|
Re: GPL vX or later issue
Don Armstrong
On Tue, 09 Nov 2010, dmg wrote:
But from a modeling point of view, I see the statement "any newerNo, it's not. GPLv3 and v2 conflict with each other, so a license which is the conjunction of both v2 and v3 is nonsensical. There's a reason why the full language of the recommended licensing clause for GPL'ed works is This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. not [...] and any later version. The use of GPLv2+ and similar terms is just a shorthand to indicate that you can use the work under one of GPLv2 or GPLv3 (and some later version of the GPL when/if it comes out). This is an entirely separate situation from a codebase which forms a derivative work which has some code under GPLv2 and other code under GPLv3. [Such a derivative work is generally considered to be undistributable, because the terms of GPLv2 (§6 and §7) cannot be satisfied.] Don Armstrong -- For a moment, nothing happened. Then, after a second or so, nothing continued to happen. -- Douglas Adams http://www.donarmstrong.com http://rzlab.ucr.edu
|
|
|
|
Re: GPL vX or later issue
Bruno Cornec <Bruno.Cornec@...>
Jilayne Lovejoy said on Tue, Nov 09, 2010 at 07:53:12PM -0700:
a. Code is licensed under GPL v2 or later - this essentiallyWhich is only true at that moment of time. If/when GPLv4 is available, you would miss that one. So it's important to keep the fact that the author stated that it's GPLv2+ to cover this. So it's not simply OR. It's OR with potential licenses that do not exist. Making it IMHO a beast in itself. Bruno. -- Open Source & Linux Profession Lead EMEA / http://opensource.hp.com HP/Intel/Red Hat Open Source Solutions Initiative / http://www.hpintelco.net http://www.HyPer-Linux.org http://mondorescue.org http://project-builder.org La musique ancienne? http://www.musique-ancienne.org http://www.medieval.org
|
|
|
|
Re: GPL vX or later issue
Peter Williams <peter.williams@...>
On 11/10/10 1:47 AM, Bruno Cornec wrote:
Jilayne Lovejoy said on Tue, Nov 09, 2010 at 07:53:12PM -0700:Yeah, it does have the issue that the members of the set change over time. However, at any particular moment in time (i.e. any time you are doing anything with an SPDX file) it can be treat as a simple disjunctive set (all the members are known).a. Code is licensed under GPL v2 or later - this essentiallyWhich is only true at that moment of time. If/when GPLv4 is available, Making it IMHO a beast in itself.I agree. It seems to me that this "or later version" scenario is something that should be handled explicitly. Shoehorning it into the license model feels clumsy. Peter
|
|
|
|
Re: GPL vX or later issue
dmg
On Tue, Nov 9, 2010 at 10:08 PM, Don Armstrong <don@...> wrote:
n Tue, 09 Nov 2010, dmg wrote:you are misreading my clause. When I say "any newer version" itBut from a modeling point of view, I see the statement "any newerNo, it's not. GPLv3 and v2 conflict with each other, so a license means I give you the choice to use any newer version. Just that. The license is the concatenation of the GPL license plus this statement. --dmg -- --dmg --- Daniel M. German http://turingmachine.org
|
|
|
|
Reminder: SPDX License Review Meeting Friday
Kim Weins
Reminder -- for people that want to attend
------ Original Appointment From: kim.weins@... When: 9:00 AM - 10:00 AM November 12, 2010 Subject: License Review Meeting Location: Dial in below We will review the license list and address issues. US 866-740-1260 Int'l http://www.readytalk.com/support/international-numbers.php ID 2404502 Web Meeting Www.readytalk.com ID 2404502 ------ End Of Original Appointment
|
|
|
|
Re: Reminder: SPDX License Review Meeting Friday - Time 11-12 ET
Kim Weins
Hi guys, for some reason mywhen I sent the reminder from my calendar, it
didn't show time zone. The meeting is 11ET, 9MT, 8PT, etc Kim On Thu 11/11/10 9:13 AM, "Kim Weins" <kim.weins@...> wrote: Reminder -- for people that want to attend Kim Weins | Senior Vice President, Marketing kim.weins@... Follow me on Twitter @KimAtOpenLogic 650 279 0410 | cell www.openlogic.com Follow OpenLogic on Twitter @OpenLogic OpenLogic, Inc. Headquarters, Broomfield, Colorado
