Date   

Re: GPL vX or later issue

Don Armstrong
 

On Tue, 09 Nov 2010, dmg wrote:
But from a modeling point of view, I see the statement "any newer
version of the license" as a licensing statement that gets
conjuncted to the GPL. In other words, the license is the
concatenation of the clauses of the GPL plus the "any newer version
of the license".
No, it's not. GPLv3 and v2 conflict with each other, so a license
which is the conjunction of both v2 and v3 is nonsensical. There's a
reason why the full language of the recommended licensing clause for
GPL'ed works is

This program is free software: you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

not

[...] and any later version.

The use of GPLv2+ and similar terms is just a shorthand to indicate
that you can use the work under one of GPLv2 or GPLv3 (and some later
version of the GPL when/if it comes out).

This is an entirely separate situation from a codebase which forms a
derivative work which has some code under GPLv2 and other code under
GPLv3. [Such a derivative work is generally considered to be
undistributable, because the terms of GPLv2 (§6 and §7) cannot be
satisfied.]


Don Armstrong

--
For a moment, nothing happened. Then, after a second or so, nothing
continued to happen.
-- Douglas Adams

http://www.donarmstrong.com http://rzlab.ucr.edu


Re: GPL vX or later issue

Bruno Cornec <Bruno.Cornec@...>
 

Jilayne Lovejoy said on Tue, Nov 09, 2010 at 07:53:12PM -0700:

a. Code is licensed under GPL v2 or later - this essentially
creates a licensing choice of GPL v2 OR GPL v3
Which is only true at that moment of time. If/when GPLv4 is available,
you would miss that one. So it's important to keep the fact that the
author stated that it's GPLv2+ to cover this.
So it's not simply OR. It's OR with potential licenses that do not
exist. Making it IMHO a beast in itself.

Bruno.
--
Open Source & Linux Profession Lead EMEA / http://opensource.hp.com
HP/Intel/Red Hat Open Source Solutions Initiative / http://www.hpintelco.net
http://www.HyPer-Linux.org http://mondorescue.org http://project-builder.org
La musique ancienne? http://www.musique-ancienne.org http://www.medieval.org


Re: GPL vX or later issue

Peter Williams <peter.williams@...>
 

On 11/10/10 1:47 AM, Bruno Cornec wrote:
Jilayne Lovejoy said on Tue, Nov 09, 2010 at 07:53:12PM -0700:

a. Code is licensed under GPL v2 or later - this essentially
creates a licensing choice of GPL v2 OR GPL v3
Which is only true at that moment of time. If/when GPLv4 is available,
you would miss that one. So it's important to keep the fact that the
author stated that it's GPLv2+ to cover this.
So it's not simply OR. It's OR with potential licenses that do not
exist.
Yeah, it does have the issue that the members of the set change over time. However, at any particular moment in time (i.e. any time you are doing anything with an SPDX file) it can be treat as a simple disjunctive set (all the members are known).

Making it IMHO a beast in itself.
I agree. It seems to me that this "or later version" scenario is something that should be handled explicitly. Shoehorning it into the license model feels clumsy.

Peter


Re: GPL vX or later issue

dmg
 

On Tue, Nov 9, 2010 at 10:08 PM, Don Armstrong <don@...> wrote:
n Tue, 09 Nov 2010, dmg wrote:
But from a modeling point of view, I see the statement "any newer
version of the license" as a licensing statement that gets
conjuncted to the GPL. In other words, the license is the
concatenation of the clauses of the GPL plus the "any newer version
of the license".
No, it's not. GPLv3 and v2 conflict with each other, so a license
which is the conjunction of both v2 and v3 is nonsensical. There's a
reason why the full language of the recommended licensing clause for
GPL'ed works is
you are misreading my clause. When I say "any newer version" it
means I give you the choice to use any newer version.
Just that. The license is the concatenation of the GPL license plus
this statement.

--dmg


--
--dmg

---
Daniel M. German
http://turingmachine.org


Reminder: SPDX License Review Meeting Friday

Kim Weins
 

Reminder -- for people that want to attend

------ Original Appointment

From: kim.weins@...

When: 9:00 AM - 10:00 AM November 12, 2010
Subject: License Review Meeting
Location: Dial in below

We will review the license list and address issues.


US 866-740-1260
Int'l http://www.readytalk.com/support/international-numbers.php

ID 2404502

Web Meeting
Www.readytalk.com
ID 2404502

------ End Of Original Appointment


Re: Reminder: SPDX License Review Meeting Friday - Time 11-12 ET

Kim Weins
 

Hi guys, for some reason mywhen I sent the reminder from my calendar, it
didn't show time zone. The meeting is 11ET, 9MT, 8PT, etc

Kim


On Thu 11/11/10 9:13 AM, "Kim Weins" <kim.weins@...> wrote:

Reminder -- for people that want to attend

------ Original Appointment

From: kim.weins@...

