiki, but currently I cannot see a working wiki page on this.
I am also happy to dig our more licenses that are not yet listed.


License Identifier: ClArtistic
Formal Name: Clarified Artistic License 1.0
URL: http://www.ncftp.com/ncftp/doc/LICENSE.txt

License Identifier: XFree86-1.1
Formal Name: XFree86 License 1.1
URL: http://www.xfree86.org/current/LICENSE4.html

License Identifier: Ruby
Formal Name: Ruby License
URL: http://www.ruby-lang.org/en/LICENSE.txt

License Identifier: RHeCos
Formal Name: Red Hat eCos Public License v1.1
URL: http://ecos.sourceware.org/old-license.html

License Identifier: eCos
Formal Name: The eCos license version 2.0
URL: http://www.gnu.org/licenses/ecos-license.html

License Identifier: OSSL
Formal Name: OpenSSL License
URL: ? (No direct web source known, license text therefore attached to this mail)

License Identifier: ErlPL
Formal Name: Erlang Public License Version 1.1
URL: http://www.erlang.org/EPLICENSE

License Identifier: gsoPL
Formal Name: gSOAP Public License Version 1.3b
URL: http://www.cs.fsu.edu/~engelen/license.html

License Identifier: SugPL
Formal Name: SugarCRM Public License
URL: http://www.sugarcrm.com/crm/SPL

License Identifier: YPL
Formal Name: Yahoo! Public License 1.1
URL: http://www.zimbra.com/license/yahoo_public_license_1.1.html

License Identifier: OLDAP-2.8
Formal Name: OpenLDAP Public License Version 2.8
URL: http://www.openldap.org/software/release/license.html

License Identifier: ZimPL
Formal Name: Zimbra Public License, Version 1.3
URL: http://www.zimbra.com/license/zimbra-public-license-1-3.html


...AND OF COURSE ;)

License Identifier: WTFPL
Formal Name: Do What The Fuck You Want To Public License
URL: http://sam.zoy.org/wtfpl/


Kind regards

Soeren Rabenstein

____________________________________________________________

ASUSTeK COMPUTER INC.

Soeren Rabenstein, LL.M.
Legal Affairs Center - Legal Compliance Dept.
15, Li-Te Rd., Taipei 112, Taiwan
Tel.: (+886) 2 2894 3447 Ext.2372
Fax.: (+886) 2 2890 7674
soeren_rabenstein@...<mailto:soeren_rabenstein@...>
____________________________________________________________



=====================================================================================================================================
This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it
is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete
the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized
disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views
or opinions expressed are solely those of the author and do not represent those of ASUSTeK. Thank you for your cooperation.
=====================================================================================================================================
<OpenSSL-License.txt><ATT00001..c>


Re: Hello world and additional licenses

Philip Odence
 

Welcome, Soeren. Glad to have you aboard. 

This is certainly fair discussion. The goal has been to have the standard license list cover a large majority of cases (Kate's been talking about 90% coverage). Beyond that we have provided a mechanism for including licenses that are not on the list, the main differences being that for the latter the user will include the text of the license in the SPDX file, not just a reference to our list. 

So, that fact that you have run across a license in your work would not on the face say that it meets the criteria for being included on the list. Do you think the licenses you list are fairly common and would belong on the list for that reason? Or do you think our criteria are too tight and that we should try to be more comprehensive in our coverage?

Phil


L. Philip Odence
Vice President of Business Development
Black Duck Software, inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502

On Aug 11, 2010, at 2:30 AM, <Soeren_Rabenstein@...> wrote:

Hello spdx mailing list

I guess I am the first new subscriber, since you went public?
My name is Soeren Rabenstein, I am in ASUSTeK's legal department since early 2009 and responsible for European legal compliance as well as implementation of a FOSS license compliance program.

Thank you for creating the specification. We are very interested in bringing forward the standard, since "Software-BOMs" form a key element of our compliance program (we actually switched to the term "BOC"="Bill of Code", to avoid confusion with actual, physical BOMs) and supply chain management turned out to be the biggest challenge over here.

