|
Migration to SPDX
Ashok Madugula
Hi : We are planning to migrate to SPDX Licenses. If we are using general MIT License . Can we replace the existing license file with SPDX Identifier ? Do we need to generate new SPDX Document and publish them regularly ?
Regards Ashok Madugula
|
|
|
|
Re: Question on creating new SPDX Identifier
Gary O'Neall
Hi Ashok,
Based on the license matching guidelines, the text matches MIT. You can test the license text using the SPDX online tools at http://13.57.134.254/app/check_license/
Gary
From: spdx@... <spdx@...> On Behalf Of Ashok Madugula
Sent: Wednesday, January 15, 2020 12:54 AM To: spdx@... Subject: [spdx] Question on creating new SPDX Identifier
HI : We are using the following license which is almost same as X11 . Do we need to raise a request for new SPDX Identifier ? If so , can you let us know the process ?
*************************************************** LICENSE START Copyright (C) YYYY – YYYY Xilinx, Inc. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. LICENSE END *****************************************************
This is almost same as X11 .
************************************************
X11 License Copyright (C) 1996 X Consortium Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of the X Consortium shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from the X Consortium. X Window System is a trademark of X Consortium, Inc.
Regards Ashok Madugula This email and any attachments are intended for the sole use of the named recipient(s) and contain(s) confidential information that may be proprietary, privileged or copyrighted under applicable law. If you are not the intended recipient, do not read, copy, or forward this email message or any attachments. Delete this email message and any attachments immediately.
|
|
|
|
Question on creating new SPDX Identifier
Ashok Madugula
HI : We are using the following license which is almost same as X11 . Do we need to raise a request for new SPDX Identifier ? If so , can you let us know the process ?
*************************************************** LICENSE START Copyright (C) YYYY – YYYY Xilinx, Inc. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. LICENSE END *****************************************************
This is almost same as X11 .
************************************************
X11 License Copyright (C) 1996 X Consortium Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of the X Consortium shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from the X Consortium. X Window System is a trademark of X Consortium, Inc.
Regards Ashok Madugula
|
|
|
|
[ANNOUNCE] Open source license compliance tooling meeting and hackathon on January 31st 2020 pre-FOSDEM fringe event in Bruxelles, Belgium
Philippe Ombredanne
If you care about open source compliance automation and if you are
going to FOSDEM there is a one day hackathon and meeting taking place the day before FOSDEM on Friday January 31st as "fringe" event, in Bruxelles, Belgium. The topic is open source compliance tooling and automation... the format is an unconference. I expect several open source projects in that space to be represented there including ORT, Fossology, ClearlyDefined, SPDX tools, Scancode and many more. I am co-organizing this with Michael Jaeger from Fossology. See https://docs.google.com/document/d/1UphruKKAlsoUEidPCwTF2LCcHFnQkvQCQ9luTXfDupw/edit#heading=h.p2d7mni4lrcu for details. To "register", just add you name to this document! (alternatively you can reply to me off list too) I look forward to seeing you there! -- Cordially Philippe Ombredanne +1 650 799 0949 | pombredanne@... DejaCode - What's in your code?! - http://www.dejacode.com AboutCode - Open source for open source - https://www.aboutcode.org nexB Inc. - http://www.nexb.com
|
|
|
|
SPDX General Meeting
Phil Odence
Here’s a new invite for 2020. Please accept the recurring meeting Note there will be no SPDX General Meeting in January. **** New dial in number:
415-881-1586 No PIN needed The weblink for screenshare:
|
|
|
|
Thursday SPDX General Meeting Reminder
Phil Odence
In addition to the General Meeting reminder: As you may know, a couple of months ago (with great help from Shane Coughlin) we launched a short survey to help steer the future of SPDX. The doors will close on the survey Dec 31. We would like to get as many responses as possible from anyone who has even the lightest level of involvement or interest. So, please, fill this out yourself and forwarded it on to any of your contacts the might be willing to provide some input. I promise we will take the feedback seriously. THANK YOU! https://forms.gle/FK2zR5TV5E44W7Cc7
GENERAL MEETING
Meeting Time: Thurs, Dec 5, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval:
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
Thursday SPDX General Meeting Reminder
Phil Odence
I will not be available for this month’s meeting, but the show must go on. Phil
GENERAL MEETING
Meeting Time: Thurs, Nov, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-10-03
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack not available
Any Cross Functional Issues –All
|
|
|
|
Seeking public comments for the OpenChain specification ISO format version 2.1
Mark Gisi
We are seeking public comments for the next version of OpenChain specification which will conclude on December 10th.