When: 9:00 AM - 10:00 AM November 12, 2010
Subject: License Review Meeting
Location: Dial in below

We will review the license list and address issues.


US 866-740-1260
Int'l http://www.readytalk.com/support/international-numbers.php

ID 2404502

Web Meeting
Www.readytalk.com
ID 2404502

------ End Of Original Appointment


_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @OpenLogic

OpenLogic, Inc.
Headquarters, Broomfield, Colorado


Agenda for License Review Meeting

Kim Weins
 

GPL “or later” issue
-
        is there consensus on list around leaving as is in terms of listing “GPL v2 only” separately from “GPL v2 or later” with differentiation showing in header text and then links to all “or later” license texts ??
 
GPL & LGPL exceptions
-
        seems like there is general agreement that each exception should be listed as a separate license on the list
-
        need help generating a list of the commonly used exceptions and how they are named with some kind of consistency in naming
 
Python licenses
-
        currently we have just the two OSI approved licenses, using the OSI long titles for the licenses – Tom I found some other versions, but the naming is a bit inconsistent (in terms of what they are referred to in the field, Tom’s email included some practical clarification on this in terms of matching the license to the software version)
-
        do we need to add others?  If so, which ones and how to name?
 
older license versions that are missing:
-
        we don’t have EUPL v1.0, MPL v1.0, NPL v1.0, other OSL versions, AFL, etc.
 
 
license-specific issues:
-
        X.Net License à this is really an LGPL notice + special exception - should we have it as a separate license?
-
        Zlib/libpng License à note: this is the zlib license, but OSI calls it the zlib/libpng license.  Yet there is a different license for libpng:  see http://www.libpng.org/pub/png/src/libpng-LICENSE.txt <http://www.libpng.org/pub/png/src/libpng-LICENSE.txt>
 
 


Re: License List spreadsheet v1.1

Tom Incorvia
 

Originally sent 2010-Oct-21.  For discussion at today’s License Review Meeting, agenda item, “Python Licenses”.  Tom

 

Tom Incorvia

tom.incorvia@...

Direct:  (512) 340-1336

Mobile: (408) 499 6850

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Tom Incorvia
Sent: Thursday, October 21, 2010 9:51 AM
To: Tom "spot" Callaway
Cc: Jilayne Lovejoy; spdx@...; kate.stewart@...
Subject: RE: License List spreadsheet v1.1

 

FYI, I did a compare of Python 3.2 LICENSE to the much earlier 2.0.1 AFTER removing the history information – so the compare started with the statement “TERMS AND CONDITIONS FOR ACCESSING OR OTHERWISE USING PYTHON”. 

 

The licenses are the same other than adding to the list of copyright years and changing the title “CWI PERMISSIONS STATEMENT AND DISCLAIMER” TO “CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2”.  I have attached the compare.

 

I also noticed that the license link for particular versions of the Python software don’t always match.  For instance the link http://www.python.org/download/releases/2.4.6/license/ links to a license titled 2.4.4 license.  Similarly the URL for 3.0.1 points to a license titled 2.6.1.  There are others.

 

Between versions 2.4.4 and 2.5 “Version 2” is added to the license.  But the changes continue to be limited to extensions of the copyright years.

 

I believe that the discrete licenses are:

 

-          CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2

-          CNRI LICENSE AGREEMENT FOR PYTHON 1.6.1

-          Python Version 1 (Covers Python after 1.6.1 and prior to 2.5)

-          Python Version 2 (Covers Python 2.5 and after)

 

 

Thanks,

 

Tom

 

Tom Incorvia

tom.incorvia@...

Direct:  (512) 340-1336

Mobile: (408) 499 6850


GPLv3 Variants

Mark Radcliffe
 

I think that we need to take into account the fact that GPLv3 permits six "additional terms" (see below). Since they you could have many variants, perhaps the best approach is to have a category for "GPLv3 with Permitted Additions". I am open to other suggestions.
 

7. Additional Terms.

“Additional permissions” are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions.

When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission.

Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:

  • a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or
  • b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or
  • c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or
  • d) Limiting the use for publicity purposes of names of licensors or authors of the material; or
  • e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or
  • f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors.

All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying.

If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms.

Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way.

Please consider the environment before printing this email.


The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.


