Date   

Thursday SPDX General Meeting Reminder

Philip Odence
 

A few upfront items:
  • At the end of Thursday's meeting Ibrahim Haddad from the Linux Foundation will brief us on the recently announced Barcode Tracker and will explain how complementary it is with SPDX.
  • We have booked a room for the afternoon of Tuesday, Aug 28 for a Face to Face at LinuxCon (San Diego). Note that it is the day before the conference commences. Please let Scott Lamons (scott.lamons@...) know if you can make it.
  • The Business Team has done some great work refining the SPDX Mission Statements. http://spdx.org/wiki/spdx-vision-mission-statements-final-draft The drive behind this has been to support the Tech Team in prioritizing features for future releases. The next step for the Business Team will be to review and update the team's charter; stay tuned as we want to make sure we're all in synch on the focus of the various teams and how we interact.

Meeting Time: June 28, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve minutes: not yet posted.

Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott

Cross Functional Issues
Website Update – Steve Cropper
FOSS Barcode Tracker Presentation- Ibrahim Haddad


FOSS term for contracts

RUFFIN MICHEL
 

"Possibly" is not a term you want to use in a contract because it means something and its contrary. For instance we had problems of defining the i) definition of FOSS-for-contracts (I put the definition at the end of the mail for convenience) on the term "but not limited to" because we wanted to included in i) some non OSI compliant open-source-like license: some SW coming in open source form but with specific constraints for instance beerware (you have to offer a beer to the copyright owner if you meet him/her). Note that beerware license might be OSI compliant it is just that nobody has made the request to OSI 8-). And we want that to be acceptable to companies in a legal framework. We cannot limit us on this i) to the 60 or 70 OSI compliant licenses.

We thought to a lot of things:

- "Downloadable software": does not work we have contract for proprietary software for which we pay and the software is downloadable however it is not entering in the FOSS-contract definition.
- "unpaid third party software": does not work. We have software part of the FOSS-contract definition which come with a paying license and OSI compliant licenses (for instance linux distribution form Linux distributors).
- "Software not coming through procurement". Same as above
- "Software without an explicit signature of a contract or license". Same as above
- "software for which we cannot negotiate conditions". That does not work with proprietary software coming for free (ii) we have sometimes negotiated special conditions.
- ...

Perhaps we should say "Free of cost Software and/or Open source-like software" and noted it F&|OSS (& is the logical "and" and "|" is the logical "or" symbols used in some programming languages and mathematic). Note that I am rather in favor of keeping the world "open source" in this name because it is the major aim for this definition even if it is broader.

Note I am happy in this discussion that we do not focus on the definition by itself. It seems that the definition is clear enough to everybody and the scope is clear.

Finally, I think that this current thread shows the need for standardizing this wording. Since 2007 that we put that clauses in our contracts, we discussed any world of these clauses with hundreds of companies each time implying lawyers, procurement, technical people in both companies, that's a huge effort but so far nobody challenged us really on the term "FOSS" 8-).

Michel

"Free and/or Open Source Software" or "FOSS" means (i) software provided to Licensor royalty-free in source code form, under a license including, but not limited to, one approved by the Open Source Initiative (OSI http://www.opensource.org/) or (ii) proprietary software provided to Licensor royalty-free in binary code form, under an end user license agreement that is accepted without a signature, or (iii) shareware provided to Licensor free of initial charge, such as on a trial basis, but where a fee may become due once the user decides to use the software beyond the trial period, or (iv) public domain software

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

-----Message d'origine-----
De : spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] De la part de Philip Odence
Envoyé : lundi 25 juin 2012 13:19
À : koohgoli@protecode.com; spdx@lists.spdx.org
Objet : Re: Spdx Digest, Vol 22, Issue 33

Good one!

On 6/22/12 4:57 PM, "Mahshad Koohgoli" <koohgoli@protecode.com> wrote:

How about
"Possibly Licensed Unpaid Software" - PLUS ?!

Then we can have FOSSPLUS :)

-----Original Message-----
From: McGlade, Debra [mailto:dmcglade@qualcomm.com]
Sent: 22-June-12 4:50 PM
To: RUFFIN, MICHEL (MICHEL); koohgoli@protecode.com; spdx@lists.spdx.org
Subject: RE: Spdx Digest, Vol 22, Issue 33

How about:

"Possibly, Might-be free Software" (PMS)

:)

-Debbie

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On
Behalf Of RUFFIN, MICHEL (MICHEL)
Sent: Friday, June 22, 2012 1:05 PM
To: koohgoli@protecode.com; spdx@lists.spdx.org
Subject: RE: Spdx Digest, Vol 22, Issue 33

None of this expression is covering proprietary software delivered free of
cost but with an EULA, except the last one but it is not very accurate

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay,
France



-----Message d'origine-----
De : spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] De
la
part de Mahshad Koohgoli Envoyé : vendredi 22 juin 2012 21:29 À :
spdx@lists.spdx.org Objet : RE: Spdx Digest, Vol 22, Issue 33

PDC- Public Domain Code?
PAS- Publicly Accessible Software
CAS- Community Accessible Software?
GAC- Generally Accessible Code?

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On
Behalf Of spdx-request@lists.spdx.org
Sent: 22-June-12 3:21 PM
To: spdx@lists.spdx.org
Subject: Spdx Digest, Vol 22, Issue 33

Send Spdx mailing list submissions to
spdx@lists.spdx.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@lists.spdx.org

You can reach the person managing the list at
spdx-owner@lists.spdx.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Spdx digest..."


Today's Topics:

1. RE: "Scope" of licenses to be covered by SPDX (Mike Milinkovich)


----------------------------------------------------------------------

Message: 1
Date: Fri, 22 Jun 2012 15:21:22 -0400
From: "Mike Milinkovich" <mike.milinkovich@eclipse.org>
To: "'RUFFIN, MICHEL \(MICHEL\)'" <michel.ruffin@alcatel-lucent.com>,
<Soeren_Rabenstein@asus.com>, <mjherzog@nexb.com>,
<spdx@lists.spdx.org>
Subject: RE: "Scope" of licenses to be covered by SPDX
Message-ID: <038e01cd50ac$35a4eb50$a0eec1f0$@eclipse.org>
Content-Type: text/plain; charset="iso-8859-1"

RMS - "Random May-be-free Stuff"?



Wait. That acronym's also taken. Darn!



<<Sorry, I just couldn't resist :) >>



More seriously: my apologies, but no good name or acronym immediately
comes
to mind.



From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 2:58 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



Ok now we have an understanding, any suggestion ?



Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay,
France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
Envoy? : vendredi 22 juin 2012 20:43
? : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@asus.com;
mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: "?Free and Open source Software? it is ?Free and/or Open source
software?; "



I understand that. Which is why I said it is the union, rather than the
intersection.



In my highly simplified view, the FSF defines what free software is, and
the
OSI defines what open source software is. If you're going to include a
bunch
of other stuff that does not meet either of those definitions, then please
(pretty please!) do not refer to your definition as FOSS or FLOSS. Find
some
other name, because that one's taken.





From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



We do not discuss or put into question the FSF and OSI definitions of FOSS
(I know them by heart, I understand the philosophy behind them and respect
them). We try to make a definition of what should be the scope of software
subject to the clause that we put in the contracts and it is broader than
open source traditional definition. So perhaps the term ?FOSS? is
chocking
you for that. But this is why we need to discuss and standardize. For me
FOSS is not ?Free and Open source Software? it is ?Free and/or Open source
software?; Now should we select another term in this context? I am totally
open minded on this. Call it NPS (non-purchased software) or whatever, but
even this wording will not fit with shareware for instance.



Michel

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay,
France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
<mailto:%5bmailto:mike.milinkovich@eclipse.org%5d>
Envoy? : vendredi 22 juin 2012 19:25
? : Soeren_Rabenstein@asus.com; RUFFIN, MICHEL (MICHEL);
mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: " Out of this topic we just discussed (in my understanding) what could
be a proper definition of ?FOSS?. "



The Free Software Foundation (FSF) and the Open Source Initiative (OSI)
are
the two organizations which, in my opinion, define what FOSS is. Any
attempt
to define FOSS which do not take into account the collective wisdom and
process that went into their respective license lists [1][2] would be a
big
mistake.



FOSS = Free and Open Source Software, which is the union of software which
meets the definition of Free Software[3] and Open Source Software[4].



I have seen attempts in the past to expand the definition of FOSS beyond
licensing to include other parameters such as open development processes
and
the like. They've all been spectacularly unsuccessful. There be dragons.



In the interest of full disclosure, in addition to by day job at the
Eclipse
Foundation, I am also a Director of the OSI.



[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd





Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@eclipse.org

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov







Out of this topic we just discussed (in my understanding) what could be a
proper definition of ?FOSS?.



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.spdx.org/pipermail/spdx/attachments/20120622/7d7b16b7/attach
me
nt.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 22, Issue 33
************************************

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


Re: Spdx Digest, Vol 22, Issue 33

Philip Odence
 

Good one!

On 6/22/12 4:57 PM, "Mahshad Koohgoli" <koohgoli@protecode.com> wrote:

How about
"Possibly Licensed Unpaid Software" - PLUS ?!

Then we can have FOSSPLUS :)

-----Original Message-----
From: McGlade, Debra [mailto:dmcglade@qualcomm.com]
Sent: 22-June-12 4:50 PM
To: RUFFIN, MICHEL (MICHEL); koohgoli@protecode.com; spdx@lists.spdx.org
Subject: RE: Spdx Digest, Vol 22, Issue 33

How about:

"Possibly, Might-be free Software" (PMS)

:)

-Debbie

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On
Behalf Of RUFFIN, MICHEL (MICHEL)
Sent: Friday, June 22, 2012 1:05 PM
To: koohgoli@protecode.com; spdx@lists.spdx.org
Subject: RE: Spdx Digest, Vol 22, Issue 33

None of this expression is covering proprietary software delivered free of
cost but with an EULA, except the last one but it is not very accurate

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay,
France



-----Message d'origine-----
De : spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] De
la
part de Mahshad Koohgoli Envoyé : vendredi 22 juin 2012 21:29 À :
spdx@lists.spdx.org Objet : RE: Spdx Digest, Vol 22, Issue 33

PDC- Public Domain Code?
PAS- Publicly Accessible Software
CAS- Community Accessible Software?
GAC- Generally Accessible Code?

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On
Behalf Of spdx-request@lists.spdx.org
Sent: 22-June-12 3:21 PM
To: spdx@lists.spdx.org
Subject: Spdx Digest, Vol 22, Issue 33

Send Spdx mailing list submissions to
spdx@lists.spdx.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@lists.spdx.org

You can reach the person managing the list at
spdx-owner@lists.spdx.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Spdx digest..."