For those new to the specification - The OpenChain project has developed a specification that defines a core set of requirements that a trusted open source compliance program is expected to satisfy. To obtain a better understanding of the goals and the context in which the specification was developed before providing feedback, you can review the following FAQ list.
The big change over the current 2.0 version was reformatting the document layout into one acceptable for ISO submission and adoption. Other than very minor clarification edits, the content has largely remained unchanged. If a company is conformant with version 2.0 - they would remain conformant with 2.1.
The current draft is available at: https://wiki.linuxfoundation.org/_media/openchain/openchainspec-2.1.draft.pdf
Past readers of the spec might find the marked up version useful: https://wiki.linuxfoundation.org/_media/openchain/OpenChainSpec-2.1.draft.MarkUp.pdf
You can send feedback via: · the Mailing list: the list; · the issues wiki: issues list; or · replying to me directly if you wish to remain anonymous (mark.gisi@...)
best, Mark
Mark Gisi | Wind River | Director, IP & Open Source Tel (510) 749-2016 | Fax (510) 749-4552
|
|
|
|
SPDX General Meeting 2019 - Moving Nov Meeting
Phil Odence
The Nov General Meeting is moving out a week due to conflicts for most of the Core team.
I also have a conflict on the 14th, so someone else will chair in my stead. Phil
*****
I’m extending this recurring meeting to run through 2019. Please accept so it is updated on your calendar, however no need to send a response to me.
New dial in number:
415-881-1586 No PIN needed The weblink for screenshare will stay the same at:
|
|
|
|
Re: Thursday SPDX General Meeting Reminder
J Lovejoy
Hi Vladimir,
toggle quoted messageShow quoted text
We don't record the general meetings, but there are minutes, which are logged here: https://wiki.spdx.org/view/General_Meeting/Minutes Thanks, Jilayne SPDX legal team co-lead
On 10/1/19 8:42 AM, Vladimir Sitnikov
wrote:
|
|
|
|
SPDX Oct General Meeting Minutes
Phil Odence
https://wiki.spdx.org/view/General_Meeting/Minutes/2019-10-03
General Meeting/Minutes/2019-10-03< General Meeting | Minutes · Attendance: 10 · Lead by Kate Stewart · Minutes of Sept. meeting approved
Contents[hide] · 3 Outreach Team Report - Jack Legal Team – Steve· Working on the next release – 3.7 · Looking for volunteers to put together the XML and test files · Targeting next week · Small release · Trend – licenses that don’t strictly follow the open source definition (e.g. source available but some proprietary restrictions) · Discussion on whether these should be included and update the license inclusion principles – more information available at https://github.com/spdx/license-list-XML/issues/925 · Looking to make a decision early in the 3.8 release Tech Team Report - Kate· SPDX Lite · Changes are added as a pull request and will likely be accepted soon · Security fields to be added in 2.2 · Working with Uday on a Google Doc which will be turned into a pull request · Coordinating with Todo group and others · Looking at adjusting the minimum required fields to allow for security use cases without all the licensing · General support for reducing the number of mandatory fields · Steve will bring to the legal team the discussion on removing the of the mandatory legal related fields · GSoC – completed, all students passed · SPDX Tool updates which include the GSoC contributions are all checked in · Plan to update the spdxtools website within the next 2 weeks · Amazon will start using the namespace features soon · Request to add specification for the namespace · Mark agreed and will create a pull request · The license ID web page can also be updated Outreach Team Report - Jack· Survey · Working on summarizing the survey results Cross Functional· Several compliance and SPDX related talks planned for the Open Source Summit Europe in Lyon at the end of the month Attendees· Steve Winslow, LF · Gary O’Neall, SourceAuditor · Jack Manbeck, TI · Mark Atwood, Amazon · Paul Madick, Dimension Data · Nisha Kumar, VMWare · Rose Judge, VMWare · Matija Šuklje · William Bartholomew, Github · Dave McLoghlin, Rogue Wave
|
|
|
|
Re: Thursday SPDX General Meeting Reminder
Vladimir Sitnikov
Are the recordings available somewhere? I happen to be somewhat interested in SPDX (especially the licensing part of the spec), however, the meeting time does not always work for me. Vladimir
|
|
|
|
Thursday SPDX General Meeting Reminder
Phil Odence
We are still trying to line up a presentation from one of the GSoC students who has not yet presented; that’s up in the air.