Re: GPLv3 Variants

Tom Incorvia
 

Hi Mark,

 

I agree that there could be many variants.  Since we will not be able to interpret the additional terms in any clean fashion (including a certainty that an included term is or is not a “further restriction” that may be removed), I suggest that:

 

1.       We leave GPL v3 with additions out of the Rev-1 license list

2.       In the event that we find a very frequently used GPL V3 with additions, perhaps we name it uniquely, for instance “GPL V3 Modified by [Organization] for [Component]. 

 

My logic on (1) initially leaving out and (2) naming uniquely when we must, is based on never having seen a GPL v3 with permitted additions.  I do, however, travel in the commercial world – perhaps it is different in open source centric environment – is anyone aware of frequently used GPL v3 with permitted additions so we can consider this approach with a bit more data?

 

Tom

 

Tom Incorvia

tom.incorvia@...

Direct:  (512) 340-1336

Mobile: (408) 499 6850

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Radcliffe, Mark
Sent: Sunday, November 14, 2010 2:58 PM
To: spdx@...
Subject: GPLv3 Variants

 

I think that we need to take into account the fact that GPLv3 permits six "additional terms" (see below). Since they you could have many variants, perhaps the best approach is to have a category for "GPLv3 with Permitted Additions". I am open to other suggestions.

 

7. Additional Terms.

“Additional permissions” are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions.

When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission.

Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:

  • a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or
  • b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or
  • c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or
  • d) Limiting the use for publicity purposes of names of licensors or authors of the material; or
  • e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or
  • f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors.

All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying.

If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms.

Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way.

Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.

 

 

Click here to report this email as spam.

This message has been scanned for viruses by MailController.


VS: GPL vX or later issue

Martin von Willebrand
 

-
>> Which is only true at that moment of time. If/when GPLv4 is available,
>> you would miss that one. So it's important to keep the fact that the
>> author stated that it's GPLv2+ to cover this.
>> So it's not simply OR. It's OR with potential licenses that do not
>> exist.
>
>Yeah, it does have the issue that the members of the set change over
>time.  However, at any particular moment in time (i.e. any time you are
>doing anything with an SPDX file) it can be treat as a simple
>disjunctive set (all the members are known).
>
>> Making it IMHO a beast in itself.
>
>I agree.  It seems to me that this "or later version" scenario is
>something that should be handled explicitly.  Shoehorning it into the
>license model feels clumsy.

(I am restarting participation after a longer pause.)

Was the question on license attachment clauses decided in the teleconf last week? Are different attachment clauses classified as licenses for the time being or will SPDX be added with separate taxonomy for explaining different license attachments?

Looking at the spec, it is currently unclear for me how one should report a file (or package) with a license attachment clause allowing choosing between GPLv2, any later GPL version, MPL 1.1 or any later MPL version. This needs to be treated somehow, and preferably captured so that this information needs not to be rechecked (unless for quality control).

Is there a "declared license" in a package, if there is just the text of the license in a separate file, with no license attachment statements? Based on the spec, I assume yes, but the text in the spec is a little vague.

Also, the wiki on license texts currently holds placeholders for a number of "license+exception" licenses. What is the standing on this, should these be elaborated to contain the text of the exception so that misunderstandings are less likely?

Br,
Martin

PS. Some other comments on the standard:

1. Licenses detected information under section 3 of the standard seems to be something that repeats parts of information from section 5 of the standard. (With the exception that non-standard licenses are introduced with the help of section 3.)

2. I'm wondering how could the "license tree" of a package be better reflected in the standard. (It can be derived form sec 5. Perhaps that's enough.) E.g. We use a conclusion that a license.txt file containing e.g. LGPL 2.1 license text is concluded to apply to all files in that folder and subfolder, if the files do not contain any license attachment statements and there is no contradicting information. I believe others need to address the same question since files with no license information is a very frequent issue. Viewing licenses as a tree helps in this analysis. Recording licenses detected under section 3 with path information would actually mean even more repeating of information, thus not good. On the other hand, sec 5 is not well suited for information analysis, but for information storage. Hmmm...

PPS. Generic update: what is the timetable for the standard? What type of changes are anticipated or considered prior to release of version 1.0? What goes to future versions?


Martin von Willebrand, Attorney-at-law, Partner
HH Partners, Attorneys-at-law Ltd
Mannerheimintie 14 A
P.O. Box 232, 00101 Helsinki, Finland
Tel: +358 9 177 613, Fax: +358 9 653 873
GSM: +358 40 770 1818
martin.vonwillebrand@...
www.twitter.com/mvonwillebrand
www.hhpartners.fi
Validos ry, Chairman, www.validos.org
Have you checked our renewed web pages, at www.hhpartners.fi?
Privileged and confidential information may be contained in this message. If you are not addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, kindly notify us by reply e-mail and delete this message immediately. Thank you.