Today's Topics:

1. RE: "Scope" of licenses to be covered by SPDX (Mike Milinkovich)


----------------------------------------------------------------------

Message: 1
Date: Fri, 22 Jun 2012 15:21:22 -0400
From: "Mike Milinkovich" <mike.milinkovich@eclipse.org>
To: "'RUFFIN, MICHEL \(MICHEL\)'" <michel.ruffin@alcatel-lucent.com>,
<Soeren_Rabenstein@asus.com>, <mjherzog@nexb.com>,
<spdx@lists.spdx.org>
Subject: RE: "Scope" of licenses to be covered by SPDX
Message-ID: <038e01cd50ac$35a4eb50$a0eec1f0$@eclipse.org>
Content-Type: text/plain; charset="iso-8859-1"

RMS - "Random May-be-free Stuff"?



Wait. That acronym's also taken. Darn!



<<Sorry, I just couldn't resist :) >>



More seriously: my apologies, but no good name or acronym immediately
comes
to mind.



From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 2:58 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



Ok now we have an understanding, any suggestion ?



Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay,
France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
Envoy? : vendredi 22 juin 2012 20:43
? : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@asus.com;
mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: "?Free and Open source Software? it is ?Free and/or Open source
software?; "



I understand that. Which is why I said it is the union, rather than the
intersection.



In my highly simplified view, the FSF defines what free software is, and
the
OSI defines what open source software is. If you're going to include a
bunch
of other stuff that does not meet either of those definitions, then please
(pretty please!) do not refer to your definition as FOSS or FLOSS. Find
some
other name, because that one's taken.





From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



We do not discuss or put into question the FSF and OSI definitions of FOSS
(I know them by heart, I understand the philosophy behind them and respect
them). We try to make a definition of what should be the scope of software
subject to the clause that we put in the contracts and it is broader than
open source traditional definition. So perhaps the term ?FOSS? is
chocking
you for that. But this is why we need to discuss and standardize. For me
FOSS is not ?Free and Open source Software? it is ?Free and/or Open source
software?; Now should we select another term in this context? I am totally
open minded on this. Call it NPS (non-purchased software) or whatever, but
even this wording will not fit with shareware for instance.



Michel

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay,
France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
<mailto:%5bmailto:mike.milinkovich@eclipse.org%5d>
Envoy? : vendredi 22 juin 2012 19:25
? : Soeren_Rabenstein@asus.com; RUFFIN, MICHEL (MICHEL);
mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: " Out of this topic we just discussed (in my understanding) what could
be a proper definition of ?FOSS?. "



The Free Software Foundation (FSF) and the Open Source Initiative (OSI)
are
the two organizations which, in my opinion, define what FOSS is. Any
attempt
to define FOSS which do not take into account the collective wisdom and
process that went into their respective license lists [1][2] would be a
big
mistake.



FOSS = Free and Open Source Software, which is the union of software which
meets the definition of Free Software[3] and Open Source Software[4].



I have seen attempts in the past to expand the definition of FOSS beyond
licensing to include other parameters such as open development processes
and
the like. They've all been spectacularly unsuccessful. There be dragons.



In the interest of full disclosure, in addition to by day job at the
Eclipse
Foundation, I am also a Director of the OSI.



[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd





Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@eclipse.org

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov







Out of this topic we just discussed (in my understanding) what could be a
proper definition of ?FOSS?.



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.spdx.org/pipermail/spdx/attachments/20120622/7d7b16b7/attach
me
nt.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 22, Issue 33
************************************

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


Re: "Scope" of licenses to be covered by SPDX

Bradley M. Kuhn <bkuhn@...>
 

Ciaran Farrell wrote at 15:45 (EDT) on Saturday:

at openSUSE .... we'd like to adopt SPDX, but the license list does
not provide anywhere need the coverage that we need.
This is interesting; I'd suspect this might be the case for other
distributions, too. Debian, for example, basically has always kept a
full text file (.../doc/copyright) to describe the exact licensing
situation of its packages.

Peter Bigot wrote on Friday:
With respect to the license list, an issue I happened to notice this
morning is that items on it appear to reflect a very flat concept of
a license when there are options, e.g. GPL-2.0-with-GCC-exception and
GPL-2.0+. The problem is that this approach limits the succinct
representation of licenses. For example, if a package (e.g., libgcc)
is GPL 2.0 or later version with runtime exception, there is no
GPL-2.0+-with-GCC-exception
Indeed. I don't even *know* of any package in the world that's licensed
under "GPLv2-only along with any given 'GCC exception'". There is
actually *no such thing* as a single "GPL-2.0-with-GCC-exception". The
GPLv2'd versions of GCC actually have a patchwork of *different*
exceptions that are all worded slightly differently and appear
throughout various directories in the sources. When I helped lead the
process of drafting the GPLv3 RTL exception, one of our primary goals
was to encompass and rectify the differences in the various GPLv2
exceptions for GCC.

Meanwhile, one of my proposals during the GPLv3 RTL exception drafting
process -- which FSF now does -- is that all exceptions should be
versioned. SPDX's license list doesn't account for this at all. SPDX
will have to completely rework its monikers and details when new
versions of exceptions are released [0].

Meanwhile, I note the obvious additional issue that Peter hinted at but
didn't raise explicitly: I'm not aware of any program in the world
that's GPLv3-only plus the GCC RTL exception 3.1. GCC itself is
currently under "GPLv3-or-later with the GCC Runtime Library Exception
3.1". But even *that* isn't fully accurate as a generalization, because
*parts* of GCC are under that license I just stated, but the majority of
the code is straight GPLv3-or-later.

Having not looked closely at the SPDX license list before, a first
analysis shows that it's completely inadequate for representing even the
most common licensing situations on some of the most widely used of
programs. Indeed, it seems as SPDX's license list stands now, I
basically couldn't represent the license of *any* version of GCC except
versions from the very early 1990s, and even for those, I'd need to add
a license exception or two.

(Note, BTW -- and I bet this issue will be of particular interest to the
Free Software licensing historians among us -- that the proto-GPL
license such as the Emacs Public License, the GCC Public License, and
the Nethack Public License aren't on SPDX's license list at all. To the
extent that anyone wants to use SPDX's license list as a tool to
represent historical versions of software, that's completely impossible,
too. Notwithstanding that the Nethack Public License is actually still
in active use AFAIK.)


[0] Also, note there is, in fact, an RTL exception v3.0, although,
I suspect it's not used by any package. It was only the default
version "in the wild" for about 6 weeks, which is of course longer
than GFDL 1.0's 4 day lifespan as the current version. (Those of you
who, like me, were doing Free Software licensing work back in 2000
will remember that widespread confusion in early March 2000; I'm
still apologizing for my role in that and various confusions about
the GFDL. :)
--
-- bkuhn


Re: FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")

Ibrahim Haddad <ibrahim@...>
 

Hi Everyone,

I just got back from europe. Please give me a couple days to catch up on my email and I will reply early next week.

Ibrahim


On Wed, Jun 20, 2012 at 8:55 AM, Philip Odence <podence@...> wrote:
Michel,
Your idea about standard FOSS clauses might fit into the charter of the
Linux Foundation Open Compliance Program.
http://www.linuxfoundation.org/programs/legal/compliance  (To head off the
question, the program is for open source compliance in general, not
limited to Linux.)
I am cc'ing Ibrahim who coordinates that for the LF with hopes that he
will weigh in. (I believe, he's out of the office this week, so he may not
respond immediately.)
Phil

On 6/18/12 9:30 AM, "RUFFIN, MICHEL (MICHEL)"
<michel.ruffin@...> wrote:

>Thank you very much for your quick answer and suggestions.
>
>My goal is not only to standardize the legal text of our FOSS clauses. It
>is also to
>1) raise awareness about being able to provide the list of FOSS in a
>proprietary product or in a big FOSS distribution (Linux, Open BSD,
>Eclipse, Swing, ...)
>2) Big companies are reluctant to provide you a FOSS list. They are more
>or less in compliance but some of them provide you a URL on their web
>site on which you find the list of their products and for each of them a
>several megabyte ASCII File with the list of all licenses of FOSS on
>their products. That's not usable at all. If one of their customer want
>to resale their product in one of its products it has to read everything
>and identify every action to comply "Ha yes this is apache1.1 so I have
>to put some acknowledgement in my documentation!".
>3) Liability clause/money damage. Big companies are not always accepting
>it. I have been told by some of their lawyers: how can we guarantee that
>we are not doing mistakes this is a too complex world. If you take a
>Linux distribution with 6000 package and you look at packages, you can
>find hundreds of various licenses in one package. Small companies accept
>more easily these conditions, but they have not too much money. How do
>you value the fact that you have to stop to distribute your product or
>the potential issue to have to disclose your source code while it was not
>planned and it is not your fault.
>4) .... a lot of other issues
>
>I would challenge the SPDX members to take a Linux standard distribution
>and to provide me the SPDX file at file level (not at package level). Yes
>open source is great but it is also really a Bazard 8-) and with maven
>and cloud computing it will become worse.
>
>So the effort is tremendous and cannot be done by one company, it should
>be shared. And it is time to start.
>
>So I will study the short terms options you propose. But for the long
>term, I would to start to create a new mailing list of people who are
>intereted in discussing FOSS governance standardization issues (to start:
>FOSS clause in contracts, having a common Database under a king of
>Wikipedia contribution system describing FOSS IP, having public tutorial
>on FOSS issues, and perhaps things like lobbying to reduce the number of
>FOSS licenses, ...); Martin, can we use the FOSS Bazaar infrastructure to
>create the mailing list?
>
>Michel.Ruffin@..., PhD
>Software Coordination Manager, Bell Labs, Corporate CTO Dpt
>Distinguished Member of Technical Staff
>Tel +33 (0) 6 75 25 21 94
>Alcatel-Lucent International, Centre de Villarceaux
>Route De Villejust, 91620 Nozay, France
>
>
>-----Message d'origine-----
>De : Bradley M. Kuhn [mailto:bkuhn@...]
>Envoyé : vendredi 15 juin 2012 19:49
>À : RUFFIN, MICHEL (MICHEL)
>Cc : spdx@...
>Objet : FOSS clauses for contracts & fora for discussing it (was Re:
>Clarification regarding "FSF legal network")
>
>Michel,
>
>I went back and read your previous posts from February on this topic,
>(as I mentioned earlier in this thread, I don't follow SPDX closely.  I
>mostly joined this thread (Kibo-like) when the term "FSF" came up).
>
>However, having gotten fully caught up on your posts, I think your idea
>is a useful one.  In my work doing GPL compliance, I have often had
>situations where a downstream company has violated and they never
>actually had clear clauses in their contract with upstream about what
>would happen if a FLOSS license was violated.  This has caused mass
>confusion and made it more difficult to get the company into compliance.
>
>In a few cases, there *were* clearly developed clauses like the ones you
>mention, and it did indeed facilitate more easy work getting to compliance
>on the product.
>
>So, I'm thus supportive of your effort to
>promulgate these standardized clauses regarding use of FLOSS in
>upstream/downstream contracts.  Meanwhile, I wish I had a better
>suggestion for you of where to talk about the idea....
>
>RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
>>what is your suggestion for me to try to standardize these FOSS
>>clauses. What organization? I have tried SPDX, I have been advised to
>>go to FSFE legal network.
>
>... as others have suggested, FOSS Bazaar might be a good place.
>
>> I have join the FSFE legal network and I tried to get a reaction
>>without success except "that's interesting"
>
>It sounds like in addition to my objections to ftf-legal, that there
>were other issues: your description seems to indicate ftf-legal wasn't
>that interested in this giving useful feedback and collaboration on the
>issue!
>
>> Any suggestion of organization that would have a look?
>
>There was once a forum called "open-bar", which is at:
>https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
>The mailing lists disappeared a while back.  The last email from I have
>in my archives for <discuss-general@...> was Tuesday 18 Mar
>2008.
>
>Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
>coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
>we had some very brief discussions about creating a forum for discussion
>that was open and available to all about these issues (like open bar
>was).  However, it's unclear if, as a community, we're at a "build it
>and they would come" moment, so none of us from the FOSDEM 2012 track
>have put effort in.
>
>Thus, at the moment, I think FOSS Bazaar is probably the best place to
>host this sort of discussion venue, so I think if you want an immediate
>discussion about your specific topic, that's probably the place to
>start.
>
>Also, as a medium-term suggestion, I strongly recommend you propose a
>talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
>(sadly, North America CFP just closed), or (c) at the 2013 Linux
>Collaboration Summit Legal Track (which Richard Fontana & I will
>co-chair) about the topic.  Speaking about the topic at conferences is a
>great way to get interest and feedback.
>
>Long term, as a community, it'd be good to solve this general issue: the
>fora that exist for Legal, Licensing and Policy issues in Free Software
>are scattered across many different places, and some of the primary ones
>are closed clubs.  I've been witnessing the problem for years and I
>don't have a good solution to propose to solve it.
>--
>   -- bkuhn
>_______________________________________________
>Spdx mailing list
>Spdx@...
>https://lists.spdx.org/mailman/listinfo/spdx