|
|
|
|
Agenda for License Review Meeting
Kim Weins
GPL “or later” issue
- is there consensus on list around leaving as is in terms of listing “GPL v2 only” separately from “GPL v2 or later” with differentiation showing in header text and then links to all “or later” license texts ?? GPL & LGPL exceptions - seems like there is general agreement that each exception should be listed as a separate license on the list - need help generating a list of the commonly used exceptions and how they are named with some kind of consistency in naming Python licenses - currently we have just the two OSI approved licenses, using the OSI long titles for the licenses – Tom I found some other versions, but the naming is a bit inconsistent (in terms of what they are referred to in the field, Tom’s email included some practical clarification on this in terms of matching the license to the software version) - do we need to add others? If so, which ones and how to name? older license versions that are missing: - we don’t have EUPL v1.0, MPL v1.0, NPL v1.0, other OSL versions, AFL, etc. license-specific issues: - X.Net License à this is really an LGPL notice + special exception - should we have it as a separate license? - Zlib/libpng License à note: this is the zlib license, but OSI calls it the zlib/libpng license. Yet there is a different license for libpng: see http://www.libpng.org/pub/png/src/libpng-LICENSE.txt <http://www.libpng.org/pub/png/src/libpng-LICENSE.txt>
|
|
|
|
Re: License List spreadsheet v1.1
Tom Incorvia
Originally sent 2010-Oct-21. For discussion at today’s License Review Meeting, agenda item, “Python Licenses”. Tom
Mobile: (408) 499 6850
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Tom Incorvia
Sent: Thursday, October 21, 2010 9:51 AM To: Tom "spot" Callaway Cc: Jilayne Lovejoy; spdx@...; kate.stewart@... Subject: RE: License List spreadsheet v1.1
FYI, I did a compare of Python 3.2 LICENSE to the much earlier 2.0.1 AFTER removing the history information – so the compare started with the statement “TERMS AND CONDITIONS FOR ACCESSING OR OTHERWISE USING PYTHON”.
The licenses are the same other than adding to the list of copyright years and changing the title “CWI PERMISSIONS STATEMENT AND DISCLAIMER” TO “CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2”. I have attached the compare.
I also noticed that the license link for particular versions of the Python software don’t always match. For instance the link http://www.python.org/download/releases/2.4.6/license/ links to a license titled 2.4.4 license. Similarly the URL for 3.0.1 points to a license titled 2.6.1. There are others.
Between versions 2.4.4 and 2.5 “Version 2” is added to the license. But the changes continue to be limited to extensions of the copyright years.
I believe that the discrete licenses are:
- CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2 - CNRI LICENSE AGREEMENT FOR PYTHON 1.6.1 - Python Version 1 (Covers Python after 1.6.1 and prior to 2.5) - Python Version 2 (Covers Python 2.5 and after)
Thanks,
Tom
Tom Incorvia Direct: (512) 340-1336 Mobile: (408) 499 6850
|
|
|
|
GPLv3 Variants
Mark Radcliffe
I think that we need
to take into account the fact that GPLv3 permits six "additional terms"
(see below). Since they you could have many variants, perhaps the best
approach is to have a category for "GPLv3 with Permitted Additions". I am open
to other suggestions.
7. Additional Terms.“Additional permissions” are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.
|
|
|
|
Re: GPLv3 Variants
Tom Incorvia
Hi Mark,
I agree that there could be many variants. Since we will not be able to interpret the additional terms in any clean fashion (including a certainty that an included term is or is not a “further restriction” that may be removed), I suggest that:
1. We leave GPL v3 with additions out of the Rev-1 license list 2. In the event that we find a very frequently used GPL V3 with additions, perhaps we name it uniquely, for instance “GPL V3 Modified by [Organization] for [Component].