Re: VS: GPL vX or later issue

Philip Odence
 

Martin, regarding your PPS
We are aiming for an end of the year version with more or less frozen features. It won't be released until it's been through some more extensive testing, but we don't expect adding a lot of features after that point.
There is a wiki page on spdx.org that houses beyond 1.0 ideas: http://www.spdx.org/wiki/ideas-after-10-spec

Phil


L. Philip Odence
Vice President of Business Development
Black Duck Software, inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502

On Nov 15, 2010, at 6:39 AM, Martin von Willebrand wrote:

-
>> Which is only true at that moment of time. If/when GPLv4 is available,
>> you would miss that one. So it's important to keep the fact that the
>> author stated that it's GPLv2+ to cover this.
>> So it's not simply OR. It's OR with potential licenses that do not
>> exist.
>
>Yeah, it does have the issue that the members of the set change over
>time.  However, at any particular moment in time (i.e. any time you are
>doing anything with an SPDX file) it can be treat as a simple
>disjunctive set (all the members are known).
>
>> Making it IMHO a beast in itself.
>
>I agree.  It seems to me that this "or later version" scenario is
>something that should be handled explicitly.  Shoehorning it into the
>license model feels clumsy.

(I am restarting participation after a longer pause.)

Was the question on license attachment clauses decided in the teleconf last week? Are different attachment clauses classified as licenses for the time being or will SPDX be added with separate taxonomy for explaining different license attachments?

Looking at the spec, it is currently unclear for me how one should report a file (or package) with a license attachment clause allowing choosing between GPLv2, any later GPL version, MPL 1.1 or any later MPL version. This needs to be treated somehow, and preferably captured so that this information needs not to be rechecked (unless for quality control).

Is there a "declared license" in a package, if there is just the text of the license in a separate file, with no license attachment statements? Based on the spec, I assume yes, but the text in the spec is a little vague. 

Also, the wiki on license texts currently holds placeholders for a number of "license+exception" licenses. What is the standing on this, should these be elaborated to contain the text of the exception so that misunderstandings are less likely? 

Br,
Martin

PS. Some other comments on the standard: 

1. Licenses detected information under section 3 of the standard seems to be something that repeats parts of information from section 5 of the standard. (With the exception that non-standard licenses are introduced with the help of section 3.)

2. I'm wondering how could the "license tree" of a package be better reflected in the standard. (It can be derived form sec 5. Perhaps that's enough.) E.g. We use a conclusion that a license.txt file containing e.g. LGPL 2.1 license text is concluded to apply to all files in that folder and subfolder, if the files do not contain any license attachment statements and there is no contradicting information. I believe others need to address the same question since files with no license information is a very frequent issue. Viewing licenses as a tree helps in this analysis. Recording licenses detected under section 3 with path information would actually mean even more repeating of information, thus not good. On the other hand, sec 5 is not well suited for information analysis, but for information storage. Hmmm... 

PPS. Generic update: what is the timetable for the standard? What type of changes are anticipated or considered prior to release of version 1.0? What goes to future versions?


Martin von Willebrand, Attorney-at-law, Partner
HH Partners, Attorneys-at-law Ltd
Mannerheimintie 14 A
P.O. Box 232, 00101 Helsinki, Finland
Tel: +358 9 177 613, Fax: +358 9 653 873
GSM: +358 40 770 1818 
martin.vonwillebrand@... 
www.twitter.com/mvonwillebrand
www.hhpartners.fi 
Validos ry, Chairman, www.validos.org
Have you checked our renewed web pages, at www.hhpartners.fi?
Privileged and confidential information may be contained in this message. If you are not addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, kindly notify us by reply e-mail and delete this message immediately. Thank you.
<ATT00001..c>


Re: VS: GPL vX or later issue

Kim Weins
 

Adding to the answer on timing — we would expect that the version due around the end of the year would be a “release candidate”.  It would not go “final” till after Beta testing.  

However, there will be a process for updating the license list on an ongoing basis as needed — separate from revisions of the SPDX versions.  This process for updating licenses has not been completely flushed out, but the idea is that people can submit new licenses at any point in time.  There will be a review process and the person that wants to add the license will need to sign up for doing a little technical work to set up the page in the license database.