As a first contribution, I compared the list of specified licenses in the spdx-draft with my own approval list. As a result I would like to propose the following licenses to be added to spdx. With the exception of the last item, these are all licenses I came across during my practice. I may add them myself through the wiki, but currently I cannot see a working wiki page on this.
I am also happy to dig our more licenses that are not yet listed.


License Identifier: ClArtistic
Formal Name: Clarified Artistic License 1.0
URL: http://www.ncftp.com/ncftp/doc/LICENSE.txt

License Identifier: XFree86-1.1
Formal Name: XFree86 License 1.1
URL: http://www.xfree86.org/current/LICENSE4.html

License Identifier: Ruby
Formal Name: Ruby License
URL: http://www.ruby-lang.org/en/LICENSE.txt

License Identifier: RHeCos
Formal Name: Red Hat eCos Public License v1.1
URL: http://ecos.sourceware.org/old-license.html

License Identifier: eCos
Formal Name: The eCos license version 2.0
URL: http://www.gnu.org/licenses/ecos-license.html

License Identifier: OSSL
Formal Name: OpenSSL License
URL: ? (No direct web source known, license text therefore attached to this mail)

License Identifier: ErlPL
Formal Name: Erlang Public License Version 1.1
URL: http://www.erlang.org/EPLICENSE

License Identifier: gsoPL
Formal Name: gSOAP Public License Version 1.3b
URL: http://www.cs.fsu.edu/~engelen/license.html

License Identifier: SugPL
Formal Name: SugarCRM Public License
URL: http://www.sugarcrm.com/crm/SPL

License Identifier: YPL
Formal Name: Yahoo! Public License 1.1
URL: http://www.zimbra.com/license/yahoo_public_license_1.1.html

License Identifier: OLDAP-2.8
Formal Name: OpenLDAP Public License Version 2.8
URL: http://www.openldap.org/software/release/license.html

License Identifier: ZimPL
Formal Name: Zimbra Public License, Version 1.3
URL: http://www.zimbra.com/license/zimbra-public-license-1-3.html


...AND OF COURSE ;)

License Identifier: WTFPL
Formal Name: Do What The Fuck You Want To Public License
URL: http://sam.zoy.org/wtfpl/


Kind regards

Soeren Rabenstein

____________________________________________________________
 
ASUSTeK COMPUTER INC.
 
Soeren Rabenstein, LL.M.
Legal Affairs Center - Legal Compliance Dept.
15, Li-Te Rd., Taipei 112, Taiwan
Tel.: (+886) 2 2894 3447 Ext.2372
Fax.: (+886) 2 2890 7674
soeren_rabenstein@...
____________________________________________________________



=====================================================================================================================================
This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it
is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete
the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized
disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views
or opinions expressed are solely those of the author and do not represent those of ASUSTeK. Thank you for your cooperation.
=====================================================================================================================================
<OpenSSL-License.txt><ATT00001..c>


Re: Hello world and additional licenses

Ciaran Farrell
 

On Wednesday 11 August 2010 08:30:14 Soeren_Rabenstein@... wrote:

...AND OF COURSE ;)

License Identifier: WTFPL
Formal Name: Do What The Fuck You Want To Public License
URL: http://sam.zoy.org/wtfpl/
Hi,

just one point about this license - it was a problem for one of our major OEM
customers. Through bugzilla, they requested that we change the expletive to
something less problematic for them (IIRC we changed it to the Do What the
Hell You Want Public License).

It was the strangest legal patch I ever wrote :-)

Ciaran


--
Ciaran Farrell __o
cfarrell@... _`\<,_
Phone: +49 (0)911 74053 262 (_)/ (_)
SUSE Linux Products GmbH,
GF: Markus Rex, HRB 16746 (AG Nürnberg)
Maxfeldstrasse 5, 90409, Nuremberg, Germany

/ˈkiː.ræn/


Re: Hello world and additional licenses

dmg
 

On Tue, Aug 10, 2010 at 11:30 PM, <Soeren_Rabenstein@...> wrote:


...AND OF COURSE ;)

License Identifier: WTFPL
Formal Name: Do What The Fuck You Want To Public License
URL: http://sam.zoy.org/wtfpl/
I have to agree with Soeren (welcome!). A standard can't be complete
without it and the Beerware License Rev.42 (in a template form).



