Date   

Re: SPDX Booth at LinuxCon NA

Ibrahim Haddad <ibrahim@...>
 

Sorry for an additional email on this. I was mistaken below. We actually need to deliver the layout / booth info to the venue tonight. It would be great if you can confirm by eod if you need the booth/table. 
Thanks.

On Mon, Aug 6, 2012 at 9:43 PM, Ibrahim Haddad <ibrahim@...> wrote:
Hi Jilayne, 

When I was on the general call I believe there were discussions about that and I did some pull inside to rearrange how things are setup. So now we have a space for SPDX. I need a confirmation please if SPDX will grab it or not as we need to send the layout to the venue by end of this week.

Thanks,
Ibrahim


On Mon, Aug 6, 2012 at 4:51 PM, Jilayne Lovejoy <jilayne.lovejoy@...> wrote:
Hi Ibrahim,

I believe we had a booth last year at LinuxCon and people signed up for time slots to staff it.  However, I was not there, so I can't speak to the specifics.   Seems like a good idea to me and I can probably spend some time there, although will have to figure out my availability.

Jilayne

From: Ibrahim Haddad <ibrahim@...>
Date: Monday, August 6, 2012 11:01 AM
To: SPDX-general <spdx@...>
Subject: SPDX Booth at LinuxCon NA

Hi All,

We have been reviewing our booth space for LinuxCon NA and there is a possibility to provide SPDX WG with
a standard table top. Would that work? Please confirm asap so we can plan for it. 

Thanks,
Ibrahim 

--
Ibrahim Haddad, Ph.D.
Director, Technology & Alliances
The Linux Foundation 





--
Ibrahim Haddad, Ph.D.
Director, Technology & Alliances
The Linux Foundation 





--
Ibrahim Haddad, Ph.D.
Director, Technology & Alliances
The Linux Foundation 
+1 (408) 893-1122



Re: SPDX Booth at LinuxCon NA

Ibrahim Haddad <ibrahim@...>
 

Hi Jilayne, 

When I was on the general call I believe there were discussions about that and I did some pull inside to rearrange how things are setup. So now we have a space for SPDX. I need a confirmation please if SPDX will grab it or not as we need to send the layout to the venue by end of this week.

Thanks,
Ibrahim


On Mon, Aug 6, 2012 at 4:51 PM, Jilayne Lovejoy <jilayne.lovejoy@...> wrote:
Hi Ibrahim,

I believe we had a booth last year at LinuxCon and people signed up for time slots to staff it.  However, I was not there, so I can't speak to the specifics.   Seems like a good idea to me and I can probably spend some time there, although will have to figure out my availability.

Jilayne

From: Ibrahim Haddad <ibrahim@...>
Date: Monday, August 6, 2012 11:01 AM
To: SPDX-general <spdx@...>
Subject: SPDX Booth at LinuxCon NA

Hi All,

We have been reviewing our booth space for LinuxCon NA and there is a possibility to provide SPDX WG with
a standard table top. Would that work? Please confirm asap so we can plan for it. 

Thanks,
Ibrahim 

--
Ibrahim Haddad, Ph.D.
Director, Technology & Alliances
The Linux Foundation 





--
Ibrahim Haddad, Ph.D.
Director, Technology & Alliances
The Linux Foundation 
+1 (408) 893-1122



Re: SPDX Booth at LinuxCon NA

Jilayne Lovejoy <jilayne.lovejoy@...>
 

Hi Ibrahim,

I believe we had a booth last year at LinuxCon and people signed up for time slots to staff it.  However, I was not there, so I can't speak to the specifics.   Seems like a good idea to me and I can probably spend some time there, although will have to figure out my availability.

Jilayne

From: Ibrahim Haddad <ibrahim@...>
Date: Monday, August 6, 2012 11:01 AM
To: SPDX-general <spdx@...>
Subject: SPDX Booth at LinuxCon NA

Hi All,

We have been reviewing our booth space for LinuxCon NA and there is a possibility to provide SPDX WG with
a standard table top. Would that work? Please confirm asap so we can plan for it. 