I will not be able to join so one of the other Core Team members will host.
Best regards, Phil
GENERAL MEETING
Meeting Time: Thurs, Oct 3, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-09-05
Possible GSoC Presentations
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
Re: In favour of what are §4.9–4.11 deprecated?
On nedelja, 28. julij 2019 22:15:26 CEST, Gary O'Neall wrote:
[G.O.] The idea is that there would be a package definition. It could be in a separate SPDX document, or more likely, as a separate SPDX package definition within the same SPDX document. The originating package definition could have the FilesAnalyzed set to false which allows for a rather small number of required fields. The origin could then be indicated by a relationship between the file and the package.I see. Is there already any tooling available to make this actually usable in practice? Sw360, DejaCode? cheers, Matija — P.S. Sorry about the late reply, I had a lot going on in the past few weeks/months. -- gsm: tel:+386.41.849.552 www: https://matija.suklje.name xmpp: matija.suklje@... sip: matija_suklje@...
|
|
|
|
Re: SPDX Survey Results
Ian Kelling
Shane Coughlan <coughlan@...> writes:
Hello all! Hello all!Surveys are great, but there's one important problem with this one. In order to fill out your survey even read the complete questions, it requires downloading and running the google docs proprietary software in a browser which excludes people like myself who choose to avoid running proprietary software whenever possible. Background information about proprietary software in your browser: https://www.gnu.org/philosophy/javascript-trap.en.html. There are many reasons why it seems wrong to require people to run nonfree software to contribute, I hope its fairly obvious, I can list some if it isn't. -- Ian Kelling | Senior Systems Administrator, Free Software Foundation GPG Key: B125 F60B 7B28 7FF6 A2B7 DF8F 170A F0E2 9542 95DF https://fsf.org | https://gnu.org
|
|
|
|
Re: Adding a new opendata-focus license?
J Lovejoy
Hi Bastien,
toggle quoted messageShow quoted text
The process for requesting a new license be added to the SPDX License List is documented here: https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md (and happy to get your feedback on the documentation of the process!) By the way - It looks like you sent this to the general mailing list, not the legal mailing list, as this got caught up in our filter. I have released it (obviously), but you might want to make sure you are actually on the legal mailing list here: https://lists.spdx.org/g/spdx-legal (and I’m replying to both lists, but bcc the general list, as we try to keep specific topics to the specific lists) Thanks! Jilayne SPDX legal team co-lead
|
|
|
|
Adding a new opendata-focus license?
Dear all,
I'm working for Etalab, the mission for promoting and coordinating Open Data publications in the french public sector. The most commonly used license for french open data is the "Open License", published and maintained by Etalab. Roughly speaking, it is equivalent to a CC-by 4.0. You can read it here: https://www.etalab.gouv.fr/wp-content/uploads/2018/11/open-licence.pdf What is the process to ask and get a SPDX identifier for this license? I am sorry if the question has been raised before, I have been on this list since a few months only. Thanks in advance for any answer! Cheers, -- Bastien Guerry
|
|
|
|
SPDX General Meeting 2019 (updated conference link)
Phil Odence
Uberconference changed their platform; I’ve updated the link below. Please accept this recurring meeting. Thanks, Phil
*****
I’m extending this recurring meeting to run through 2019. Please accept so it is updated on your calendar, however no need to send a response to me.
