|
SPDX legal team call tomorrow
J Lovejoy
Hi all,
toggle quoted messageShow quoted text
The SPDX legal team has its regular bi-weekly call tomorrow, Thursday at noon, Eastern Daylight Savings time (note: The US moved our clocks forward, but I believe the UK and Europe has yet to do that, so time diff may still be an hour different from usual). As noted in the email below - we will be finalizing the new license inclusion guidelines! https://github.com/spdx/license-list-XML/pull/990 Dial-in info below, in case you don’t have the invite on your calendar. Thanks, Jilayne SPDX legal team co-lead Join Zoom Meeting: https://zoom.us/j/611416785 Meeting ID: 611 416 785 One tap mobile: +16465588656,,611416785# US (New York) +16699006833,,611416785# US (San Jose) Dial by your location: +1 646 558 8656 US (New York) +1 669 900 6833 US (San Jose 877 369 0926 US Toll-free 855 880 1246 US Toll-free +1 647 558 0588 Canada 855 703 8985 Canada Toll-free Meeting ID: 611 416 785 Find your local number: https://zoom.us/u/aceZFvRyln
On Mar 12, 2020, at 1:59 PM, J Lovejoy <opensource@...> wrote:
|
|
|
|
Re: SPDX License List license inclusion guidelines
J Lovejoy
Hi Kyle,
toggle quoted messageShow quoted text
Thanks for having a look. As to your question: we had a discussion on one of the many calls we discussed this topic and ran the hypothetical of what if there were no “rules” or the rules were very relaxed. One extreme might look like this: anyone can add a license, any time and the SPDX License List becomes bloated and so long that nothing is reliable any more - we’d end up with duplicate licenses (b/c no one was minding the Matching Guidelines), duplicate ids (the horror!) etc. It would certainly lose it’s value. If there is something we can amend on the current proposal, then there has been plenty of opportunity to say so, and there is still (a little) time. The proposed revision substantially relaxes the previous guidelines - as you well know. there are a number of licenses in the queue that we’ve put on hold knowing that if we changed the guidelines, they would be easy submissions. We also made some obvious things explicit like not adding a license that would match an existing license - we probably all assumed that one, but it wasn’t actually written down! I’m still unclear as to what the actual issue and suggestion is out of this thread. Thanks, Jilayne
On Mar 13, 2020, at 4:25 PM, Kyle Mitchell <kyle@...> wrote:
|
|
|
|
Re: SPDX License List license inclusion guidelines
Kyle Mitchell
All,
I am both impressed by the work Jilayne and others have put into the guidelines, and in strong sympathy with the general thrust Philippe reports from the conference. I didn't go to FOSDEM, but judging from Philippe's notes, I wouldn't have had much else to add. I keep returning to the _why_ behind rules and proposed rules. Is the overbearing issue, from the SPDX-side point of view, still too many license submissions, too fast to handle? -- Kyle Mitchell, attorney // Oakland // (510) 712 - 0933
|
|
|
|
Re: Is an UNCOPYRIGHTABLE License (or keyword) needed?
#poll
> +1 from me on everything David said (quoted below for convenience)
+1
|
|
|
|
Re: Is an UNCOPYRIGHTABLE License (or keyword) needed?
#poll
+1 from me on everything David said (quoted below for convenience)
toggle quoted messageShow quoted text
cheers, Matija
On četrtek, 12. marec 2020 22:19:38 CET, David A. Wheeler wrote:
I would prefer another option NOT in the poll (and thus have not voted): Treat it as just another license statement. There are multiple ways this kind of “uncopyrightable” assertion is made, and I think that specific form should be captured as a license statement. --
gsm: tel:+386.41.849.552 www: https://matija.suklje.name xmpp: matija.suklje@... sip: matija_suklje@...