Thanks,
Ibrahim 

--
Ibrahim Haddad, Ph.D.
Director, Technology & Alliances
The Linux Foundation 
+1 (408) 893-1122



SPDX Booth at LinuxCon NA

Ibrahim Haddad <ibrahim@...>
 

Hi All,

We have been reviewing our booth space for LinuxCon NA and there is a possibility to provide SPDX WG with
a standard table top. Would that work? Please confirm asap so we can plan for it. 

Thanks,
Ibrahim 

--
Ibrahim Haddad, Ph.D.
Director, Technology & Alliances
The Linux Foundation 
+1 (408) 893-1122



Today's SPDX General Meeting

Philip Odence
 

Apologies, but I seem to have misplaced my notes from the last meeting and never posted the minutes. I'm truly baffled as I am generally pretty well organized along this dimension. 


Meeting Time: July 12, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- http://www.spdx.org/wiki/20120712-general-meeting-minutes

Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott

Cross Functional Issues
Linux Foundation Participation
Website Update



Minutes from July 19 SPDX Business Team Meeting

Lamons, Scott (Open Source Program Office) <scott.lamons@...>
 

Attendees: 

Scott Lamons (host)

Gary O'Neall

Kamyar Emami

Phil Odence

Pierre Lapointe

Michael Herzog

Jilayne Lovejoy

Steve Cropper (joined later)

 

Agenda/Notes

1. Linuxcon (Panel, Working group meeting, 1.1 PR?)

SPDX Business panel will be on Thursday at 10:25am -- Scott will moderate, Kate, Jilayne, and Jack will represent the tech, legal, and biz teams.   Scott will be setting up a meeting in the next couple weeks to start planning the content and flow.   

Working group meeting on Tuesday from 1-6pm will focus on 2.0.   The first hour will be reserved to provide an SPDX introduction and meet any new participants.    Scott will work with LF to get this posted to the website.

Press release for 1.1?   Consensus was that it's a good thing to do.   Review previous release for 1.0.    Scott will check with Amanda McPherson on logistics for putting this out via LF.   Things to include:  updates to the license list, matching guidelines, CCO in response to community input , tools?

 

2. Outreach Activities (Fossology, Open Compliance program, Other?)

Matt Germonprez at the University of Nebraska Omaha (UNO) and team are in the process of standing up a public instance of Fossology and they are forming a project to add SPDX functionality to Fossology.    Scott and Bob Goebille (Fossology architect) met with Matt to discuss their plans.   Bob is working with the team to resolve several issues.    Gary O'Neall and Kate Stewart offered their support as well.  

LF considering assigning a program/project manager to SPDX.    FOSS barcode tracker (announced May 30) seems complementary to SPDX

Gary talked about target development/build tools such as Eclipse (e.g. an Eclipse plugin that wraps some of the existing tools).   Gary looking for some commitment from the Eclipse foundation.  Michael to reach out to Phillip at Eclipse.     Apache uses Eclipse.  

3. Web update.  

Plan is to switch to the new website over the weekend of 7/28.  Steve to send a message to the SPDX team as a heads up and coordintate with Martin.  If there are any major problems we can switch it back before Monday.


Re: Possible reasons new licenses aren't submitted

Bradley M. Kuhn <bkuhn@...>
 

Could you change the instructions to explicitly allow submission by
email? Thanks!
Jilayne Lovejoy wrote at 20:48 (PDT) on Wednesday:

It already did actually say this, but the wording was a bit awkward
and the email address was not hyper-linked, so I have fixed both.
Thanks!

--
-- bkuhn


Re: Possible reasons new licenses aren't submitted

Jilayne Lovejoy <jilayne.lovejoy@...>
 


Could you change the instructions to explicitly allow submission by
email? Thanks!
It already did actually say this, but the wording was a bit awkward and
the email address was not hyper-linked, so I have fixed both.

Jilayne


Re: Possible reasons new licenses aren't submitted

Bradley M. Kuhn <bkuhn@...>
 

I wrote:
GPL-2.0-with-GCC-exception from the list, and I didn't see any
instructions on SPDX's site on how to propose a comprehensive change
like that.
Jilayne Lovejoy wrote at 13:04 (PDT) on Friday:
We have endeavored to NOT remove licenses from the list once added. I
don't understand why you'd want to remove this? Isn't it possible to
still come across old versions (of any license) "in the wild?" (I know
I have.)
Can you show me examples of software packages that use
GPLv2-only-with-GCC-Exception? I'm amazed to learn that there's a
package that uses it. I believe it was mentioned earlier on this thread
that GCC doesn't even use that license.