--
Ibrahim Haddad, Ph.D.
The Linux Foundation 
Cell:  +1 (408) 893-1122



Re: "Scope" of licenses to be covered by SPDX

Ciaran Farrell
 

On Sat, 2012-06-23 at 00:23 +0000, Jilayne Lovejoy wrote:
In so far as Phil and Michael's previous comment regarding the SPDX
License List – it is correct to say that we have endeavored to include
the most common open source licenses (not freeware, shareware, various
abominations of the above, proprietary, or what have you) as stated in
the license list description at the top of the page found
here: http://spdx.org/wiki/spdx-license-list The goal is not to try to
capture every license you might find, as that would be impossible, but
the most commonly found. There are currently 168 licenses on the SPDX
License List. We have been discussing coordinating with a few of the
community groups to add licenses they may have, that SPDX doesn't
(e.g. Gentoo, Fedora, Debian), but haven't had enough people-power to
get this task completed (yet).


When I responded earlier, I did not mention this as I could not
remember accurately if we discussed the idea of adding other
"free" (but not necessary source-code-is-provided licenses). In any
case, it's certainly something we could discuss, but I think there are
some good reasons not to expand too far (which I will raise if and
when we have that discussion, instead of rattling on unnecessarily
here) That being said, there are probably other licenses that are not
"open source" per se, but commonly found and lumped into that broader
category (the Sun/Oracle license come to mind) that perhaps should be
added.


In any case, anyone can suggest adding a license via this process:
http://spdx.org/wiki/spdx-license-list-process-requesting-new-licenses-be-added We are largely "under-staffed" and "under-paid," so I would encourage anyone who wants to see the list expanded to get involved.
To chime in on this, at openSUSE we have exactly the problem described
above - we'd like to adopt SPDX, but the license list does not provide
anywhere need the coverage that we need. What we've done in the interim
is create a spreadsheet on Google Docs where we add those licenses we
need to track with a SUSE- prefix. We'd hope to push these (or
substitutes for those) upstream to the SPDX license list.

In response to another idea on this list, I also think it makes sense to
use operators like + and - instead of basic strings for license
shortnames. It is certainly not consistent that the list contains e.g.
GPL-2.0-with-openssl-exception but not GPL-2.0+-with-openssl-exception.
Rather than coming up with n- strings for all those licenses out there,
surely using an operator would make more sense.

In summary, the SPDX format (well, for us as a linux distribution, the
SPDX shortnames) looks like it could help provide considerable
consistency, but (and this is a huge but) it is currently unusable for
linux distributions.

Ciaran


Re: Clarification regarding "FSF legal network"

Bradley M. Kuhn <bkuhn@...>
 

Jilayne Lovejoy wrote at 20:01 (EDT) on Thursday:
Would agree to the extent that, considering that what Michel is
proposing doesn't (yet) seem to have a directly on-point mailing list,
discussing it across multiple platforms (and multiple times, in order
to finally get a response ;) seems about right!
I agree that trying everywhere makes sense for what Michel is trying to
do, since, as others have pointed out, there's no clear venue for the
discussion at the moment.

On 6/14/12 8:39 AM, "Bradley M. Kuhn" <bkuhn@ebb.org> wrote:
ftf-legal is an invite-only mailing list, and thus it's probably not a
good choice for discussion of topics where the Free Software community
can help, since most of the Free Software community can't access
ftf-legal. The list organizers said publicly at LinuxCon Europe 2011
that the criteria for subscription to ftf-legal are secret, so no one
outside of existing list members actually know what they need to do to
qualify for participation. After my three-year-long Kafkaesque
experience of attempting to subscribe to ftf-legal, I eventually just
gave up.
I feel like I need to at least suggest an alternative view for
balance-sakes, especially since, as a member, I have greatly benefited
from the discussions on that list-serve.
I think you're responding to a point I didn't raise. I didn't
claim ftf-legal isn't useful -- indeed, I've applied and been denied
membership in ftf-legal many times myself. I wouldn't have done so if I
didn't think there were likely useful discussions going on there.

due to the Chatham House Rule,
I don't object to ftf-legal's use of CHR per se, but I'm still confused
about how the CHR applies to a meeting that never ends, since CHR is
designed for timeboxed meetings. Does ftf-legal has some tutorial on
their odd application of CHR?

Anyway, the issue I was raising was not about the traffic on ftf-legal
itself, but the meta-issue of how the list membership is constructed. It is a
self-selected group that arbitrarily refuses applicants based on secret
criteria. Your response didn't seem to address that problem.

The network is made up of mostly lawyers
I have confirmation there are many, many non-lawyers on the list. I
don't know the percentage numbers, obviously, since the data I have is
from self-disclosure.

(a) SPDX currently has no plans nor mechanism to address the key and
most common FLOSS license compliance problem -- namely, inadequate
and/or missing "scripts to control compilation and installation of
the executable" for GPL'd and/or LGPL'd software.
I'm not sure it's the role of SPDX to address this problem
Indeed, I'm sure you're right on that point. However, that also means
that SPDX is focused on addressing minor problems and ignoring the
largest and most common FLOSS license compliance problem in the world in
favor of minor ones. That's the center of my criticism (a) above.

(b) I strongly object to the fact that most of the software being
written by SPDX committee participants utilizing the SPDX format is
proprietary software.
But all the tools coming out of the SPDX working groups are open
source! http://spdx.org/wiki/sandbox-tools (I think there are more
than this, but I'm not the one to appropriately answer that question).
These don't appear to me, based on the URL given above, to be flourishing
Free Software projects. The git log seems a bit sparse, and there's not a
lot of "there there". It seems three contributors are occasionally committing
stuff. I'm glad they're doing this work, but it doesn't seem they're getting
lots of support and contributions from most of the companies benefiting
from SPDX, are they?

Is your argument here that these tools are the more advanced, usable and
feature-ful than the proprietary tools available that utilize SPDX? What
it looks to me upon first analysis is that the Free Software tools are limping
along without adequate funding, while the proprietary solutions flourish.
Am I wrong about that?

BTW, I know developers who'd be ready to help work on Free Software
SPDX tools, but funding is a serious problem. If folks have thoughts about
that, please do contact me off list.

To be fair, of course the companies who have commercial scanning tools
are going to include the ability to generate SPDX files as a feature -
because their customers are asking for it.
I'm completely amazed to learn that customers *want* proprietary
software. I've never seen someone say: "Please, don't give me the
source code or the right to modify it for the software you're selling
me." Do your customers actually say: "I really hope you'll take my
software freedom away when you sell me your products!"?

I don't sell proprietary software licenses for a living like many people
on this list do, so I admit I have no first-hand experience in this
area. But I'm nevertheless surprised that customers are *asking* to
have software that doesn't give them software freedom. I'd bet it's
more like they're helplessly begging their vendor to add features
because they're locked-in in the usual proprietary way that the software
freedom movement fights against.


Anyway, what I think is happening in the SPDX project is that SPDX is
primarily used as a marketing tool to sell proprietary software
"compliance" solutions that won't solve the primary compliance problems
of our day. Indeed, most of the SPDX process is being driven by
companies that produce proprietary software, of the type I described in
(b) above.

Even if I were to get involved to attempt to fight this proprietary
marketing push from within SPDX, these well-funded organizations bent on
building more proprietary software and taking away software freedom from
their users would overpower any advocacy or work that I did in SPDX
against that idea. This is why I stopped participating in SPDX -- I realized
there was nothing I could do to make SPDX good for software freedom.
--
-- bkuhn


Re: "Scope" of licenses to be covered by SPDX

Jilayne Lovejoy <jilayne.lovejoy@...>
 

In so far as Phil and Michael's previous comment regarding the SPDX License List – it is correct to say that we have endeavored to include the most common open source licenses (not freeware, shareware, various abominations of the above, proprietary, or what have you) as stated in the license list description at the top of the page found here: http://spdx.org/wiki/spdx-license-list The goal is not to try to capture every license you might find, as that would be impossible, but the most commonly found.  There are currently 168 licenses on the SPDX License List.  We have been discussing coordinating with a few of the community groups to add licenses they may have, that SPDX doesn't (e.g. Gentoo, Fedora, Debian), but haven't had enough people-power to get this task completed (yet).  

When I responded earlier, I did not mention this as I could not remember accurately if we discussed the idea of adding other "free" (but not necessary source-code-is-provided licenses).   In any case, it's certainly something we could discuss, but I think there are some good reasons not to expand too far (which I will raise if and when we have that discussion, instead of rattling on unnecessarily here)  That being said, there are probably other licenses that are not "open source" per se, but commonly found and lumped into that broader category (the Sun/Oracle license come to mind) that perhaps should be added.  