Kim



On Mon 11/15/10 7:12 AM, "Philip Odence" <podence@...> wrote:

Martin, regarding your PPS
We are aiming for an end of the year version with more or less frozen features. It won't be released until it's been through some more extensive testing, but we don't expect adding a lot of features after that point.
There is a wiki page on spdx.org <http://spdx.org>  that houses beyond 1.0 ideas: http://www.spdx.org/wiki/ideas-after-10-spec

 <http://www.spdx.org/wiki/ideas-after-10-spec> Phil


L. Philip Odence
Vice President of Business Development
Black Duck Software, inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502
podence@...
http://www.blackducksoftware.com
http://twitter.com/podence
http://www.linkedin.com/in/podence
http://www.networkworld.com/community/odence (my blog)

On Nov 15, 2010, at 6:39 AM, Martin von Willebrand wrote:

-
>> Which is only true at that moment of time. If/when GPLv4 is available,
>> you would miss that one. So it's important to keep the fact that the
>> author stated that it's GPLv2+ to cover this.
>> So it's not simply OR. It's OR with potential licenses that do not
>> exist.
>
>Yeah, it does have the issue that the members of the set change over
>time.  However, at any particular moment in time (i.e. any time you are
>doing anything with an SPDX file) it can be treat as a simple
>disjunctive set (all the members are known).
>
>> Making it IMHO a beast in itself.
>
>I agree.  It seems to me that this "or later version" scenario is
>something that should be handled explicitly.  Shoehorning it into the
>license model feels clumsy.

(I am restarting participation after a longer pause.)

Was the question on license attachment clauses decided in the teleconf last week? Are different attachment clauses classified as licenses for the time being or will SPDX be added with separate taxonomy for explaining different license attachments?

Looking at the spec, it is currently unclear for me how one should report a file (or package) with a license attachment clause allowing choosing between GPLv2, any later GPL version, MPL 1.1 or any later MPL version. This needs to be treated somehow, and preferably captured so that this information needs not to be rechecked (unless for quality control).

Is there a "declared license" in a package, if there is just the text of the license in a separate file, with no license attachment statements? Based on the spec, I assume yes, but the text in the spec is a little vague.

Also, the wiki on license texts currently holds placeholders for a number of "license+exception" licenses. What is the standing on this, should these be elaborated to contain the text of the exception so that misunderstandings are less likely?

Br,
Martin

PS. Some other comments on the standard:

1. Licenses detected information under section 3 of the standard seems to be something that repeats parts of information from section 5 of the standard. (With the exception that non-standard licenses are introduced with the help of section 3.)

2. I'm wondering how could the "license tree" of a package be better reflected in the standard. (It can be derived form sec 5. Perhaps that's enough.) E.g. We use a conclusion that a license.txt file containing e.g. LGPL 2.1 license text is concluded to apply to all files in that folder and subfolder, if the files do not contain any license attachment statements and there is no contradicting information. I believe others need to address the same question since files with no license information is a very frequent issue. Viewing licenses as a tree helps in this analysis. Recording licenses detected under section 3 with path information would actually mean even more repeating of information, thus not good. On the other hand, sec 5 is not well suited for information analysis, but for information storage. Hmmm...

PPS. Generic update: what is the timetable for the standard? What type of changes are anticipated or considered prior to release of version 1.0? What goes to future versions?


Martin von Willebrand, Attorney-at-law, Partner
HH Partners, Attorneys-at-law Ltd
Mannerheimintie 14 A
P.O. Box 232, 00101 Helsinki, Finland
Tel: +358 9 177 613, Fax: +358 9 653 873
GSM: +358 40 770 1818
martin.vonwillebrand@...
www.twitter.com/mvonwillebrand <http://www.twitter.com/mvonwillebrand>
www.hhpartners.fi <http://www.hhpartners.fi>  
Validos ry, Chairman, www.validos.org <http://www.validos.org>
Have you checked our renewed web pages, at www.hhpartners.fi <http://www.hhpartners.fi/?ref=mail> ?

Privileged and confidential information may be contained in this message. If you are not addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, kindly notify us by reply e-mail and delete this message immediately. Thank you.
<#> <ATT00001..c>



_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx


Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @OpenLogic

OpenLogic, Inc.
Headquarters, Broomfield, Colorado





Technical team recommendation regarding file provenance proposals

Peter Williams <peter.williams@...>
 

The two open, overlapping, proposals for showing the provenance of files in an SPDX document are up for approval at the next SPDX full group meeting. Proposal 2010-10-21-2 [1] proposes adding optional 'Project' and 'ProjectURL' properties to File objects. Proposal 2010-10-21-3 [2] proposes adding an optional 'ArtifactOf' property, whose value is a DOAP project, to File objects.

After careful consideration the technical team recommends proposal 2010-10-21-3 [2] (the proposal for an optional 'ArtifactOf' property) be accepted by the full SPDX group. The technical team also recommends that proposal 2010-10-21-2 [1] be rejected due to its redundancy with the changes in proposal 2010-10-21-3 [2].