Originally, the instructions just said to submit the information for
the license being suggested via email (including the license text).
But it was pointed out that some people may find the spreadsheet
easier as the fields could already be included for prompting and also
if one was submitting multiple licenses.
Could you change the instructions to explicitly allow submission by
email? Thanks!
--
-- bkuhn


Re: Possible reasons new licenses aren't submitted (was Re: Minutes from July 12 SPDX General Meeting)

Jilayne Lovejoy <jilayne.lovejoy@...>
 

On 7/13/12 1:32 PM, "Bradley M. Kuhn" <bkuhn@ebb.org> wrote:

Philip Odence wrote at 11:52 (EDT) on Thursday:
Suprisingly after all the recent discussion on the General Meerting
list about expanding the list, no one has submitted any more licenses.
FWIW, I looked at this possibility briefly. Upon reading
http://spdx.org/wiki/spdx-license-list-process-requesting-new-licenses-be-
added
I came to the conclusion that I couldn't easily submit any of the
licenses I was thinking of, such as GCC's license, which is effectively
GPLv3-or-later-with-GCC-RTLv3.1-or-later.

Mainly, it's tough to meet submission requirement (3). There's no URL
for that license. GCC RTL 3.1 has one URL, GPLv3 has another, but
what's the URL for the combo with appropriate -or-laters? There is
none.
If there is no url, then there is no url - just state this. However, in
this scenario, I would simply include the two you mention above. The
field need not have only one url (e.g. For licenses that are OSI approved,
I have included both the OSI link as well as the license author's link,
where found).


The SPDX list itself clearly
envisioned this fact, as things like "GPL-2.0-with-autoconf-exception"
already appear. But, those existing listings fail to account for how
the exceptions actually are used in real world programs, as discussed in
the threads over the last month.
As I thought was explained previously, there has already been several
discussions on the legal calls on how to best deal with the various GPL
exceptions. I don't think anyone would claim we have come up with the
best solution, and this has been something that has been recognized as
needing more discussion and work. Alternative proposals and a description
of how to implement are always encouraged (as well as help doing the
actual work...) - from anyone.


Thus, if I were to formally propose GCC's license, it'd have to be part
of a broader proposal I'd have to also propose removal of
GPL-2.0-with-GCC-exception from the list, and I didn't see any
instructions on SPDX's site on how to propose a comprehensive change
like that.
We have endeavored to NOT remove licenses from the list once added. I
don't understand why you'd want to remove this? Isn't it possible to
still come across old versions (of any license) "in the wild?" (I know I
have.) In fact, we have tried to make sure we captured all versions of
licenses on the list (with the exception of more work needing to be done
on capturing at least a majority of the GPL-exceptions, as already stated.)
In any case, any suggestion for which there is not a "formal" process can
simply go through this mailing list, as you have done :)


Finally, the (admittedly more of a pet-peeve) last straw that led me to
give up was I saw that I had to download and open a zip file
(http://spdx.org/system/files/spdx_license_list_v1.16.zip ) just to grab
a text version of the list, and that to make the submission, I had to
fill out a spreadsheet (
http://spdx.org/system/files/spdx_licenselist-new-licenses.ods ) rather
than just use text editor to edit a file. I much appreciate that ODS
format is used, of course, but most of us old-school Free Software
licensing people don't use spreadsheet programs very often, even Free
Software ones, and certainly not merely to submit text and URLs.
I'm not sure why you needed to download the zip file to make the
submission for a new license - you can just create your own. As far as
the spreadsheet is concerned - that was just recently added to provide
another option. Originally, the instructions just said to submit the
information for the license being suggested via email (including the
license text). But it was pointed out that some people may find the
spreadsheet easier as the fields could already be included for prompting
and also if one was submitting multiple licenses.

In any case, thanks for reading through the process and the requirements
for each field so carefully. You may be the first person (that I know of,
anyway) to have done so. Such "testing" is helpful to make the
explanation easier to understand and improve the process.