New dial in number:
415-881-1586 No PIN needed The weblink for screenshare will stay the same at:
|
|
|
|
SPDX Sept General Meeting Minutes
Phil Odence
General Meeting/Minutes/2019-09-05< General Meeting | Minutes · Attendance: 17 · Lead by Phil Odence · Minutes of Aug meeting approved
Contents[hide] · 1 Special Presentations - Hiro Fukuchi, Sony · 3 Legal Team Report - Jilayne/Paul/Steve · 4 Outreach Team Report - Jack Special Presentations - Hiro Fukuchi, Sony[edit]· SPDX- Lite · Open Chain Japan Work Group · Member companies- Toyota, Denso, Panasonic, Pioneer, Sony, Fujitsu, Olympus, Renesas · Common Problem- Can’t get OSS information from suppliers (HW vendors, ODMs, SOC, partners…in Asia (China/Taiwan) and Japan · They don’t have complete information · Don’t have the tools to generate and evaluate · SPDX Lite is part of guidelines · Fits in at a fairly high level of maturity · OpenChain - “Making Process” · SPDX (and OSS tooling) - “Improving Process” · Most suppliers are at low levels of maturity · Looking not to fork, but to expand usage of SPDX Lite · Lite Description · Subset of SPDX · Minimum requirement · Can be manually generated · Proved in actual business use · Scenarios · 1 Unskilled suppliers · Useful at a lower level of maturity than SPDX requires · 2 Non-engineering Staff · More understandable by Legal and Procurement staff. · Skilled suppliers would still use full SPDX · OpenChain compliant suppliers would be sophisticated enough · Question: Is SPDX Lite fully SPDX compliant · Yes, all mandatory fields are included in SPDX Lite plus some of the optional fields may be included. Tech Team Report - Gary[edit]· Spec · Being worked in a GitHub repo · Set up for pull requests for 2.2 · Anyone who has ideas or proposed changes, please submit as a pull request · One in place is SPDX Lite · Proposal is as an Appendix · Thought is a profile for a specific use case · Could be first of a number of profiles · Tools · Successful conclusion to GSoC · All passed · A number of new libraries including Python, Golang · Mentors and students were great · Record number of projects · Challenge now is integrating and putting into production · All legal team tools have been submitted as pull requests · Should be up and running in a month or so. Legal Team Report - Jilayne/Paul/Steve[edit]· Legal Team License Submittal Demo (GSoC) · Video and minutes available · Need to update contribution instructions · Team call today · License List · 3.7 release at end of month · Fewer licenses in release that some recents · Recent discussions have been more high level on principles than specific licenses
Outreach Team Report - Jack[edit]· Survey · Has been out for a few months · 37 responses so far · Will make one more pass · Looking at presenting at Gen Meeting in Nov · Philipe has been talking to the Python community about using SPDX License IDs and expressions in Python package manifest · Could be a model for other communities · …some of which have been using formally or informally · Potentially high leverage · RUST and Go are using sporadically Cross Functional -[edit]· None Attendees[edit]· Phil Odence, Black Duck/Synopsys · Steve Winslow, LF · Gary O’Neall, SourceAuditor · Jack Manbeck, TI · Nicolas Toussaint, Orange · Mark Atwood, Amazon · Jilayne Lovejoy, Canonical · Hiro Fukuchi, Sony · Shinsuke Kato, Panasonic · Philippe Ombrédanne- nexB · Michael Herzog, NexB · Patrice-Emmanuel Schmitz, Trasys International, European Commission · Richard Fontana, Red Hat · Mark Baushke, Juniper · Paul Madick, Dimension Data · Nisha Kumar, VMWare · David Marr, Qualcomm
|
|
|
|
Re: Thursday SPDX General Meeting Reminder...with interesting guest presentations.
Hiro Fukuchi
Hi all,
Thank you for the meeting. I would like to send my slides.
--- Hiro Fukuchi (Hiroyuki.Fukuchi@...) Sony
From: spdx@... <spdx@...>
On Behalf Of Phil Odence
Sent: Wednesday, September 4, 2019 10:15 PM To: spdx@... Cc: Fukuchi, Hiroyuki (Sony) <Hiroyuki.Fukuchi@...> Subject: [spdx] Thursday SPDX General Meeting Reminder...with interesting guest presentations.
“SPDX Lite”- Hiroyuki Fukuchi from Sony will present a proposal from the OpenChain Japan Workgroup on a slimmed down version of an SPDX doc. Big thanks to Fukuchi-san for joining us at this hour which is not very convenient for him.
We may also have another GSoC presentation; still working on that.
GENERAL MEETING
Meeting Time: Thurs, Sept 5, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2019-08-01
GSoC Presentations
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|