|
|
|
|
Re: SPDX License List license inclusion guidelines
Philippe Ombredanne
Hi Jilayne:
On Thu, Mar 12, 2020 at 12:59 PM J Lovejoy <opensource@...> wrote: I’m sending this to both the legal and general mailing lists to ensureOn January 31st a compliance tooling meeting and hackathon took place in Brussels before FOSDEM [1]. One of the session topics was SPDX. Everyone there agreed that SPDX license inclusion criteria should be relaxed. Adding more restrictions and filters is IMHO counterproductive in several ways: - it requires more work to apply these restrictions and filters - more work means fewer licenses are added - as a shared "vocabulary" the utility function of the license list is directly related to the number of "words" we can use. Restricting the number of words in the license vocabulary only means that these words cannot be used in shared conversation about licenses. But these licenses still exist, so the restrictions impact mostly the usefulness and expressiveness of SPDX, especially in the more common cases where license expressions are used without an SPDX document. This could increasingly make the SPDX License list irrelevant if it is missing important license vocabulary. The existing and proposed license inclusion criteria seem counterproductive and likely to subtract value from SPDX. The community does not need SPDX to police or enforce OSS license "purity" via the license list. Instead there should be fewer barriers to adding new licenses to the list in order to optimize the utility of the SPDX license list and the number of common licenses SPDX expressions can deal with. Since SPDX does not interpret license conditions, the inclusion guidelines should be loosened to include commonly-used and public licenses without an OSS litmus test (e.g. free proprietary licenses). This will become more important for SPDX as more organizations become more focused on compliance and are looking for a way to account for all licenses detected from scans or other analysis. [1] https://docs.google.com/document/d/1UphruKKAlsoUEidPCwTF2LCcHFnQkvQCQ9luTXfDupw/edit# -- Cordially Philippe Ombredanne
|
|
|
|
Re: Is an UNCOPYRIGHTABLE License (or keyword) needed?
#poll
> A new poll has been created… I would prefer another option NOT in the poll (and thus have not voted): Treat it as just another license statement. There are multiple ways this kind of “uncopyrightable” assertion is made, and I think that specific form should be captured as a license statement.
New entries should be created for at least the “CC Public Domain Mark” and the situation where someone in the US government does it as part of official duties & doesn’t claim a copyright. There’s a discussion going on here: https://github.com/spdx/license-list-XML/issues/988
Treating it like “everything else” means there are no special cases for SPDX, *and* you get finer-grained information.
For those who object & say that “there is no license”, well, “license” is just synonym for “permission”, and in this case the permission is granted by the way the legal systems work. So it’s a permission granted by the underlying mechanisms of law J. I think the *users* of SPDX will appreciate the simplicity of *not* needing another special case.
From: spdx@... <spdx@...>
On Behalf Of michael.kaelbling@...
The U.S. Copyright Office considers some works uncopyrightable "because they contain an
insufficient amount of authorship", e.g. "words and short phrases ... titles ... names", "mere listing of ... contents, or a simple set of directions...", and
blank forms (https://www.copyright.gov/circs/circ33.pdf).
SPDX-License-Identifer: NOASSERTION and SPDX-CopyrightText: NOASSERTION is similarly inappropriate. 1. Yes - an UNCOPYRIGHTABLE License is needed
|
|
|
|
SPDX License List license inclusion guidelines
J Lovejoy
Hi all,
I’m sending this to both the legal and general mailing lists to ensure greatest visibility. The legal team has come up with a final draft of the license inclusion guidelines based on various conversations and feedback over the past 8 months of intermittent discussion. The pull request representing this draft is located here: https://github.com/spdx/license-list-XML/pull/990 We are looking to provide another two weeks for review and comment and then finalize and publish this. Please do comment either on the PR, the issue below or the legal team mailing list. (including +1 if you think it’s all good!) The issue where some of the discussion has taken place is here: https://github.com/spdx/license-list-XML/issues/925 Thanks! Jilayne SPDX legal team co-lead
|
|
|
|
SPDX License List - license inclusion guidelines
J Lovejoy
Hi all,
As has been mentioned on recent general calls, the legal team has been discussing a revision of the license inclusion guidelines off and on over the past year. We have a draft iteration that incorporates many of the discussed changes in the Github repo here: https://github.com/spdx/license-list-XML/blob/master/DOCS/license-inclusion-principles.md The existing guidelines are here: https://spdx.org/spdx-license-list/license-list-overview We will be discussing this on tomorrow’s legal call and hoping to finalize the revision of the inclusion guidelines in the next few weeks. If you are interested in this topic, I’d encourage you to join the call tomorrow or otherwise comment in Github or on the mailing list. Thanks, Jilayne SPDX legal team co-lead
|
|
|
|
Re: Is an UNCOPYRIGHTABLE License (or keyword) needed?