Possible reasons new licenses aren't submitted (was Re: Minutes from July 12 SPDX General Meeting)

Bradley M. Kuhn <bkuhn@...>
 

Philip Odence wrote at 11:52 (EDT) on Thursday:
Suprisingly after all the recent discussion on the General Meerting
list about expanding the list, no one has submitted any more licenses.
FWIW, I looked at this possibility briefly. Upon reading
http://spdx.org/wiki/spdx-license-list-process-requesting-new-licenses-be-added
I came to the conclusion that I couldn't easily submit any of the
licenses I was thinking of, such as GCC's license, which is effectively
GPLv3-or-later-with-GCC-RTLv3.1-or-later.

Mainly, it's tough to meet submission requirement (3). There's no URL
for that license. GCC RTL 3.1 has one URL, GPLv3 has another, but
what's the URL for the combo with appropriate -or-laters? There is
none.

This sort of goes to the heart of the problem with how the SPDX license
list is structured. SPDX's goal is ostensibly to document the "real
world" license uses. But, licenses occurring in the real world aren't
just by themselves, especially in key infrastructure programs like GCC.
They occur in these nuanced ways. The SPDX list itself clearly
envisioned this fact, as things like "GPL-2.0-with-autoconf-exception"
already appear. But, those existing listings fail to account for how
the exceptions actually are used in real world programs, as discussed in
the threads over the last month.

Thus, if I were to formally propose GCC's license, it'd have to be part
of a broader proposal I'd have to also propose removal of
GPL-2.0-with-GCC-exception from the list, and I didn't see any
instructions on SPDX's site on how to propose a comprehensive change
like that.

Finally, the (admittedly more of a pet-peeve) last straw that led me to
give up was I saw that I had to download and open a zip file
(http://spdx.org/system/files/spdx_license_list_v1.16.zip ) just to grab
a text version of the list, and that to make the submission, I had to
fill out a spreadsheet (
http://spdx.org/system/files/spdx_licenselist-new-licenses.ods ) rather
than just use text editor to edit a file. I much appreciate that ODS
format is used, of course, but most of us old-school Free Software
licensing people don't use spreadsheet programs very often, even Free
Software ones, and certainly not merely to submit text and URLs.

Again, I renew my offer to assist anyone who wants to undertake the task
to write an SPDX file for GCC (or indeed for *any* FSF or Conservancy
package), but the barriers above made me sure I didn't want to take a
proactive role here.
--
-- bkuhn


Minutes from July 12 SPDX General Meeting

Philip Odence
 






Attendance: 7

Technical Team Report - Kate

  • 2.0 work
    • Still working through use cases
  • 1.1 work
    • Still under revision but near completion
  • LinuxCon
    • Looks like there will be strong participation from the Tech Team in the Face to Face meeting at LinuxCon (Tues, Aug 28, afternoon, San Diego)

Legal Team Report - Jilayne

  • There will be light attendance at LinuxCon, so not anticipating having formal Legal Team meeting per se.
  • License list
    • Discussion continues
    • Suprisingly after all the recent discussion on the General Meerting list about expanding the list, no one has submitted any more licenses.
    • There is now available a spreadsheet template for requesting multiple licenses to be added.
  • There's interest in outreach to various FOSS communities about incorporating licenses, but little resource to do so.

Business Team Report - Scott/Jack

  • Solicited feedback on SPDX Mission and Vision statements. Some feedback incorporated. Both now ready for publishing on new website.
  • Discussions are going on between FOSSology team and Univ of Nebraska about incorporating SPDX output capability into FOSSology.

Cross Functional Issues – Phil

  • Panel discussion has been accepted for LinuxCon.
  • Website Update - No update
  • The Linux Foundation is exploring the possibility of providing some program management support for SPDX.


Attendees

  • Phil Odence, Black Duck Software
  • Kate Stewart, Canonical
  • Michael Herzog, nexB
  • Scott Lamons, HP
  • Jilayne Lovejoy, OpenLogic
  • Gary O'Neall, SourceAuditor
  • Jason Buttura, Cisco


Today SPDX General Meeting Reminder

Philip Odence
 

Apologies, but I seem to have misplaced my notes from the last meeting and never posted the minutes. I'm truly baffled as I am generally pretty well organized along this dimension. 