Peter
www.openlogic.com

[1]: <http://www.spdx.org/wiki/proposal-2010-10-21-2-file-origin>
[2]: <http://www.spdx.org/wiki/proposal-2010-10-21-3-artifactof>


Examples posted

Dave McLoughlin
 

Finally!  Sorry about the delay.  I took the examples that were already in the wiki area (http://spdx.org/wiki/openlogic-spdx-10-beta-examples) that Peter W posted some time ago and posted them in the main examples area.  http://spdx.org/spec/examples

Please take a look and let me know if you have any questions.

Also, Gary, can you take a look at the zlib example we created at OpenLogic for 1.2.3 and 1.2.5 and let me know if you have any questions or comments?

Martin and Kate, thanks again for getting my site privileges set up so I could do this.

Cheers,

--
Dave McLoughlin | OpenLogic



Agenda for 18 November SPDX Call

Philip Odence
 

Meeting Time: Nov18, 8am PDT / 10 am CDT / 11am EDT / 16:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF
Web:
Note, we will be using a different URL for each meeting for purposes of taking attendance. When you login PLEASE INCLUDE YOUR FULL NAME IN THIS FORM: Phil Odence, Black Duck Software so I can just copy/paste into minutes. THX. 
http://blackducksoftware.na6.acrobat.com/spdx8nov10/
 

Administrative Agenda
Attendance
Outreach and evangelism:
Common Messaging/Presentation – PhilO
Industry Venues – PhilR
Website – PhilO/Martin (defer to Org Structure discussion)
Roll Out Update - KimW/JohnE
Legal Update - Rockett
SPDX Group Organizational Structure - PhilO
 
Action Items
Note: Drafting related action items are embedded in the Wiki. http://www.spdx.org/wiki/spdx/specification
• Dave - Clean up the WIKI to only have analysis visible that reflects current spec.  ON HOLD FOR MARTIN TO PROVIDE PRIVS; SHOULD BE UNDERWAY
• Dave/JeffL - Update zlib based on new specification  DONE, BUT AWAITING FEEDBACK
• PeterW- Implement issue tracking system.  BLOCKED ON KATE
• Kate - submit ids to Linux Foundation so infrastructure setup can proceed - PENDING
• Kate- Draft example for LF Member Counsel; include XML and corresponding spreadsheet (or spreadsheet-like) format. PENDING
• Phil R - Update Industry Events. IN PROCESS
• Rockett- Mail out trademark policy draft to SPDX list. WAITING FOR SIGNOFF BY LF
• Rockett- Query status of trademark application TBD
• Kim- Send out invite for next licensing meeting. DONE. WILL INCLUDE FOLKS FROM DEBIAN.
• All- Review 6 months mail and contrast against licensing group spreadsheet. FOR NEXT LICENSE GRP MEETING
• All- If you can't attend meeting, post feedback/vote to list on 5.6/5.7 proposals. FOR TECH AGENDA NXT MTG.
• Kate- Write up formal proposal on SHA field change and mail to list. IN PROCESS
• All- Review SHA field change proposal for technical flaws; if so, discuss on list. FOR TECH AGENDA NXT MEETING
• Kate- Add back to SPEC page in WIKI preferred syntax for adding comments. TBD

Technical Agenda
Spec Status Update- Kate
License Group Update- Kim
RDF Group Update- Bill
Resolution on recommendation of proposal 2 by RDF team
[1]: <http://www.spdx.org/wiki/proposal-2010-10-21-2-file-origin>
[2]: <http://www.spdx.org/wiki/proposal-2010-10-21-3-artifactof>
Repository Changes- Kate



L. Philip Odence
Vice President of Business Development
Black Duck Software, inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502


new release of Ninka

dmg
 

Hi everybody,

We are releasing a minor update to our license identification tool. The
major difference with version 1.0-pre1 is packaging. We no longer
require the user to download and patch the sentence splitter. It should
be easier to use.

We also thank Armijn Hemel for his help with the documentation.

http://turingmachine.org/~dmg/temp/ninka-1.0-pre2.tar.bz2


Enjoy!

--dmg


--
--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .


artifactof proposal ratified... but couldn't post comment (Martin?)

Bill Schineller
 

Per our call, I attempted to comment on the ratification of the artifactof proposal by commenting on the wiki page

http://www.spdx.org/wiki/proposal-2010-10-21-3-artifactof


Unfortunately, the wiki told me my comment triggered the spam filter and wouldn’t save it.
Here is the comment (Martin?)

“2010-11-18 general call feedback

By choosing to reference DOAP model, we are tacitly approving that an SPDX document may include with it additional information which is in the DOAP vocabulary.

We are requiring that an SPDX 1.0 compliant parser be able to understand only the 2 fields from DOAP (name and homepage).

If additional information from DOAP is included within the SPDX document, an SPDX 1.0 compliant parser may silently ignore the additional information.