In any case, anyone can suggest adding a license via this process:  http://spdx.org/wiki/spdx-license-list-process-requesting-new-licenses-be-added  We are largely "under-staffed" and "under-paid," so I would encourage anyone who wants to see the list expanded to get involved.

In regards to Michel's definition of "FOSS" for the purposes of contract negotiations and standardizing clauses – I don't have so much a problem with this name, per se.  I understand the reaction; "FOSS" has ideological underpinnings and is not thought of to include the second and third categories, so this is a bit uncomfortable.  But, I guess when looking at it through my attorney glasses, which is the lens for which these clauses are intended, I can compartmentalize and apply the definition as however it is presented for that particular contract.  That is, after all, how contract definitions work.  I have certainly seen contract terms and definitions come across my desk, where I've thought, "well, that's not what I would have called that," but so long as I understand what that word means in the context of that agreement, it really doesn't matter if it's called "Supercalifragilisticexpialidocious."  Just my two cents.

Jilayne

Jilayne Lovejoy |  Corporate Counsel
OpenLogic, Inc.
jlovejoy@...   720 240 4545

From: <RUFFIN>, "MICHEL (MICHEL)" <michel.ruffin@...>
Date: Friday, June 22, 2012 12:57 PM
To: "mike.milinkovich@..." <mike.milinkovich@...>, Soeren Rabenstein <Soeren_Rabenstein@...>, "mjherzog@..." <mjherzog@...>, SPDX-general <spdx@...>
Subject: RE: "Scope" of licenses to be covered by SPDX

Ok now we have an understanding, any suggestion ?

 

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France


De : Mike Milinkovich [mailto:mike.milinkovich@...]
Envoyé : vendredi 22 juin 2012 20:43
À : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@...; mjherzog@...; spdx@...
Objet : RE: "Scope" of licenses to be covered by SPDX

 

Re: "“Free and Open source Software” it is “Free and/or Open source software”; "

 

I understand that. Which is why I said it is the union, rather than the intersection.

 

In my highly simplified view, the FSF defines what free software is, and the OSI defines what open source software is. If you're going to include a bunch of other stuff that does not meet either of those definitions, then please (pretty please!) do not refer to your definition as FOSS or FLOSS. Find some other name, because that one's taken.

 

 

From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@...]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@...; Soeren_Rabenstein@...; mjherzog@...; spdx@...
Subject: RE: "Scope" of licenses to be covered by SPDX

 

We do not discuss or put into question the FSF and OSI definitions of FOSS (I know them by heart, I understand the philosophy behind them and respect them). We try to make a definition of what should be the scope of software subject to the clause that we put in the contracts and it is broader than  open source traditional definition.  So perhaps the term “FOSS” is chocking you for that. But this is why we need to discuss and standardize. For me FOSS is not “Free and Open source Software” it is “Free and/or Open source software”; Now should we select another term in this context? I am totally open minded on this. Call it NPS (non-purchased software) or whatever, but even this wording will not fit with shareware for instance.

 

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France


De : Mike Milinkovich [mailto:mike.milinkovich@...]
Envoyé : vendredi 22 juin 2012 19:25
À : Soeren_Rabenstein@...; RUFFIN, MICHEL (MICHEL); mjherzog@...; spdx@...
Objet : RE: "Scope" of licenses to be covered by SPDX

 

Re: " Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”."

 

The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are the two organizations which, in my opinion, define what FOSS is. Any attempt to define FOSS which do not take into account the collective wisdom and process that went into their respective license lists [1][2] would be a big mistake.

 

FOSS = Free and Open Source Software, which is the union of software which meets the definition of Free Software[3] and Open Source Software[4].

 

I have seen attempts in the past to expand the definition of FOSS beyond licensing to include other parameters such as open development processes and the like. They've all been spectacularly unsuccessful. There be dragons.

 

In the interest of full disclosure, in addition to by day job at the Eclipse Foundation, I am also a Director of the OSI.

 

[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd

 

 

Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@...

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov

 

 

 

Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”.

 


Re: Import and export function of SPDX

Jilayne Lovejoy <jilayne.lovejoy@...>
 


What is important is to stabilize this taxonomy because we cannot change every year the content of our FOSS database, our internal FOSs governance process documents (around 80 pages), our internal tutorials (170 slides), our requests to suppliers, an update of the knowledge of our FOSs experts, etc.

 

I could not agree more.  Rest assured, this has been discussed and there was very vociferous and unanimous agreement that the short identifiers should not change once created.  So far, I believe we have stuck to that goal.  

Jilayne


Re: Spdx Digest, Vol 22, Issue 33

Mahshad Koohgoli
 

How about
"Possibly Licensed Unpaid Software" - PLUS ?!

Then we can have FOSSPLUS :)

-----Original Message-----
From: McGlade, Debra [mailto:dmcglade@qualcomm.com]
Sent: 22-June-12 4:50 PM
To: RUFFIN, MICHEL (MICHEL); koohgoli@protecode.com; spdx@lists.spdx.org
Subject: RE: Spdx Digest, Vol 22, Issue 33

How about:

"Possibly, Might-be free Software" (PMS)

:)

-Debbie

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On
Behalf Of RUFFIN, MICHEL (MICHEL)
Sent: Friday, June 22, 2012 1:05 PM
To: koohgoli@protecode.com; spdx@lists.spdx.org
Subject: RE: Spdx Digest, Vol 22, Issue 33

None of this expression is covering proprietary software delivered free of
cost but with an EULA, except the last one but it is not very accurate

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France



-----Message d'origine-----
De : spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] De la
part de Mahshad Koohgoli Envoyé : vendredi 22 juin 2012 21:29 À :
spdx@lists.spdx.org Objet : RE: Spdx Digest, Vol 22, Issue 33

PDC- Public Domain Code?
PAS- Publicly Accessible Software
CAS- Community Accessible Software?
GAC- Generally Accessible Code?

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On
Behalf Of spdx-request@lists.spdx.org
Sent: 22-June-12 3:21 PM
To: spdx@lists.spdx.org
Subject: Spdx Digest, Vol 22, Issue 33

Send Spdx mailing list submissions to
spdx@lists.spdx.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@lists.spdx.org

You can reach the person managing the list at
spdx-owner@lists.spdx.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Spdx digest..."


Today's Topics:

1. RE: "Scope" of licenses to be covered by SPDX (Mike Milinkovich)


----------------------------------------------------------------------

Message: 1
Date: Fri, 22 Jun 2012 15:21:22 -0400
From: "Mike Milinkovich" <mike.milinkovich@eclipse.org>
To: "'RUFFIN, MICHEL \(MICHEL\)'" <michel.ruffin@alcatel-lucent.com>,
<Soeren_Rabenstein@asus.com>, <mjherzog@nexb.com>,
<spdx@lists.spdx.org>
Subject: RE: "Scope" of licenses to be covered by SPDX
Message-ID: <038e01cd50ac$35a4eb50$a0eec1f0$@eclipse.org>
Content-Type: text/plain; charset="iso-8859-1"

RMS - "Random May-be-free Stuff"?



Wait. That acronym's also taken. Darn!



<<Sorry, I just couldn't resist :) >>



More seriously: my apologies, but no good name or acronym immediately comes
to mind.



From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 2:58 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



Ok now we have an understanding, any suggestion ?



Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
Envoy? : vendredi 22 juin 2012 20:43
? : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@asus.com; mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: "?Free and Open source Software? it is ?Free and/or Open source
software?; "



I understand that. Which is why I said it is the union, rather than the
intersection.



In my highly simplified view, the FSF defines what free software is, and the
OSI defines what open source software is. If you're going to include a bunch
of other stuff that does not meet either of those definitions, then please
(pretty please!) do not refer to your definition as FOSS or FLOSS. Find some
other name, because that one's taken.





From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



We do not discuss or put into question the FSF and OSI definitions of FOSS
(I know them by heart, I understand the philosophy behind them and respect
them). We try to make a definition of what should be the scope of software
subject to the clause that we put in the contracts and it is broader than
open source traditional definition. So perhaps the term ?FOSS? is chocking
you for that. But this is why we need to discuss and standardize. For me
FOSS is not ?Free and Open source Software? it is ?Free and/or Open source
software?; Now should we select another term in this context? I am totally
open minded on this. Call it NPS (non-purchased software) or whatever, but
even this wording will not fit with shareware for instance.



Michel

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
<mailto:%5bmailto:mike.milinkovich@eclipse.org%5d>
Envoy? : vendredi 22 juin 2012 19:25
? : Soeren_Rabenstein@asus.com; RUFFIN, MICHEL (MICHEL); mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: " Out of this topic we just discussed (in my understanding) what could
be a proper definition of ?FOSS?. "



The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are
the two organizations which, in my opinion, define what FOSS is. Any attempt
to define FOSS which do not take into account the collective wisdom and
process that went into their respective license lists [1][2] would be a big
mistake.



FOSS = Free and Open Source Software, which is the union of software which
meets the definition of Free Software[3] and Open Source Software[4].



I have seen attempts in the past to expand the definition of FOSS beyond
licensing to include other parameters such as open development processes and
the like. They've all been spectacularly unsuccessful. There be dragons.



In the interest of full disclosure, in addition to by day job at the Eclipse
Foundation, I am also a Director of the OSI.



[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd





Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@eclipse.org

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov







Out of this topic we just discussed (in my understanding) what could be a
proper definition of ?FOSS?.



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.spdx.org/pipermail/spdx/attachments/20120622/7d7b16b7/attachme
nt.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 22, Issue 33
************************************

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


Re: Spdx Digest, Vol 22, Issue 33

McGlade, Debra
 

How about:

"Possibly, Might-be free Software" (PMS)

:)

-Debbie

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On Behalf Of RUFFIN, MICHEL (MICHEL)
Sent: Friday, June 22, 2012 1:05 PM
To: koohgoli@protecode.com; spdx@lists.spdx.org
Subject: RE: Spdx Digest, Vol 22, Issue 33

None of this expression is covering proprietary software delivered free of cost but with an EULA, except the last one but it is not very accurate

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France


-----Message d'origine-----
De : spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] De la part de Mahshad Koohgoli
Envoyé : vendredi 22 juin 2012 21:29
À : spdx@lists.spdx.org
Objet : RE: Spdx Digest, Vol 22, Issue 33

PDC- Public Domain Code?
PAS- Publicly Accessible Software
CAS- Community Accessible Software?
GAC- Generally Accessible Code?

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On
Behalf Of spdx-request@lists.spdx.org
Sent: 22-June-12 3:21 PM
To: spdx@lists.spdx.org
Subject: Spdx Digest, Vol 22, Issue 33

Send Spdx mailing list submissions to
spdx@lists.spdx.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@lists.spdx.org

You can reach the person managing the list at
spdx-owner@lists.spdx.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Spdx digest..."