Meeting Time: July 12, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance

Technical Team Report - Kate
Legal Team Report - Jilayne
Business Team Report – Jack/Scott

Cross Functional Issues
Website Update



Re: "Scope" of licenses to be covered by SPDX

Jilayne Lovejoy <jilayne.lovejoy@...>
 

Great, Bradley. When I find someone who will *do* that work, we will
definitely ask for you input!

- Jilayne

On 6/28/12 12:02 PM, "Bradley M. Kuhn" <bkuhn@ebb.org> wrote:

Jilayne Lovejoy wrote at 16:02 (EDT) on Wednesday:
So, if you have an idea as to how to implement this idea, while
keeping in mind the overall goal of the LIcense List, etc. - that
would be great!!
IMO, "implementing" is trivial. The tough part is careful cataloging to
know *what* to add to the list. For example, obviously, no one did the
work of cataloging the exceptions in GCC, which is why the license of
GCC can't be represented by SPDX for any version of GCC (See my other
post about that:
http://lists.spdx.org/pipermail/spdx/2012-June/000704.html )

If someone wants to do the work of cataloging the exceptions in GCC, I'd
be happy to advise, since I was involved with Brett Smith when he did
the work during the 3.1 RTL exception drafting process. Cc me on any
email threads that are working on this and I'll try to allocate time to
help.

But, note that exceptions are all over the place, in things like
Classpath, autoconf, and plenty of other places. I wonder: has anyone
taken a Fossology (the best scanning tool available as Free Software)
run of Debian distribution and just made sure every license it finds has
a moniker in SPDX? If not, why not? Seems like a necessary first step
for SPDX to have any chance of being complete.
--
-- bkuhn
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


Re: "Scope" of licenses to be covered by SPDX

Peter A. Bigot
 

On Fri, Jun 29, 2012 at 10:19 AM, Peter Williams
<peter.williams@openlogic.com> wrote:
On Fri Jun 29 07:04:27 2012, Philip Odence wrote:

Polite request:
Could we shift this discussion off of the General Meeting list and
onto the Legal Team list only?
Is that really the best choice? This issue seems to be cross functional
issue in that it concerns both the license list and the technical details of
representing license data in SPDX files (and in the license list itself). I
think both the legal and tech teams need to collaborate to solve this
problem. Relegating it into any single functional area list will, i fear,
hinder progress to a solution quite significantly.
Agreed. In this general forum we've heard that the existing SPDX
license list approach does not meet the needs of Linux distributions
(in the case I raised, OpenEmbedded) because it does not have the
flexibility to succinctly and accurately represent the current
licenses of many GPL packages like gcc and its libraries.

Missing a "BMKL" is one thing. Missing GPL-2.0+-with-GCC-exception
and other GPL variants in common use, and/or requiring all such
variants to be listed explicitly in the spec or named arbitrarily at
the discretion of independent compilers of SPDX files, seems to be a
more fundamental weakness in the technical description of licenses.
Resolution of this is likely to require fairly wide familiarity with
what packages should have supported license descriptions in
combination with legal insight on how to express their licenses.

Adding spdx-tech (which I've just done, and joined) and dropping
general (which I have not done), might make sense, recognizing that
this sort of fragmentation does make it more likely that issues will
not be discovered and resolved in a timely fashion.

Peter


Re: "Scope" of licenses to be covered by SPDX

Peter Williams <peter.williams@...>
 

On Fri Jun 29 07:04:27 2012, Philip Odence wrote:
Polite request:
Could we shift this discussion off of the General Meeting list and
onto the Legal Team list only?
Is that really the best choice? This issue seems to be cross functional issue in that it concerns both the license list and the technical details of representing license data in SPDX files (and in the license list itself). I think both the legal and tech teams need to collaborate to solve this problem. Relegating it into any single functional area list will, i fear, hinder progress to a solution quite significantly.