My logic on (1) initially leaving out and (2) naming uniquely when we must, is based on never having seen a GPL v3 with permitted additions. I do, however, travel in the commercial world – perhaps it is different in open source centric environment – is anyone aware of frequently used GPL v3 with permitted additions so we can consider this approach with a bit more data?
Tom
Mobile: (408) 499 6850
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Radcliffe, Mark
Sent: Sunday, November 14, 2010 2:58 PM To: spdx@... Subject: GPLv3 Variants
I think that we need to take into account the fact that GPLv3 permits six "additional terms" (see below). Since they you could have many variants, perhaps the best approach is to have a category for "GPLv3 with Permitted Additions". I am open to other suggestions.
7. Additional Terms.“Additional permissions” are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. Please consider the environment before printing this email.
Click here to report this email as spam. This message has been scanned for viruses by MailController.
|
|
|
|
VS: GPL vX or later issue
Martin von Willebrand
-
Have you checked our renewed web pages, at www.hhpartners.fi?
>> Which is only true at that moment of time. If/when GPLv4 is available, >> you would miss that one. So it's important to keep the fact that the >> author stated that it's GPLv2+ to cover this. >> So it's not simply OR. It's OR with potential licenses that do not >> exist. > >Yeah, it does have the issue that the members of the set change over >time. However, at any particular moment in time (i.e. any time you are >doing anything with an SPDX file) it can be treat as a simple >disjunctive set (all the members are known). > >> Making it IMHO a beast in itself. > >I agree. It seems to me that this "or later version" scenario is >something that should be handled explicitly. Shoehorning it into the >license model feels clumsy. (I am restarting participation after a longer pause.) Was the question on license attachment clauses decided in the teleconf last week? Are different attachment clauses classified as licenses for the time being or will SPDX be added with separate taxonomy for explaining different license attachments? Looking at the spec, it is currently unclear for me how one should report a file (or package) with a license attachment clause allowing choosing between GPLv2, any later GPL version, MPL 1.1 or any later MPL version. This needs to be treated somehow, and preferably captured so that this information needs not to be rechecked (unless for quality control). Is there a "declared license" in a package, if there is just the text of the license in a separate file, with no license attachment statements? Based on the spec, I assume yes, but the text in the spec is a little vague. Also, the wiki on license texts currently holds placeholders for a number of "license+exception" licenses. What is the standing on this, should these be elaborated to contain the text of the exception so that misunderstandings are less likely? Br, Martin PS. Some other comments on the standard: 1. Licenses detected information under section 3 of the standard seems to be something that repeats parts of information from section 5 of the standard. (With the exception that non-standard licenses are introduced with the help of section 3.) 2. I'm wondering how could the "license tree" of a package be better reflected in the standard. (It can be derived form sec 5. Perhaps that's enough.) E.g. We use a conclusion that a license.txt file containing e.g. LGPL 2.1 license text is concluded to apply to all files in that folder and subfolder, if the files do not contain any license attachment statements and there is no contradicting information. I believe others need to address the same question since files with no license information is a very frequent issue. Viewing licenses as a tree helps in this analysis. Recording licenses detected under section 3 with path information would actually mean even more repeating of information, thus not good. On the other hand, sec 5 is not well suited for information analysis, but for information storage. Hmmm... PPS. Generic update: what is the timetable for the standard? What type of changes are anticipated or considered prior to release of version 1.0? What goes to future versions? Martin von Willebrand, Attorney-at-law, Partner HH Partners, Attorneys-at-law Ltd Mannerheimintie 14 A P.O. Box 232, 00101 Helsinki, Finland Tel: +358 9 177 613, Fax: +358 9 653 873 GSM: +358 40 770 1818 martin.vonwillebrand@... www.twitter.com/mvonwillebrand www.hhpartners.fi Validos ry, Chairman, www.validos.org Privileged and confidential information may be contained in this message. If you are not addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, kindly notify us by reply e-mail and delete this message immediately. Thank you.