Today's Topics:

1. RE: "Scope" of licenses to be covered by SPDX (Mike Milinkovich)


----------------------------------------------------------------------

Message: 1
Date: Fri, 22 Jun 2012 15:21:22 -0400
From: "Mike Milinkovich" <mike.milinkovich@eclipse.org>
To: "'RUFFIN, MICHEL \(MICHEL\)'" <michel.ruffin@alcatel-lucent.com>,
<Soeren_Rabenstein@asus.com>, <mjherzog@nexb.com>,
<spdx@lists.spdx.org>
Subject: RE: "Scope" of licenses to be covered by SPDX
Message-ID: <038e01cd50ac$35a4eb50$a0eec1f0$@eclipse.org>
Content-Type: text/plain; charset="iso-8859-1"

RMS - "Random May-be-free Stuff"?



Wait. That acronym's also taken. Darn!



<<Sorry, I just couldn't resist :) >>



More seriously: my apologies, but no good name or acronym immediately comes
to mind.



From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 2:58 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



Ok now we have an understanding, any suggestion ?



Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
Envoy? : vendredi 22 juin 2012 20:43
? : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@asus.com; mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: "?Free and Open source Software? it is ?Free and/or Open source
software?; "



I understand that. Which is why I said it is the union, rather than the
intersection.



In my highly simplified view, the FSF defines what free software is, and the
OSI defines what open source software is. If you're going to include a bunch
of other stuff that does not meet either of those definitions, then please
(pretty please!) do not refer to your definition as FOSS or FLOSS. Find some
other name, because that one's taken.





From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



We do not discuss or put into question the FSF and OSI definitions of FOSS
(I know them by heart, I understand the philosophy behind them and respect
them). We try to make a definition of what should be the scope of software
subject to the clause that we put in the contracts and it is broader than
open source traditional definition. So perhaps the term ?FOSS? is chocking
you for that. But this is why we need to discuss and standardize. For me
FOSS is not ?Free and Open source Software? it is ?Free and/or Open source
software?; Now should we select another term in this context? I am totally
open minded on this. Call it NPS (non-purchased software) or whatever, but
even this wording will not fit with shareware for instance.



Michel

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
<mailto:%5bmailto:mike.milinkovich@eclipse.org%5d>
Envoy? : vendredi 22 juin 2012 19:25
? : Soeren_Rabenstein@asus.com; RUFFIN, MICHEL (MICHEL); mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: " Out of this topic we just discussed (in my understanding) what could
be a proper definition of ?FOSS?. "



The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are
the two organizations which, in my opinion, define what FOSS is. Any attempt
to define FOSS which do not take into account the collective wisdom and
process that went into their respective license lists [1][2] would be a big
mistake.



FOSS = Free and Open Source Software, which is the union of software which
meets the definition of Free Software[3] and Open Source Software[4].



I have seen attempts in the past to expand the definition of FOSS beyond
licensing to include other parameters such as open development processes and
the like. They've all been spectacularly unsuccessful. There be dragons.



In the interest of full disclosure, in addition to by day job at the Eclipse
Foundation, I am also a Director of the OSI.



[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd





Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@eclipse.org

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov







Out of this topic we just discussed (in my understanding) what could be a
proper definition of ?FOSS?.



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.spdx.org/pipermail/spdx/attachments/20120622/7d7b16b7/attachme
nt.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 22, Issue 33
************************************

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


Re: Spdx Digest, Vol 22, Issue 33

RUFFIN MICHEL
 

None of this expression is covering proprietary software delivered free of cost but with an EULA, except the last one but it is not very accurate

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

-----Message d'origine-----
De : spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] De la part de Mahshad Koohgoli
Envoyé : vendredi 22 juin 2012 21:29
À : spdx@lists.spdx.org
Objet : RE: Spdx Digest, Vol 22, Issue 33

PDC- Public Domain Code?
PAS- Publicly Accessible Software
CAS- Community Accessible Software?
GAC- Generally Accessible Code?

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On
Behalf Of spdx-request@lists.spdx.org
Sent: 22-June-12 3:21 PM
To: spdx@lists.spdx.org
Subject: Spdx Digest, Vol 22, Issue 33

Send Spdx mailing list submissions to
spdx@lists.spdx.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@lists.spdx.org

You can reach the person managing the list at
spdx-owner@lists.spdx.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Spdx digest..."


Today's Topics:

1. RE: "Scope" of licenses to be covered by SPDX (Mike Milinkovich)


----------------------------------------------------------------------

Message: 1
Date: Fri, 22 Jun 2012 15:21:22 -0400
From: "Mike Milinkovich" <mike.milinkovich@eclipse.org>
To: "'RUFFIN, MICHEL \(MICHEL\)'" <michel.ruffin@alcatel-lucent.com>,
<Soeren_Rabenstein@asus.com>, <mjherzog@nexb.com>,
<spdx@lists.spdx.org>
Subject: RE: "Scope" of licenses to be covered by SPDX
Message-ID: <038e01cd50ac$35a4eb50$a0eec1f0$@eclipse.org>
Content-Type: text/plain; charset="iso-8859-1"

RMS - "Random May-be-free Stuff"?



Wait. That acronym's also taken. Darn!



<<Sorry, I just couldn't resist :) >>



More seriously: my apologies, but no good name or acronym immediately comes
to mind.



From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 2:58 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



Ok now we have an understanding, any suggestion ?



Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
Envoy? : vendredi 22 juin 2012 20:43
? : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@asus.com; mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: "?Free and Open source Software? it is ?Free and/or Open source
software?; "



I understand that. Which is why I said it is the union, rather than the
intersection.



In my highly simplified view, the FSF defines what free software is, and the
OSI defines what open source software is. If you're going to include a bunch
of other stuff that does not meet either of those definitions, then please
(pretty please!) do not refer to your definition as FOSS or FLOSS. Find some
other name, because that one's taken.





From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



We do not discuss or put into question the FSF and OSI definitions of FOSS
(I know them by heart, I understand the philosophy behind them and respect
them). We try to make a definition of what should be the scope of software
subject to the clause that we put in the contracts and it is broader than
open source traditional definition. So perhaps the term ?FOSS? is chocking
you for that. But this is why we need to discuss and standardize. For me
FOSS is not ?Free and Open source Software? it is ?Free and/or Open source
software?; Now should we select another term in this context? I am totally
open minded on this. Call it NPS (non-purchased software) or whatever, but
even this wording will not fit with shareware for instance.



Michel

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
<mailto:%5bmailto:mike.milinkovich@eclipse.org%5d>
Envoy? : vendredi 22 juin 2012 19:25
? : Soeren_Rabenstein@asus.com; RUFFIN, MICHEL (MICHEL); mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: " Out of this topic we just discussed (in my understanding) what could
be a proper definition of ?FOSS?. "



The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are
the two organizations which, in my opinion, define what FOSS is. Any attempt
to define FOSS which do not take into account the collective wisdom and
process that went into their respective license lists [1][2] would be a big
mistake.



FOSS = Free and Open Source Software, which is the union of software which
meets the definition of Free Software[3] and Open Source Software[4].



I have seen attempts in the past to expand the definition of FOSS beyond
licensing to include other parameters such as open development processes and
the like. They've all been spectacularly unsuccessful. There be dragons.



In the interest of full disclosure, in addition to by day job at the Eclipse
Foundation, I am also a Director of the OSI.



[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd





Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@eclipse.org

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov







Out of this topic we just discussed (in my understanding) what could be a
proper definition of ?FOSS?.



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.spdx.org/pipermail/spdx/attachments/20120622/7d7b16b7/attachme
nt.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 22, Issue 33
************************************

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


Re: Spdx Digest, Vol 22, Issue 33

Mahshad Koohgoli
 

PDC- Public Domain Code?
PAS- Publicly Accessible Software
CAS- Community Accessible Software?
GAC- Generally Accessible Code?

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On
Behalf Of spdx-request@lists.spdx.org
Sent: 22-June-12 3:21 PM
To: spdx@lists.spdx.org
Subject: Spdx Digest, Vol 22, Issue 33

Send Spdx mailing list submissions to
spdx@lists.spdx.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.spdx.org/mailman/listinfo/spdx
or, via email, send a message with subject or body 'help' to
spdx-request@lists.spdx.org

You can reach the person managing the list at
spdx-owner@lists.spdx.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Spdx digest..."


Today's Topics:

1. RE: "Scope" of licenses to be covered by SPDX (Mike Milinkovich)


----------------------------------------------------------------------

Message: 1
Date: Fri, 22 Jun 2012 15:21:22 -0400
From: "Mike Milinkovich" <mike.milinkovich@eclipse.org>
To: "'RUFFIN, MICHEL \(MICHEL\)'" <michel.ruffin@alcatel-lucent.com>,
<Soeren_Rabenstein@asus.com>, <mjherzog@nexb.com>,
<spdx@lists.spdx.org>
Subject: RE: "Scope" of licenses to be covered by SPDX
Message-ID: <038e01cd50ac$35a4eb50$a0eec1f0$@eclipse.org>
Content-Type: text/plain; charset="iso-8859-1"

RMS - "Random May-be-free Stuff"?



Wait. That acronym's also taken. Darn!



<<Sorry, I just couldn't resist :) >>



More seriously: my apologies, but no good name or acronym immediately comes
to mind.



From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 2:58 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



Ok now we have an understanding, any suggestion ?



Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
Envoy? : vendredi 22 juin 2012 20:43
? : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@asus.com; mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: "?Free and Open source Software? it is ?Free and/or Open source
software?; "



I understand that. Which is why I said it is the union, rather than the
intersection.



In my highly simplified view, the FSF defines what free software is, and the
OSI defines what open source software is. If you're going to include a bunch
of other stuff that does not meet either of those definitions, then please
(pretty please!) do not refer to your definition as FOSS or FLOSS. Find some
other name, because that one's taken.





From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@alcatel-lucent.com]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@eclipse.org; Soeren_Rabenstein@asus.com;
mjherzog@nexb.com; spdx@lists.spdx.org
Subject: RE: "Scope" of licenses to be covered by SPDX



We do not discuss or put into question the FSF and OSI definitions of FOSS
(I know them by heart, I understand the philosophy behind them and respect
them). We try to make a definition of what should be the scope of software
subject to the clause that we put in the contracts and it is broader than
open source traditional definition. So perhaps the term ?FOSS? is chocking
you for that. But this is why we need to discuss and standardize. For me
FOSS is not ?Free and Open source Software? it is ?Free and/or Open source
software?; Now should we select another term in this context? I am totally
open minded on this. Call it NPS (non-purchased software) or whatever, but
even this wording will not fit with shareware for instance.