--
--dmg

---
Daniel M. German
http://turingmachine.org


Hello world and additional licenses

Soeren_Rabenstein@...
 

Hello spdx mailing list

I guess I am the first new subscriber, since you went public?
My name is Soeren Rabenstein, I am in ASUSTeK's legal department since early 2009 and responsible for European legal compliance as well as implementation of a FOSS license compliance program.

Thank you for creating the specification. We are very interested in bringing forward the standard, since "Software-BOMs" form a key element of our compliance program (we actually switched to the term "BOC"="Bill of Code", to avoid confusion with actual, physical BOMs) and supply chain management turned out to be the biggest challenge over here.

As a first contribution, I compared the list of specified licenses in the spdx-draft with my own approval list. As a result I would like to propose the following licenses to be added to spdx. With the exception of the last item, these are all licenses I came across during my practice. I may add them myself through the wiki, but currently I cannot see a working wiki page on this.
I am also happy to dig our more licenses that are not yet listed.


License Identifier: ClArtistic
Formal Name: Clarified Artistic License 1.0
URL: http://www.ncftp.com/ncftp/doc/LICENSE.txt

License Identifier: XFree86-1.1
Formal Name: XFree86 License 1.1
URL: http://www.xfree86.org/current/LICENSE4.html

License Identifier: Ruby
Formal Name: Ruby License
URL: http://www.ruby-lang.org/en/LICENSE.txt

License Identifier: RHeCos
Formal Name: Red Hat eCos Public License v1.1
URL: http://ecos.sourceware.org/old-license.html

License Identifier: eCos
Formal Name: The eCos license version 2.0
URL: http://www.gnu.org/licenses/ecos-license.html

License Identifier: OSSL
Formal Name: OpenSSL License
URL: ? (No direct web source known, license text therefore attached to this mail)

License Identifier: ErlPL
Formal Name: Erlang Public License Version 1.1
URL: http://www.erlang.org/EPLICENSE

License Identifier: gsoPL
Formal Name: gSOAP Public License Version 1.3b
URL: http://www.cs.fsu.edu/~engelen/license.html

License Identifier: SugPL
Formal Name: SugarCRM Public License
URL: http://www.sugarcrm.com/crm/SPL

License Identifier: YPL
Formal Name: Yahoo! Public License 1.1
URL: http://www.zimbra.com/license/yahoo_public_license_1.1.html

License Identifier: OLDAP-2.8
Formal Name: OpenLDAP Public License Version 2.8
URL: http://www.openldap.org/software/release/license.html

License Identifier: ZimPL
Formal Name: Zimbra Public License, Version 1.3
URL: http://www.zimbra.com/license/zimbra-public-license-1-3.html


...AND OF COURSE ;)

License Identifier: WTFPL
Formal Name: Do What The Fuck You Want To Public License
URL: http://sam.zoy.org/wtfpl/


Kind regards

Soeren Rabenstein

____________________________________________________________
 
ASUSTeK COMPUTER INC.
 
Soeren Rabenstein, LL.M.
Legal Affairs Center - Legal Compliance Dept.
15, Li-Te Rd., Taipei 112, Taiwan
Tel.: (+886) 2 2894 3447 Ext.2372
Fax.: (+886) 2 2890 7674
soeren_rabenstein@...
____________________________________________________________



=====================================================================================================================================
This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it
is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete
the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized
disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views
or opinions expressed are solely those of the author and do not represent those of ASUSTeK. Thank you for your cooperation.
=====================================================================================================================================


Pretty printer binaries available

Gary O'Neall
 

I uploaded the pretty printer java program to the source auditor ftp server.  It’s a secure web server, so I apologize in advance if it’s a bit inconvenient to download.