Folks on the 2010-11-18 general call accepted the ArtifactOf proposal, and rejected the 'File origin' proposal.”





On 11/17/10 5:23 PM, "Philip Odence" <podence@...> wrote:

Meeting Time: Nov18, 8am PDT / 10 am CDT / 11am EDT / 16:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?
<https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?> ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF
Web:
Note, we will be using a different URL for each meeting for purposes of taking attendance. When you login PLEASE INCLUDE YOUR FULL NAME IN THIS FORM: Phil Odence, Black Duck Software so I can just copy/paste into minutes. THX.
http://blackducksoftware.na6.acrobat.com/spdx8nov10/


Administrative Agenda
Attendance
Approval of minutes
   http://www.spdx.org/wiki/20101104-minutes
Outreach and evangelism:
Common Messaging/Presentation – PhilO
Industry Venues – PhilR
Website – PhilO/Martin (defer to Org Structure discussion)
Roll Out Update - KimW/JohnE
Legal Update - Rockett
SPDX Group Organizational Structure - PhilO

Action Items
Note: Drafting related action items are embedded in the Wiki. http://www.spdx.org/wiki/spdx/specification
• Dave - Clean up the WIKI to only have analysis visible that reflects current spec.  ON HOLD FOR MARTIN TO PROVIDE PRIVS; SHOULD BE UNDERWAY
• Dave/JeffL - Update zlib based on new specification  DONE, BUT AWAITING FEEDBACK
• PeterW- Implement issue tracking system.  BLOCKED ON KATE
• Kate - submit ids to Linux Foundation so infrastructure setup can proceed - PENDING
• Kate- Draft example for LF Member Counsel; include XML and corresponding spreadsheet (or spreadsheet-like) format. PENDING
• Phil R - Update Industry Events. IN PROCESS
• Rockett- Mail out trademark policy draft to SPDX list. WAITING FOR SIGNOFF BY LF
• Rockett- Query status of trademark application TBD
• Kim- Send out invite for next licensing meeting. DONE. WILL INCLUDE FOLKS FROM DEBIAN.
• All- Review 6 months mail and contrast against licensing group spreadsheet. FOR NEXT LICENSE GRP MEETING
• All- If you can't attend meeting, post feedback/vote to list on 5.6/5.7 proposals. FOR TECH AGENDA NXT MTG.
• Kate- Write up formal proposal on SHA field change and mail to list. IN PROCESS
• All- Review SHA field change proposal for technical flaws; if so, discuss on list. FOR TECH AGENDA NXT MEETING
• Kate- Add back to SPEC page in WIKI preferred syntax for adding comments. TBD

Technical Agenda
Spec Status Update- Kate
License Group Update- Kim
RDF Group Update- Bill
Resolution on recommendation of proposal 2 by RDF team
[1]: <http://www.spdx.org/wiki/proposal-2010-10-21-2-file-origin>
[2]: <http://www.spdx.org/wiki/proposal-2010-10-21-3-artifactof>
Repository Changes- Kate



L. Philip Odence
Vice President of Business Development
Black Duck Software, inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502
podence@...
http://www.blackducksoftware.com
http://twitter.com/podence
http://www.linkedin.com/in/podence
http://www.networkworld.com/community/odence (my blog)



Bill Schineller
Knowledge Base Manager
Black Duck Software Inc.
T: +1.781.810.1829
F: +1.781.891.5145
E: bschineller@...
http://www.blackducksoftware.com


SPDX License Review Meeting: Part 2

Kim Weins
 

8:00 AM - 9:00 AM November 19, 2010
Location: See dial in infi below



US  866-740-1260
Int'l  http://www.readytalk.com/support/international-numbers.php

ID 2404502

Web Meeting
Www.readytalk.com
ID 2404502

We will finish addressing license list issues.

Python licenses
-         currently we have just the two OSI approved licenses, using the
OSI long titles for the licenses – Tom I found some other versions, but the
naming is a bit inconsistent (in terms of what they are referred to in the
field, Tom’s email included some practical clarification on this in terms of
matching the license to the software version)
-         do we need to add others?  If so, which ones and how to name?

older license versions that are missing:
-         we don’t have EUPL v1.0, MPL v1.0, NPL v1.0, other OSL versions,
AFL, etc.


license-specific issues:
-         X.Net License à this is really an LGPL notice + special exception
- should we have it as a separate license?
-         Zlib/libpng License à note: this is the zlib license, but OSI
calls it the zlib/libpng license.  Yet there is a different license for
libpng:  see http://www.libpng.org/pub/png/src/libpng-LICENSE.txt
<http://www.libpng.org/pub/png/src/libpng-LICENSE.txt>


Re: artifactof proposal ratified... but couldn't post comment (Martin?)