Michel

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished
Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent
International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France


_____

De : Mike Milinkovich [mailto:mike.milinkovich@eclipse.org]
<mailto:%5bmailto:mike.milinkovich@eclipse.org%5d>
Envoy? : vendredi 22 juin 2012 19:25
? : Soeren_Rabenstein@asus.com; RUFFIN, MICHEL (MICHEL); mjherzog@nexb.com;
spdx@lists.spdx.org Objet : RE: "Scope" of licenses to be covered by SPDX



Re: " Out of this topic we just discussed (in my understanding) what could
be a proper definition of ?FOSS?. "



The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are
the two organizations which, in my opinion, define what FOSS is. Any attempt
to define FOSS which do not take into account the collective wisdom and
process that went into their respective license lists [1][2] would be a big
mistake.



FOSS = Free and Open Source Software, which is the union of software which
meets the definition of Free Software[3] and Open Source Software[4].



I have seen attempts in the past to expand the definition of FOSS beyond
licensing to include other parameters such as open development processes and
the like. They've all been spectacularly unsuccessful. There be dragons.



In the interest of full disclosure, in addition to by day job at the Eclipse
Foundation, I am also a Director of the OSI.



[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd





Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@eclipse.org

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov







Out of this topic we just discussed (in my understanding) what could be a
proper definition of ?FOSS?.



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.spdx.org/pipermail/spdx/attachments/20120622/7d7b16b7/attachme
nt.html>

------------------------------

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


End of Spdx Digest, Vol 22, Issue 33
************************************


Re: "Scope" of licenses to be covered by SPDX

Mike Milinkovich
 

RMS - "Random May-be-free Stuff"?

 

Wait. That acronym's also taken. Darn!

 

<<Sorry, I just couldn't resist :) >>

 

More seriously: my apologies, but no good name or acronym immediately comes to mind.

 

From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@...]
Sent: June-22-12 2:58 PM
To: mike.milinkovich@...; Soeren_Rabenstein@...; mjherzog@...; spdx@...
Subject: RE: "Scope" of licenses to be covered by SPDX

 

Ok now we have an understanding, any suggestion ?

 

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France


De : Mike Milinkovich [mailto:mike.milinkovich@...]
Envoyé : vendredi 22 juin 2012 20:43
À : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@...; mjherzog@...; spdx@...
Objet : RE: "Scope" of licenses to be covered by SPDX

 

Re: "“Free and Open source Software” it is “Free and/or Open source software”; "

 

I understand that. Which is why I said it is the union, rather than the intersection.

 

In my highly simplified view, the FSF defines what free software is, and the OSI defines what open source software is. If you're going to include a bunch of other stuff that does not meet either of those definitions, then please (pretty please!) do not refer to your definition as FOSS or FLOSS. Find some other name, because that one's taken.

 

 

From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@...]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@...; Soeren_Rabenstein@...; mjherzog@...; spdx@...
Subject: RE: "Scope" of licenses to be covered by SPDX

 

We do not discuss or put into question the FSF and OSI definitions of FOSS (I know them by heart, I understand the philosophy behind them and respect them). We try to make a definition of what should be the scope of software subject to the clause that we put in the contracts and it is broader than  open source traditional definition.  So perhaps the term “FOSS” is chocking you for that. But this is why we need to discuss and standardize. For me FOSS is not “Free and Open source Software” it is “Free and/or Open source software”; Now should we select another term in this context? I am totally open minded on this. Call it NPS (non-purchased software) or whatever, but even this wording will not fit with shareware for instance.

 

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France


De : Mike Milinkovich [mailto:mike.milinkovich@...]
Envoyé : vendredi 22 juin 2012 19:25
À : Soeren_Rabenstein@...; RUFFIN, MICHEL (MICHEL); mjherzog@...; spdx@...
Objet : RE: "Scope" of licenses to be covered by SPDX

 

Re: " Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”. "

 

The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are the two organizations which, in my opinion, define what FOSS is. Any attempt to define FOSS which do not take into account the collective wisdom and process that went into their respective license lists [1][2] would be a big mistake.

 

FOSS = Free and Open Source Software, which is the union of software which meets the definition of Free Software[3] and Open Source Software[4].

 

I have seen attempts in the past to expand the definition of FOSS beyond licensing to include other parameters such as open development processes and the like. They've all been spectacularly unsuccessful. There be dragons.

 

In the interest of full disclosure, in addition to by day job at the Eclipse Foundation, I am also a Director of the OSI.

 

[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd

 

 

Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@...

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov

 

 

 

Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”.

 


Re: "Scope" of licenses to be covered by SPDX

RUFFIN MICHEL
 

Ok now we have an understanding, any suggestion ?

 

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France


De : Mike Milinkovich [mailto:mike.milinkovich@...]
Envoyé : vendredi 22 juin 2012 20:43
À : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@...; mjherzog@...; spdx@...
Objet : RE: "Scope" of licenses to be covered by SPDX

 

Re: "“Free and Open source Software” it is “Free and/or Open source software”; "

 

I understand that. Which is why I said it is the union, rather than the intersection.

 

In my highly simplified view, the FSF defines what free software is, and the OSI defines what open source software is. If you're going to include a bunch of other stuff that does not meet either of those definitions, then please (pretty please!) do not refer to your definition as FOSS or FLOSS. Find some other name, because that one's taken.

 

 

From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@...]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@...; Soeren_Rabenstein@...; mjherzog@...; spdx@...
Subject: RE: "Scope" of licenses to be covered by SPDX

 

We do not discuss or put into question the FSF and OSI definitions of FOSS (I know them by heart, I understand the philosophy behind them and respect them). We try to make a definition of what should be the scope of software subject to the clause that we put in the contracts and it is broader than  open source traditional definition.  So perhaps the term “FOSS” is chocking you for that. But this is why we need to discuss and standardize. For me FOSS is not “Free and Open source Software” it is “Free and/or Open source software”; Now should we select another term in this context? I am totally open minded on this. Call it NPS (non-purchased software) or whatever, but even this wording will not fit with shareware for instance.

 

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France


De : Mike Milinkovich [mailto:mike.milinkovich@...]
Envoyé : vendredi 22 juin 2012 19:25
À : Soeren_Rabenstein@...; RUFFIN, MICHEL (MICHEL); mjherzog@...; spdx@...
Objet : RE: "Scope" of licenses to be covered by SPDX

 

Re: " Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”. "

 

The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are the two organizations which, in my opinion, define what FOSS is. Any attempt to define FOSS which do not take into account the collective wisdom and process that went into their respective license lists [1][2] would be a big mistake.

 

FOSS = Free and Open Source Software, which is the union of software which meets the definition of Free Software[3] and Open Source Software[4].

 

I have seen attempts in the past to expand the definition of FOSS beyond licensing to include other parameters such as open development processes and the like. They've all been spectacularly unsuccessful. There be dragons.

 

In the interest of full disclosure, in addition to by day job at the Eclipse Foundation, I am also a Director of the OSI.

 

[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd

 

 

Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@...

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov

 

 

 

Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”.

 


Re: SPDX Data License Selection Rationale -- RE: TR: SPDX standard: files are placed in public domain

RUFFIN MICHEL
 

Mark I am not a lawyer but I have a different understanding of copyright law

 

 

Attached is a document that explains the rationale behind why the Creative Commons Zero license was selected by the SPDX legal working group. The core requirements for consideration were:

  o does not imply that SPDX data is intellectual property;

 

>>> My understanding is that any data which is the original production from an entity can be considered as a work and is protected by copyright law. So if I say "Emacs is licensed under MIT license and has been secretly produced by Michel Ruffin" (sorry for R. Stallman, I do not claim that 8-) I just take a challenging example) this text/wording is a creative work of michel Ruffin and perhaps by saying that I am launching a new advertisement campaign for a new product (with an agreement with R. Stallman). Who knows?

 

  o in jurisdictions that permit data to be intellectual property - prevents others from claiming

    controlling ownership over the data contained in a SPDX file;

 

>>> To my knowledge US and European jurisdictions are protecting data copyright so forcing them to be public domain might be against the law

 

  o will not hinder adoption of the SPDX format by the open source community;

  o minimizes further license proliferation in the open source community;

  o permits the exchange of SPDX files under confidentiality terms (potentially temporarily) for special

    situations that may require it.

 

>>> the exception you mention for me is the general case

 

For the details on the pros and cons of different license options please see the attached document.

 

- Mark

 

Mark Gisi | Wind River | Senior Intellectual Property Manager

Tel (510) 749-2016 | Fax (510) 749-4552

 

 

-----Original Message-----

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of RUFFIN, MICHEL (MICHEL)

Sent: Friday, June 22, 2012 5:44 AM

To: Jilayne Lovejoy; Kevin P. Fleming; spdx@...

Cc: Freedman, Barry H (Barry); SPDX-legal

Subject: RE: TR: SPDX standard: files are placed in public domain

 

As you say (I like the expression) my concern about this license is more like getting an eye brow raised; What does this license implies?

 

If I want to export data from our DB, I will not make it public but aim a specific company/group to do it. If this is partner or a non profit organization, the data will be provided without any liability from ALU that it is correct (we can do mistake) the goal is to help the partner, non profit organization. If it is a customer we will probably take a little more commitment and we will add a clause such as "to the best of our knowledge this data is accurate" or something like this. But in any case we will not provide this data with the name of our company as public domain our lawyers will not accept that. The subject is so complex that there is necessary mistakes.

 

Now a disclaimer of warranty and liability is not enough. If I publish a list of software in which I say this software is LGPL, while in fact it is GPL I can be sued for GPL infringement.

 

In addition our DB is not SPDX compliant is the way that there are some field which interpret FOSS license according to ALU policy, special deals done with copyright owners to interpret license differently or have special permissions, consideration regarding patents (ALu or external), ... We are doing currently a cleaning to separate this information from what we can export, but with 200 people feeding independently and continually our database we cannot guarantee that some confidential information will not be in the export file. So public domain is out of question.

 

That's for the use case. Now on the legal side. If I generate an export file and I write "Alcatel-Lucent proprietary data - confidential" This is in contradiction with the license saying data must be in public domain. What does the judge decide in this case? I asked the question to our lawyers and they say it is unclear but they are not sure that presenting proprietary data according to a standard might impose a license on the data.

 

I will be happy to participate to a conf call on the subject, this need clarification and can jeopardize the success of SPDX. But one of our lawyers (Barry) should be present to understand and explain the implication of this license.

 

Michel

 

Michel.Ruffin@..., PhD

Software Coordination Manager, Bell Labs, Corporate CTO Dpt

Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94

Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France

 

 

-----Message d'origine-----

De : spdx-bounces@... [mailto:spdx-bounces@...] De la part de Jilayne Lovejoy

Envoyé : vendredi 22 juin 2012 03:03

À : Kevin P. Fleming; spdx@...