Peter
openlogic.com


Re: "Scope" of licenses to be covered by SPDX

Philip Odence
 

Polite request:
Could we shift this discussion off of the General Meeting list and onto the Legal Team list only? TThis is GREAT discussion for the legal team.
This is not a big problem, but I want to respect the norms we established when we formed the Legal, Business and Tech teams. Part of splitting up the lists was to keep the traffic on the General Meeting list light so as not to burden folks who are only looking to monitor goings across the teams and at a high level. Real work (and this is real work) is supposed to be done on the team lists. 
So, if anyone responds to this (or other emails in the thread) please remove spdx@... from the CC.
Note: anyone not on the legal list and wanting to follow the discussion can sign up at http://lists.spdx.org/mailman/listinfo/spdx-legal
Thanks,
Phil

From: Tom Incorvia <tom.incorvia@...>
Date: Thu, 28 Jun 2012 14:14:32 -0500
To: Bob Gobeille <bob.gobeille@...>, "Bradley M. Kuhn" <bkuhn@...>
Cc: SPDX-legal <spdx-legal@...>, <spdx@...>
Subject: RE: "Scope" of licenses to be covered by SPDX

As long as the licenses are

 

-          Carefully named and vetted for exact license text

 

-          Somewhat broadly applicable (“somewhat broadly” is fuzzy, but we do want the list to grow starting with very common and moving to less common – it is a way to get more value with our limited bandwidth to vet the licenses)

 

Then more is better.

 

SPDX is looking for volunteers to submit additional licenses that meet the above criteria.

 

To nominate a license, provide this info: http://spdx.org/wiki/spdx-license-list-process-requesting-new-licenses-be-added

 

Legal team: I can help with the reviews of proposed licenses, although I am not available until the end of July. 

 

Tom

 

Tom Incorvia

tom.incorvia@...

Direct: (512) 340-1336

 

 

-----Original Message-----
From: spdx-legal-bounces@... [mailto:spdx-legal-bounces@...] On Behalf Of Bob Gobeille
Sent: Thursday, June 28, 2012 1:50 PM
To: Bradley M. Kuhn
Cc: SPDX-legal; spdx@...
Subject: Re: "Scope" of licenses to be covered by SPDX

 

On Jun 28, 2012, at 12:02 PM, Bradley M. Kuhn wrote:

 

> But, note that exceptions are all over the place, in things like

> Classpath, autoconf, and plenty of other places.  I wonder: has anyone

> taken a Fossology (the best scanning tool available as Free Software)

> run of Debian distribution and just made sure every license it finds

> has a moniker in SPDX?  If not, why not?  Seems like a necessary first

> step for SPDX to have any chance of being complete.

 

FWIW, one of our FOSSology contributors (thank you Camille) put together a spreadsheet (HarmonisationLicenseIDs.ods)  highlighting the differences between the fossology license list and the SPDX license list:

 

http://www.fossology.org/projects/fossology/wiki/MatchSPDXLicenceIDs

 

We plan on using this to update fossology with the SPDX license short names and insure we have license signatures for all the SPDX licenses.

 

Bob Gobeille

bobg@...

_______________________________________________

Spdx-legal mailing list

Spdx-legal@...

https://lists.spdx.org/mailman/listinfo/spdx-legal

 

This message has been scanned by MailController - portal1.mailcontroller.co.uk

This message has been scanned by MailController.

 

_______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx


Re: "Scope" of licenses to be covered by SPDX

Philip Odence
 

Bradley,

See spec http://www.spdx.org/system/files/spdx-1.0.pdf on pages 23-24.

There's a section in an SPDX file called Other Licensing Information
Detected to handle licenses not on the standard list. The person creating
SPDX file creates an extension to the standard list that is local to the
particular SPDX file with similar short names. So, if you find the Bradley
Kuhn License you could designate it at BMKL-1.0, say, and then could use
that identifier throughout that SPDX file to reference that license. The
Other Licensing Information Detected section would map BMLK-1.0 to the
specific text of the license.

Hope that increases your comfort that the SPDX standard can handle-non
standard licenses. And, as others have pointed out, you could also submit
the BMKL to the SPDX legal team for future inclusion on the standard list.

Best,
Phil





Jilayne, I am not yet on the legal list, so please forward.

On 6/28/12 2:10 PM, "Bradley M. Kuhn" <bkuhn@ebb.org> wrote:

Jilayne Lovejoy wrote at 16:05 (EDT) on Wednesday:
Do you expect the SPDX License List to cover every license you find?
I'm not clear on what the value of SPDX's license list unless it's
comprehensive. Can you explain how SPDX is still useful if the licenses
for widely distributed and used central-infrastructure programs can't
be listed with SPDX?