Martin Michlmayr
 

I'm not sure why the system would flag this comment as spam but the
logs confirm that it did. I changed a setting so that comments marked
as spam are no longer discarded; instead they require manual approval.
Please post the comment again and I'll approve it.

* Bill Schineller <bschineller@...> [2010-11-18 17:01]:

Per our call, I attempted to comment on the ratification of the artifactof proposal by commenting on the wiki page

http://www.spdx.org/wiki/proposal-2010-10-21-3-artifactof


Unfortunately, the wiki told me my comment triggered the spam filter and wouldn’t save it.
Here is the comment (Martin?)

“2010-11-18 general call feedback

“By choosing to reference DOAP model, we are tacitly approving that an SPDX document may include with it additional information which is in the DOAP vocabulary.

We are requiring that an SPDX 1.0 compliant parser be able to understand only the 2 fields from DOAP (name and homepage).

If additional information from DOAP is included within the SPDX document, an SPDX 1.0 compliant parser may silently ignore the additional information.

Folks on the 2010-11-18 general call accepted the ArtifactOf proposal, and rejected the 'File origin' proposal.”





On 11/17/10 5:23 PM, "Philip Odence" <podence@...> wrote:

Meeting Time: Nov18, 8am PDT / 10 am CDT / 11am EDT / 16:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code: 7812589502
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do? <https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?> ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF
Web:
Note, we will be using a different URL for each meeting for purposes of taking attendance. When you login PLEASE INCLUDE YOUR FULL NAME IN THIS FORM: Phil Odence, Black Duck Software so I can just copy/paste into minutes. THX. http://blackducksoftware.na6.acrobat.com/spdx8nov10/


Administrative Agenda
Attendance
Approval of minutes
http://www.spdx.org/wiki/20101104-minutes
Outreach and evangelism:
Common Messaging/Presentation – PhilO
Industry Venues – PhilR
Website – PhilO/Martin (defer to Org Structure discussion)
Roll Out Update - KimW/JohnE
Legal Update - Rockett
SPDX Group Organizational Structure - PhilO

Action Items
Note: Drafting related action items are embedded in the Wiki. http://www.spdx.org/wiki/spdx/specification
• Dave - Clean up the WIKI to only have analysis visible that reflects current spec. ON HOLD FOR MARTIN TO PROVIDE PRIVS; SHOULD BE UNDERWAY
• Dave/JeffL - Update zlib based on new specification DONE, BUT AWAITING FEEDBACK
• PeterW- Implement issue tracking system. BLOCKED ON KATE
• Kate - submit ids to Linux Foundation so infrastructure setup can proceed - PENDING
• Kate- Draft example for LF Member Counsel; include XML and corresponding spreadsheet (or spreadsheet-like) format. PENDING
• Phil R - Update Industry Events. IN PROCESS
• Rockett- Mail out trademark policy draft to SPDX list. WAITING FOR SIGNOFF BY LF
• Rockett- Query status of trademark application TBD
• Kim- Send out invite for next licensing meeting. DONE. WILL INCLUDE FOLKS FROM DEBIAN.
• All- Review 6 months mail and contrast against licensing group spreadsheet. FOR NEXT LICENSE GRP MEETING
• All- If you can't attend meeting, post feedback/vote to list on 5.6/5.7 proposals. FOR TECH AGENDA NXT MTG.
• Kate- Write up formal proposal on SHA field change and mail to list. IN PROCESS
• All- Review SHA field change proposal for technical flaws; if so, discuss on list. FOR TECH AGENDA NXT MEETING
• Kate- Add back to SPEC page in WIKI preferred syntax for adding comments. TBD

Technical Agenda
Spec Status Update- Kate
License Group Update- Kim
RDF Group Update- Bill
Resolution on recommendation of proposal 2 by RDF team
[1]: <http://www.spdx.org/wiki/proposal-2010-10-21-2-file-origin>
[2]: <http://www.spdx.org/wiki/proposal-2010-10-21-3-artifactof>
Repository Changes- Kate



L. Philip Odence
Vice President of Business Development
Black Duck Software, inc.
265 Winter Street, Waltham, MA 02451
Phone: 781.810.1819, Mobile: 781.258.9502
podence@...
http://www.blackducksoftware.com
http://twitter.com/podence
http://www.linkedin.com/in/podence
http://www.networkworld.com/community/odence (my blog)



Bill Schineller
Knowledge Base Manager
Black Duck Software Inc.
T: +1.781.810.1829
F: +1.781.891.5145
E: bschineller@...
http://www.blackducksoftware.com
--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard

181 - 200 of 1590