Cc : SPDX-legal

Objet : Re: TR: SPDX standard: files are placed in public domain

 

In response to Michel's initial question about CC-0 (and subsequent

responses):

 

Here's some of the back story:

This was an issue that the legal work group spent a vast amount of time

discussing.  Initially we had decided on the PddL license, but got some

pretty severe push-back for that license during LinuxCon North America and

1.0 release last August.  So, it was back to the drawing board.  Due to

the many meetings spent discussing this (which may be captured to varying

degrees in the meeting minutes around that time...), Mark Gisi (thanks

Mark!) posted a summary of the reason for having a license and then the

pros and cons of the various license options discussed on its own page

(see http://spdx.org/wiki/spdx-metadata-license-rationale-cc0) for easy

reference, transparency, and historical purposes. Once we decided on CC-0,

we reached out to various community members (including those specifically

who had expressed discomfort with PddL) to make sure the new decision was

amenable. 

 

That is a very short summary of the process.  The webpage referenced above

provides a good overview, but naturally does not capture the nuances and

details of the concerns, rationale, and so forth raised during those

discussions. 

 

Michel - from, your previous email, it sounds like you've got an eye brow

raised, but are still formulating exactly what the exact concern is. (I do

think that the goal of using an open, permissive license, if one at all,

was to facilitate free exchange, which appears to be part of your

concern.)  In any case, perhaps the above information will help a bit and

if you have further concerns, I might suggest either asking for an agenda

item on one of the legal calls or I can simply set up a call with some of

the key people who were involved in the above process  - which ever is

more appropriate.

 

Consequently, I have now included this email on the SPDX Legal group list

as well, as others may be able to weigh in.  The relevant bits from the

various emails are cut and pasted below (separated by a dotted line) for

reference for those who missed this on the general SPDX mailing list.

 

Incidentally - Kevin and Bradley both had good points in regards to the

potential legal analysis.  The other piece of that puzzle concerns the

reality that E.U. law does allow database protection (of facts, that would

otherwise not be considered protectable under, U.S. law, for example).  If

anyone is interested in learning more about this, there is an excellent

article here:  http://www.ifosslr.org/ifosslr/article/view/62

(but don't go learning too much about this law stuff, as you might put us

out of work ;)

 

Cheers,

Jilayne

 

Jilayne Lovejoy |  Corporate Counsel

OpenLogic, Inc.

 

jlovejoy@...  |  720 240 4545

 

 

 

 

------------

 

On Fri Jun 15 09:37:17 2012, RUFFIN, MICHEL (MICHEL) wrote:

>I am not very happy that data must be made in public domain. For the

>following reasons:

>-  ALU should not be responsible of the data if we export it. And I

>understand that ther e is a clause that loow us to do exception (ALU

>name not exported with the data, but it should be the other way around

>by default any export file should not imply any responsibility from

>exporting company).

>- if by mischance there are some comments which we will not want to

>share with the rest of the world. It should be protected by the

>licensing conditions.

 

Just to clarify, is it your desire to be allowed to license SPDX files

that you produce under terms of your choice? Or are you suggesting that

we change the required licensing of SPDX to include a disclaimer of

some sort?

 

Regarding the second bullet, can you provide examples of scenarios

where confidentiality agreements (which until now have been the

proposed solution to this problem) between you and your partners would

be insufficient?

 

Thanks in advance,

Peter

 

 

---------------

 

What I want is freedom, to exchange information between companies without

constraints. If we need constraints, we put it in the contract. It is not

to SPDX to put the constraints.

 

Let us time to think about consequences/consraints, ... before addressing

the issue. But the question is what was the purpose of this initially?

 

Michel.Ruffin@..., PhD

Software Coordination Manager, Bell Labs, Corporate CTO Dpt

Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94

Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France

 

 

----------------

 

On 6/15/12 3:05 PM, "Kevin P. Fleming" <kpfleming@...> wrote:

 

>On 06/15/2012 03:53 PM, Peter Williams wrote:

>> On Fri Jun 15 14:40:49 2012, RUFFIN, MICHEL (MICHEL) wrote:

>>> But the question is what was the purpose of this initially?

>> 

>> It is a excellent question. I have never understood this purpose of this

>> "feature" of SPDX so someone else will have to provide the answer.

>I suspect that it may be at least partially based on the fact that the

>SPDX file consists almost exclusively of data collected from original

>sources, and copyright law (at least as I've been told, I'm no lawyer)

>doesn't provide my copyright protection at all for aggregation of

>otherwise available data. In essence, an SPDX file may not adequately

>constitute a 'work of authorship' that warrants copyright protection,

>and thus there really wouldn't be a legitimate way to control its

>distribution via licensing.

>This is just a mildly educated guess late on a Friday afternoon, though.

>I could be 1000% off base :-)

>--

>Kevin P. Fleming

>Digium, Inc. | Director of Software Technologies

>Jabber: kfleming@... | SIP: kpfleming@... | Skype: kpfleming

>445 Jan Davis Drive NW - Huntsville, AL 35806 - USA

>Check us out at www.digium.com & www.asterisk.org

>_______________________________________________

>Spdx mailing list

>Spdx@...

>https://lists.spdx.org/mailman/listinfo/spdx

 

 

_______________________________________________

Spdx mailing list

Spdx@...

https://lists.spdx.org/mailman/listinfo/spdx

_______________________________________________

Spdx mailing list

Spdx@...

https://lists.spdx.org/mailman/listinfo/spdx


Re: "Scope" of licenses to be covered by SPDX

Mike Milinkovich
 

Re: "“Free and Open source Software” it is “Free and/or Open source software”; "

 

I understand that. Which is why I said it is the union, rather than the intersection.

 

In my highly simplified view, the FSF defines what free software is, and the OSI defines what open source software is. If you're going to include a bunch of other stuff that does not meet either of those definitions, then please (pretty please!) do not refer to your definition as FOSS or FLOSS. Find some other name, because that one's taken.

 

 

From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@...]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@...; Soeren_Rabenstein@...; mjherzog@...; spdx@...
Subject: RE: "Scope" of licenses to be covered by SPDX

 

We do not discuss or put into question the FSF and OSI definitions of FOSS (I know them by heart, I understand the philosophy behind them and respect them). We try to make a definition of what should be the scope of software subject to the clause that we put in the contracts and it is broader than  open source traditional definition.  So perhaps the term “FOSS” is chocking you for that. But this is why we need to discuss and standardize. For me FOSS is not “Free and Open source Software” it is “Free and/or Open source software”; Now should we select another term in this context? I am totally open minded on this. Call it NPS (non-purchased software) or whatever, but even this wording will not fit with shareware for instance.

 

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France


De : Mike Milinkovich [mailto:mike.milinkovich@...]
Envoyé : vendredi 22 juin 2012 19:25
À : Soeren_Rabenstein@...; RUFFIN, MICHEL (MICHEL); mjherzog@...; spdx@...
Objet : RE: "Scope" of licenses to be covered by SPDX

 

Re: " Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”. "

 

The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are the two organizations which, in my opinion, define what FOSS is. Any attempt to define FOSS which do not take into account the collective wisdom and process that went into their respective license lists [1][2] would be a big mistake.

 

FOSS = Free and Open Source Software, which is the union of software which meets the definition of Free Software[3] and Open Source Software[4].

 

I have seen attempts in the past to expand the definition of FOSS beyond licensing to include other parameters such as open development processes and the like. They've all been spectacularly unsuccessful. There be dragons.

 

In the interest of full disclosure, in addition to by day job at the Eclipse Foundation, I am also a Director of the OSI.

 

[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd

 

 

Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@...

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov

 

 

 

Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”.

 


Re: "Scope" of licenses to be covered by SPDX

RUFFIN MICHEL
 

Well I have not really through how this extend to the SPDX standard. But if you look at Blackduck protext tool there is probably 1500 to 2000 licenses described, Palamida is around 1500 (if I am not mistaking). The SPDX standard must cope with all these licenses, it should not limit itself to the 60 to 70 OSI certified licenses. It would be useless. Now if you have not a standard name for these licenses it is not a big issue but in fact they exist “Sun binary license”, “ Sun entitlement license”, “Oracle binary licence”, “ Oracle OTN license” (might also be “Oracle technology network” license) , “Alcatel-Lucent public license” …

 

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620 Nozay, France


De : Philip Odence [mailto:podence@...]
Envoyé : vendredi 22 juin 2012 19:49
À : Mike Milinkovich; Soeren_Rabenstein@...; RUFFIN, MICHEL (MICHEL); Michael Herzog; spdx@...
Objet : Re: "Scope" of licenses to be covered by SPDX

 

I sometimes skirt the issue by broadly referring "software that is freely available on the web." 

 

When one is talking about new projects, picking licenses, and the like, it makes sense to steer/limit to OSI approved licenses. When, on the other hand, the use case is documenting all the "junk" that may be found in a package and associated licenses (as with SPDX), it makes sense to be expansive in order to be able to represent software under licenses outside the OSI definition. 

 

So, the SPDX license list goes beyond the OSI list. Our goal has been to handle the bulk of license one might run into in a software package. And, the spec provides a mechanism for handling licenses not on the list, by essentially including the text of the license. One of the benefits of the License List is that it keeps the size of the SPDX file down by not requiring the text to be included.

 

I don’t think we've come to grips with where we draw the line on the size of the license list. With the 150 or so license on there now, we certainly handle the vast majority of components, but for user convenience, more is better. I think when we get comfortable with our understanding of the effort involved in maintaining the list and adding new licenses, we'll be in a better position to say how big we want the list to be.

 

From: Mike Milinkovich <mike.milinkovich@...>
Organization: Eclipse Foundation
Reply-To: Mike Milinkovich <mike.milinkovich@...>
Date: Fri, 22 Jun 2012 13:24:42 -0400
To: <Soeren_Rabenstein@...>, Michel Ruffin <Michel.Ruffin@...>, Michael Herzog <mjherzog@...>, <spdx@...>
Subject: RE: "Scope" of licenses to be covered by SPDX

 

Re: " Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”. "

 

The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are the two organizations which, in my opinion, define what FOSS is. Any attempt to define FOSS which do not take into account the collective wisdom and process that went into their respective license lists [1][2] would be a big mistake.

 

FOSS = Free and Open Source Software, which is the union of software which meets the definition of Free Software[3] and Open Source Software[4].

 

I have seen attempts in the past to expand the definition of FOSS beyond licensing to include other parameters such as open development processes and the like. They've all been spectacularly unsuccessful. There be dragons.

 

In the interest of full disclosure, in addition to by day job at the Eclipse Foundation, I am also a Director of the OSI.

 

[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd

 

 

Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@...

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov

 

 

 

Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”.