|
|
|
|
Re: VS: GPL vX or later issue
Philip Odence
Martin, regarding your PPS We are aiming for an end of the year version with more or less frozen features. It won't be released until it's been through some more extensive testing, but we don't expect adding a lot of features after that point. There is a wiki page on spdx.org that houses beyond 1.0 ideas: http://www.spdx.org/wiki/ideas-after-10-spec L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
On Nov 15, 2010, at 6:39 AM, Martin von Willebrand wrote:
|
|
|
|
Re: VS: GPL vX or later issue
Kim Weins
Adding to the answer on timing — we would expect that the version due around the end of the year would be a “release candidate”. It would not go “final” till after Beta testing.
However, there will be a process for updating the license list on an ongoing basis as needed — separate from revisions of the SPDX versions. This process for updating licenses has not been completely flushed out, but the idea is that people can submit new licenses at any point in time. There will be a review process and the person that wants to add the license will need to sign up for doing a little technical work to set up the page in the license database. Kim On Mon 11/15/10 7:12 AM, "Philip Odence" <podence@...> wrote: Martin, regarding your PPS Kim Weins | Senior Vice President, Marketing kim.weins@... Follow me on Twitter @KimAtOpenLogic 650 279 0410 | cell www.openlogic.com Follow OpenLogic on Twitter @OpenLogic OpenLogic, Inc. Headquarters, Broomfield, Colorado
|
|
|
|
Technical team recommendation regarding file provenance proposals
Peter Williams <peter.williams@...>
The two open, overlapping, proposals for showing the provenance of files in an SPDX document are up for approval at the next SPDX full group meeting. Proposal 2010-10-21-2 [1] proposes adding optional 'Project' and 'ProjectURL' properties to File objects. Proposal 2010-10-21-3 [2] proposes adding an optional 'ArtifactOf' property, whose value is a DOAP project, to File objects.
After careful consideration the technical team recommends proposal 2010-10-21-3 [2] (the proposal for an optional 'ArtifactOf' property) be accepted by the full SPDX group. The technical team also recommends that proposal 2010-10-21-2 [1] be rejected due to its redundancy with the changes in proposal 2010-10-21-3 [2]. Peter www.openlogic.com [1]: <http://www.spdx.org/wiki/proposal-2010-10-21-2-file-origin> [2]: <http://www.spdx.org/wiki/proposal-2010-10-21-3-artifactof>
|
|
|
|
Examples posted
Dave McLoughlin
Finally! Sorry about the delay. I took the examples that were already in the wiki area (http://spdx.org/wiki/openlogic-spdx-10-beta-examples) that Peter W posted some time ago and posted them in the main examples area. http://spdx.org/spec/examples
Please take a look and let me know if you have any questions. Also, Gary, can you take a look at the zlib example we created at OpenLogic for 1.2.3 and 1.2.5 and let me know if you have any questions or comments? Martin and Kate, thanks again for getting my site privileges set up so I could do this. Cheers, -- Dave McLoughlin | OpenLogic
|
|
|
|
Agenda for 18 November SPDX Call
Philip Odence
Meeting Time: Nov18, 8am PDT / 10 am CDT / 11am EDT / 16:00 UTC. http://www.timeanddate.com/worldclock/converter.html Conf call dial-in: Conference code: 7812589502 Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF Web: Note, we will be using a different URL for each meeting for purposes of taking attendance. When you login PLEASE INCLUDE YOUR FULL NAME IN THIS FORM: Phil Odence, Black Duck Software so I can just copy/paste into minutes. THX. http://blackducksoftware.na6.acrobat.com/spdx8nov10/ Administrative Agenda