Does any list?
Other license lists aren't designed to allow for cataloging the details
of a Free Software release, nor are they meant to be grokked by
programs, so they don't need to be perfectly comprehensive. If a
license is missing from SPDX's list, I can't write an accurate SPDX file
for that package, right? Seems like a really big bug in SPDX to me.

This is why I keep renewing my encouragement for the SPDX group to
actually *write* some SPDX files and carry them upstream. Your problems
with SPDX will start to shake out a lot faster if you do that.

Indeed, my offer that I've been making for a year remains open: when
I see that SPDX patch come across the BusyBox mailing list, I'll endorse
it and encourage Denys to put it upstream.... but I still haven't seen
the patch arrive, and when I suggest this to SPDX folks, they tell me
"upstream should be responsible for doing this work". I get worried any
time a bunch of proprietary software companies get together and start
suggesting unfunded mandates for upstream Free Software projects.
--
-- bkuhn
_______________________________________________
Spdx mailing list
Spdx@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx


Re: "Scope" of licenses to be covered by SPDX

Tom Incorvia
 

As long as the licenses are

 

-          Carefully named and vetted for exact license text

 

-          Somewhat broadly applicable (“somewhat broadly” is fuzzy, but we do want the list to grow starting with very common and moving to less common – it is a way to get more value with our limited bandwidth to vet the licenses)

 

Then more is better.

 

SPDX is looking for volunteers to submit additional licenses that meet the above criteria.

 

To nominate a license, provide this info: http://spdx.org/wiki/spdx-license-list-process-requesting-new-licenses-be-added

 

Legal team: I can help with the reviews of proposed licenses, although I am not available until the end of July. 

 

Tom

 

Tom Incorvia

tom.incorvia@...

Direct: (512) 340-1336

 

 

-----Original Message-----
From: spdx-legal-bounces@... [mailto:spdx-legal-bounces@...] On Behalf Of Bob Gobeille
Sent: Thursday, June 28, 2012 1:50 PM
To: Bradley M. Kuhn
Cc: SPDX-legal; spdx@...
Subject: Re: "Scope" of licenses to be covered by SPDX

 

On Jun 28, 2012, at 12:02 PM, Bradley M. Kuhn wrote:

 

> But, note that exceptions are all over the place, in things like

> Classpath, autoconf, and plenty of other places.  I wonder: has anyone

> taken a Fossology (the best scanning tool available as Free Software)

> run of Debian distribution and just made sure every license it finds

> has a moniker in SPDX?  If not, why not?  Seems like a necessary first

> step for SPDX to have any chance of being complete.

 

FWIW, one of our FOSSology contributors (thank you Camille) put together a spreadsheet (HarmonisationLicenseIDs.ods)  highlighting the differences between the fossology license list and the SPDX license list:

 

http://www.fossology.org/projects/fossology/wiki/MatchSPDXLicenceIDs

 

We plan on using this to update fossology with the SPDX license short names and insure we have license signatures for all the SPDX licenses.

 

Bob Gobeille

bobg@...

_______________________________________________

Spdx-legal mailing list

Spdx-legal@...

https://lists.spdx.org/mailman/listinfo/spdx-legal

 

This message has been scanned by MailController - portal1.mailcontroller.co.uk

This message has been scanned by MailController.

 


Re: "Scope" of licenses to be covered by SPDX

Kevin P. Fleming <kpfleming@...>
 

On 06/28/2012 01:10 PM, Bradley M. Kuhn wrote:
Other license lists aren't designed to allow for cataloging the details
of a Free Software release, nor are they meant to be grokked by
programs, so they don't need to be perfectly comprehensive. If a
license is missing from SPDX's list, I can't write an accurate SPDX file
for that package, right? Seems like a really big bug in SPDX to me
SPDX files don't require that the licenses they refer to be present in the "SPDX License List". The license that you find in a source file can be represented on its own in the SPDX file. The primary purpose of the license list is to provide consistent names for the commonly used licenses, provide standard texts and (eventually) provide a mechanism for automated matching of license text gathered from source files against these standard licenses.

--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming@digium.com | SIP: kpfleming@digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

741 - 760 of 1467