 

_______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx


Re: "Scope" of licenses to be covered by SPDX

Peter A. Bigot
 

With respect to the license list, an issue I happened to notice this
morning is that items on it appear to reflect a very flat concept of a
license when there are options, e.g. GPL-2.0-with-GCC-exception and
GPL-2.0+. The problem is that this approach limits the succinct
representation of licenses. For example, if a package (e.g., libgcc)
is GPL 2.0 or later version with runtime exception, there is no
GPL-2.0+-with-GCC-exception. If a package also incorporates the GPL
classpath exception, that isn't listed either. It's not obvious that
this can be fixed by disjunction or conjunction of the listed licenses
(wouldn't GPL-2.0+ AND GPL-2.0-with-GCC-exception be simple GPL-2.0?)

In a future revision, perhaps the concept of a base license with a set
of options (GPL-2.0, option for later revision, exception for runtime
library, exception for classpath) would be more expressive. It could
also cut down on the size of the list.

Peter

On Fri, Jun 22, 2012 at 12:48 PM, Philip Odence
<podence@blackducksoftware.com> wrote:
I sometimes skirt the issue by broadly referring "software that is freely
available on the web."

When one is talking about new projects, picking licenses, and the like, it
makes sense to steer/limit to OSI approved licenses. When, on the other
hand, the use case is documenting all the "junk" that may be found in a
package and associated licenses (as with SPDX), it makes sense to be
expansive in order to be able to represent software under licenses outside
the OSI definition.

So, the SPDX license list goes beyond the OSI list. Our goal has been to
handle the bulk of license one might run into in a software package. And,
the spec provides a mechanism for handling licenses not on the list, by
essentially including the text of the license. One of the benefits of the
License List is that it keeps the size of the SPDX file down by not
requiring the text to be included.

I don’t think we've come to grips with where we draw the line on the size of
the license list. With the 150 or so license on there now, we certainly
handle the vast majority of components, but for user convenience, more is
better. I think when we get comfortable with our understanding of the effort
involved in maintaining the list and adding new licenses, we'll be in a
better position to say how big we want the list to be.

From: Mike Milinkovich <mike.milinkovich@eclipse.org>
Organization: Eclipse Foundation
Reply-To: Mike Milinkovich <mike.milinkovich@eclipse.org>
Date: Fri, 22 Jun 2012 13:24:42 -0400
To: <Soeren_Rabenstein@asus.com>, Michel Ruffin
<Michel.Ruffin@alcatel-lucent.com>, Michael Herzog <mjherzog@nexb.com>,
<spdx@lists.spdx.org>
Subject: RE: "Scope" of licenses to be covered by SPDX

Re: " Out of this topic we just discussed (in my understanding) what could
be a proper definition of “FOSS”. "



The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are
the two organizations which, in my opinion, define what FOSS is. Any attempt
to define FOSS which do not take into account the collective wisdom and
process that went into their respective license lists [1][2] would be a big
mistake.



FOSS = Free and Open Source Software, which is the union of software which
meets the definition of Free Software[3] and Open Source Software[4].



I have seen attempts in the past to expand the definition of FOSS beyond
licensing to include other parameters such as open development processes and
the like. They've all been spectacularly unsuccessful. There be dragons.



In the interest of full disclosure, in addition to by day job at the Eclipse
Foundation, I am also a Director of the OSI.



[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd





Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@eclipse.org

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov







Out of this topic we just discussed (in my understanding) what could be a
proper definition of “FOSS”.



_______________________________________________ Spdx mailing list
Spdx@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


SPDX Data License Selection Rationale -- RE: TR: SPDX standard: files are placed in public domain

Mark Gisi
 

Attached is a document that explains the rationale behind why the Creative Commons Zero license was selected by the SPDX legal working group. The core requirements for consideration were:
o does not imply that SPDX data is intellectual property;
o in jurisdictions that permit data to be intellectual property - prevents others from claiming
controlling ownership over the data contained in a SPDX file;
o will not hinder adoption of the SPDX format by the open source community;
o minimizes further license proliferation in the open source community;
o permits the exchange of SPDX files under confidentiality terms (potentially temporarily) for special
situations that may require it.

For the details on the pros and cons of different license options please see the attached document.

- Mark

Mark Gisi | Wind River | Senior Intellectual Property Manager
Tel (510) 749-2016 | Fax (510) 749-4552

-----Original Message-----
From: spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] On Behalf Of RUFFIN, MICHEL (MICHEL)
Sent: Friday, June 22, 2012 5:44 AM
To: Jilayne Lovejoy; Kevin P. Fleming; spdx@lists.spdx.org
Cc: Freedman, Barry H (Barry); SPDX-legal
Subject: RE: TR: SPDX standard: files are placed in public domain

As you say (I like the expression) my concern about this license is more like getting an eye brow raised; What does this license implies?

If I want to export data from our DB, I will not make it public but aim a specific company/group to do it. If this is partner or a non profit organization, the data will be provided without any liability from ALU that it is correct (we can do mistake) the goal is to help the partner, non profit organization. If it is a customer we will probably take a little more commitment and we will add a clause such as "to the best of our knowledge this data is accurate" or something like this. But in any case we will not provide this data with the name of our company as public domain our lawyers will not accept that. The subject is so complex that there is necessary mistakes.

Now a disclaimer of warranty and liability is not enough. If I publish a list of software in which I say this software is LGPL, while in fact it is GPL I can be sued for GPL infringement.

In addition our DB is not SPDX compliant is the way that there are some field which interpret FOSS license according to ALU policy, special deals done with copyright owners to interpret license differently or have special permissions, consideration regarding patents (ALu or external), ... We are doing currently a cleaning to separate this information from what we can export, but with 200 people feeding independently and continually our database we cannot guarantee that some confidential information will not be in the export file. So public domain is out of question.

That's for the use case. Now on the legal side. If I generate an export file and I write "Alcatel-Lucent proprietary data - confidential" This is in contradiction with the license saying data must be in public domain. What does the judge decide in this case? I asked the question to our lawyers and they say it is unclear but they are not sure that presenting proprietary data according to a standard might impose a license on the data.

I will be happy to participate to a conf call on the subject, this need clarification and can jeopardize the success of SPDX. But one of our lawyers (Barry) should be present to understand and explain the implication of this license.

Michel

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France


-----Message d'origine-----
De : spdx-bounces@lists.spdx.org [mailto:spdx-bounces@lists.spdx.org] De la part de Jilayne Lovejoy
Envoyé : vendredi 22 juin 2012 03:03
À : Kevin P. Fleming; spdx@lists.spdx.org
Cc : SPDX-legal
Objet : Re: TR: SPDX standard: files are placed in public domain

In response to Michel's initial question about CC-0 (and subsequent
responses):

Here's some of the back story:
This was an issue that the legal work group spent a vast amount of time
discussing. Initially we had decided on the PddL license, but got some
pretty severe push-back for that license during LinuxCon North America and
1.0 release last August. So, it was back to the drawing board. Due to
the many meetings spent discussing this (which may be captured to varying
degrees in the meeting minutes around that time...), Mark Gisi (thanks
Mark!) posted a summary of the reason for having a license and then the
pros and cons of the various license options discussed on its own page
(see http://spdx.org/wiki/spdx-metadata-license-rationale-cc0) for easy
reference, transparency, and historical purposes. Once we decided on CC-0,
we reached out to various community members (including those specifically
who had expressed discomfort with PddL) to make sure the new decision was
amenable.

That is a very short summary of the process. The webpage referenced above
provides a good overview, but naturally does not capture the nuances and
details of the concerns, rationale, and so forth raised during those
discussions.

Michel - from, your previous email, it sounds like you've got an eye brow
raised, but are still formulating exactly what the exact concern is. (I do
think that the goal of using an open, permissive license, if one at all,
was to facilitate free exchange, which appears to be part of your
concern.) In any case, perhaps the above information will help a bit and
if you have further concerns, I might suggest either asking for an agenda
item on one of the legal calls or I can simply set up a call with some of
the key people who were involved in the above process - which ever is
more appropriate.

Consequently, I have now included this email on the SPDX Legal group list
as well, as others may be able to weigh in. The relevant bits from the
various emails are cut and pasted below (separated by a dotted line) for
reference for those who missed this on the general SPDX mailing list.

Incidentally - Kevin and Bradley both had good points in regards to the
potential legal analysis. The other piece of that puzzle concerns the
reality that E.U. law does allow database protection (of facts, that would
otherwise not be considered protectable under, U.S. law, for example). If
anyone is interested in learning more about this, there is an excellent
article here: http://www.ifosslr.org/ifosslr/article/view/62
(but don't go learning too much about this law stuff, as you might put us
out of work ;)

Cheers,
Jilayne

Jilayne Lovejoy | Corporate Counsel
OpenLogic, Inc.

jlovejoy@openlogic.com | 720 240 4545




------------

On Fri Jun 15 09:37:17 2012, RUFFIN, MICHEL (MICHEL) wrote:
I am not very happy that data must be made in public domain. For the
following reasons:

- ALU should not be responsible of the data if we export it. And I
understand that ther e is a clause that loow us to do exception (ALU
name not exported with the data, but it should be the other way around
by default any export file should not imply any responsibility from
exporting company).

- if by mischance there are some comments which we will not want to
share with the rest of the world. It should be protected by the
licensing conditions.
Just to clarify, is it your desire to be allowed to license SPDX files
that you produce under terms of your choice? Or are you suggesting that
we change the required licensing of SPDX to include a disclaimer of
some sort?

Regarding the second bullet, can you provide examples of scenarios
where confidentiality agreements (which until now have been the
proposed solution to this problem) between you and your partners would
be insufficient?

Thanks in advance,
Peter


---------------

What I want is freedom, to exchange information between companies without
constraints. If we need constraints, we put it in the contract. It is not
to SPDX to put the constraints.

Let us time to think about consequences/consraints, ... before addressing
the issue. But the question is what was the purpose of this initially?

Michel.Ruffin@Alcatel-Lucent.com, PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France


----------------

On 6/15/12 3:05 PM, "Kevin P. Fleming" <kpfleming@digium.com> wrote:

On 06/15/2012 03:53 PM, Peter Williams wrote:
On Fri Jun 15 14:40:49 2012, RUFFIN, MICHEL (MICHEL) wrote:
But the question is what was the purpose of this initially?
It is a excellent question. I have never understood this purpose of this
"feature" of SPDX so someone else will have to provide the answer.
I suspect that it may be at least partially based on the fact that the
SPDX file consists almost exclusively of data collected from original
sources, and copyright law (at least as I've been told, I'm no lawyer)
doesn't provide my copyright protection at all for aggregation of
otherwise available data. In essence, an SPDX file may not adequately
constitute a 'work of authorship' that warrants copyright protection,
and thus there really wouldn't be a legitimate way to control its
distribution via licensing.

This is just a mildly educated guess late on a Friday afternoon, though.
I could be 1000% off base :-)

--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming@digium.com | SIP: kpfleming@digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx

_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx

781 - 800 of 1481