Legal Update - Rockett SPDX Group Organizational Structure - PhilO Action Items Note: Drafting related action items are embedded in the Wiki. http://www.spdx.org/wiki/spdx/specification • Dave - Clean up the WIKI to only have analysis visible that reflects current spec. ON HOLD FOR MARTIN TO PROVIDE PRIVS; SHOULD BE UNDERWAY • Dave/JeffL - Update zlib based on new specification DONE, BUT AWAITING FEEDBACK • PeterW- Implement issue tracking system. BLOCKED ON KATE • Kate - submit ids to Linux Foundation so infrastructure setup can proceed - PENDING • Kate- Draft example for LF Member Counsel; include XML and corresponding spreadsheet (or spreadsheet-like) format. PENDING • Phil R - Update Industry Events. IN PROCESS • Rockett- Mail out trademark policy draft to SPDX list. WAITING FOR SIGNOFF BY LF • Rockett- Query status of trademark application TBD • Kim- Send out invite for next licensing meeting. DONE. WILL INCLUDE FOLKS FROM DEBIAN. • All- Review 6 months mail and contrast against licensing group spreadsheet. FOR NEXT LICENSE GRP MEETING • All- If you can't attend meeting, post feedback/vote to list on 5.6/5.7 proposals. FOR TECH AGENDA NXT MTG. • Kate- Write up formal proposal on SHA field change and mail to list. IN PROCESS • All- Review SHA field change proposal for technical flaws; if so, discuss on list. FOR TECH AGENDA NXT MEETING • Kate- Add back to SPEC page in WIKI preferred syntax for adding comments. TBD Technical Agenda
L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
|
|
|
|
new release of Ninka
dmg
Hi everybody,
We are releasing a minor update to our license identification tool. The major difference with version 1.0-pre1 is packaging. We no longer require the user to download and patch the sentence splitter. It should be easier to use. We also thank Armijn Hemel for his help with the documentation. http://turingmachine.org/~dmg/temp/ninka-1.0-pre2.tar.bz2 Enjoy! --dmg -- -- Daniel M. German http://turingmachine.org/ http://silvernegative.com/ dmg (at) uvic (dot) ca replace (at) with @ and (dot) with .
|
|
|
|
artifactof proposal ratified... but couldn't post comment (Martin?)
Bill Schineller
Per our call, I attempted to comment on the ratification of the artifactof proposal by commenting on the wiki page
http://www.spdx.org/wiki/proposal-2010-10-21-3-artifactof Unfortunately, the wiki told me my comment triggered the spam filter and wouldn’t save it. Here is the comment (Martin?) “2010-11-18 general call feedback “By choosing to reference DOAP model, we are tacitly approving that an SPDX document may include with it additional information which is in the DOAP vocabulary. We are requiring that an SPDX 1.0 compliant parser be able to understand only the 2 fields from DOAP (name and homepage). If additional information from DOAP is included within the SPDX document, an SPDX 1.0 compliant parser may silently ignore the additional information. Folks on the 2010-11-18 general call accepted the ArtifactOf proposal, and rejected the 'File origin' proposal.” On 11/17/10 5:23 PM, "Philip Odence" <podence@...> wrote: Meeting Time: Nov18, 8am PDT / 10 am CDT / 11am EDT / 16:00 UTC. http://www.timeanddate.com/worldclock/converter.html Bill Schineller Knowledge Base Manager Black Duck Software Inc. T: +1.781.810.1829 F: +1.781.891.5145 E: bschineller@... http://www.blackducksoftware.com
|
|
|
|
SPDX License Review Meeting: Part 2
Kim Weins
8:00 AM - 9:00 AM November 19, 2010
|
|
|
|
Re: artifactof proposal ratified... but couldn't post comment (Martin?)
Martin Michlmayr
I'm not sure why the system would flag this comment as spam but the
toggle quoted messageShow quoted text
logs confirm that it did. I changed a setting so that comments marked as spam are no longer discarded; instead they require manual approval. Please post the comment again and I'll approve it. * Bill Schineller <bschineller@...> [2010-11-18 17:01]:
Per our call, I attempted to comment on the ratification of the artifactof proposal by commenting on the wiki page --
Martin Michlmayr Open Source Program Office, Hewlett-Packard
|
|
|