 

The ftp server is at ftp.sourceauditor.com   You need to use explicit tls/ssl over port 21.  Logon with user spdx and password spdx1

 

The file SPDXPretty.zip contains the files mentioned in the previous email (copied below).

 

Let me know if you need more information or if you have any problems.

 

Gary

 

 

From: package-facts-bounces@... [mailto:package-facts-bounces@...] On Behalf Of Gary O'Neall
Sent: Sunday, August 08, 2010 11:32 PM
To: package-facts@...
Subject: Java Pretty Printer

 

I completed an “alpha” version of a Java based pretty printer.  It’s 10MB in binary form with its dependencies.  Is there a place on the Wiki I can upload this to?  I tried to add it to a page as an attachment to a new discussion page, but the .zip filetype was not allowed.  Please advise on the best method to get this to the group.

 

Attached is a modified zlib example (see notes below on what items were changed) and an example output.

 

Below is some information and discussion points related to the pretty printer development:

 

I’m sure there are a few improvements to be made before calling this a “release”, but it  does provide some formatting and works for the zlib example.  I would appreciate any feedback once you have access to the application.

 

To run the application, make sure you have a JRE 1.6 installed (JRE version 1.5 may work, but it untested).  Unzip the files in your favorite directory.  Execute the jar file with a single text parameter of a file path for the SPDX RDF Document.

 

On windows, this would be “java –jar SPDXPretty.jar examples\zlib-1.2.5.spdxv3.rdf (assuming you copied the attached example file into the same directory as the .jar file and your cd’d to that directory).

 

I made a few changes to the zlib example to bring it up to date to the draft 20100731.  It is in the zip file in the examples directory.

 

I run into a few questions/issues as I implemented this, outlined below:

 

·         Namespace and tags – I noticed in the example we have only one namespace for SPDX and the tags used in the example did not match the tags in the specification in all cases  - e.g. License in the file is tagged FileLicense in the example.  Do we want to have separate namespaces for File, License, and Document?  If not, do we want the tags to be unique (e.g. FileLicense and PackageLicense)?   Technically, the tags don’t need to be unique, but it may aid in humans reading the RDF/XML file.

·         I changed the tags in the example to match the document in cases where they were still unique (e.g. ShortDescription -> ShortDesc)

·         License Names and Pretty Printing – I was only able to extract the URL for the license (as a resource) from the SPDX document which doesn’t lead to a very pretty license name.  Should we add a property License Name?  Should I parse the URL and only print out the tag (e.g. after the #)?

·         Example use of hasFile – In the example, the object of the hasFile predicate for the package subject all have the same URI.  I believe these should be unique since they represent different file objects.  I changed the example to make these individual and unique.

·         The disjunctive licenses are implemented but not tested.

·         There has not been much testing (Unit or otherwise)

 

I would like to make the code available as an open source project.  It is written using Jena (http://jena.sourceforge.net/) and contains a Java class which is a model basically wrapping a Jenna model of the RDF document.  It would probably be useful for many of you who are writing tools. 

 

I could post the code to SPDX, but I would rather maintain it in a repository which supports svn.  I’m thinking Google code may be a good location.  Open to suggestions.

 

As far a licenses, it’s currently under a 3 clause BSD since it’s GPL compatible and simple.  I’m open to other licenses, so let me know if you have a preference – we could even create a nice complex set of license choices ;)  Do keep in mind this is dependent on Jena which is licensed under a 3 clause BSD and contains some Apache licensed code.

 

Appreciate any comments.

 

Best regards,

 

Gary O’Neall

Source Auditor Inc.

 

 

 

 

 


Linux Foundation launches license compliance effort | ZDNet

Philip Odence
 


New SPDX mailing list created

Martin Michlmayr
 

I've created a new mailing list for SPDX which is public for everyone
and for which public archives are available. I've subscribed everyone
from the package-facts list to this new list.

The address is spdx@... Please update your mail programs
to use this list in the future. The package-facts list is now
deprecated.

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard

1581 - 1589 of 1589