#poll
Steve Winslow
Hello all, there has been a related thread going on in the spdx-legal list: see https://lists.spdx.org/g/Spdx-legal/topic/71831424 As mentioned in that thread, I would note the Legal Team's comments on this from April 2013 at https://wiki.spdx.org/view/Legal_Team/Decisions/Dealing_with_Public_Domain_within_SPDX_Files Best, Steve
On Wed, Mar 11, 2020 at 11:33 AM <michael.kaelbling@...> wrote:
|
|
|
|
Re: Is an UNCOPYRIGHTABLE License (or keyword) needed?
#poll
Aaron Williamson <aaron@...>
Hi Michael, On Wed, Mar 11, 2020 at 11:33 AM <michael.kaelbling@...> wrote: The U.S. Copyright Office considers some works uncopyrightable "because they contain an insufficient amount of authorship", e.g. "words and short phrases ... titles ... names", "mere listing of ... contents, or a simple set of directions...", and blank forms (https://www.copyright.gov/circs/circ33.pdf). One concern with an "UNCOPYRIGHTABLE" identifier is that its existence could give rise to inappropriate application by authors. It's often quite difficult to conclusively determine whether a questionable work is copyrightable under U.S. law. So by making the identifier available, you may create a risk of false negatives, i.e. that it would be inappropriately applied to things that are in fact subject to copyright. As you say, there is already a risk of false positives, insofar as people might apply a copyright license to something that is not subject to copyright. But in the case of false positives, the failure condition is that the license was not needed; either way, the consumer is ok. In the case of false negatives, where the "UNCOPYRIGHTABLE" assertion was used in place of a license by the author of a copyrightable work, the failure condition is arguably that there is no license. The "UNCOPYRIGHTABLE" assertion doesn't meet the criteria for abandonment of copyright under US law, so at best you'd be resorting to an estoppel theory based on the author's mistaken characterization. I admit the risk is not massive, but it's worth considering. A related concern is that non-US, non-copyright protections (like a sui generis database right) may apply, which a FOSS license might be sufficient to convey but an "UNCOPYRIGHTABLE" assertion would not. All that said, I agree that your use case -- tagging materials to be ignored by a scanner -- is a valid one. The only question is whether using "UNCOPYRIGHTABLE" would create more trouble than it's worth for the reasons given above. Best, Aaron
|
|
|
|
Is an UNCOPYRIGHTABLE License (or keyword) needed?
#poll
michael.kaelbling@...
The U.S. Copyright Office considers some works uncopyrightable "because they contain an insufficient amount of authorship", e.g. "words and short phrases ... titles ... names", "mere listing of ... contents, or a simple set of directions...", and blank forms (https://www.copyright.gov/circs/circ33.pdf). SPDX-License-Identifer: NOASSERTION and SPDX-CopyrightText: NOASSERTION is similarly inappropriate.
Thank you for voting.
Results
|
|
|
|
Re: Thursday's SPDX General Meeting Reminder
Kate Stewart
Hi Phil, all Quick update, we will have a guest speaker this week. Matthew Crawford will be discussing "Arm’s SPDX compliance file" Thanks, Kate
On Wed, Mar 4, 2020 at 3:20 PM Phil Odence <phil.odence@...> wrote:
|
|
|
|
Thursday's SPDX General Meeting Reminder
Phil Odence
No guest speakers this month. And, I will be out so Kate will chair in my stead.
GENERAL MEETING
Meeting Time: Thurs, March 5, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval:
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul/Steve
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
Today's SPDX General Meeting Reminder
Phil Odence
GENERAL MEETING
Meeting Time: Thurs, Feb 6, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
New dial in number: 415-881-1586 No PIN needed
The weblink for screenshare will stay the same at:
Administrative Agenda Attendance Minutes Approval:
Technical Team Report – Kate/Gary
Legal Team Report – Jilayne/Paul
Outreach Team Report – Jack
Any Cross Functional Issues –All
|
|
|
|
Re: Migration to SPDX
Max Mehl
~ Gary O'Neall [2020-01-27 19:38 +0100]:
For the SPDX documents, I would recommend making that part of the standardAs a side note, if you adopt the REUSE guidelines - so marking each file with copyright and licensing information using SPDX tags - creating an SPDX document will be just a matter of one command with the helper tool: `reuse spdx` For more information: https://reuse.software Best, Max -- Max Mehl - Programme Manager - Free Software Foundation Europe Contact and information: https://fsfe.org/about/mehl | @mxmehl Become a supporter of software freedom: https://fsfe.org/join
|
|
|
|
Re: Migration to SPDX
Gary O'Neall
Hi Ashok,
You can keep the existing license file in the distribution but we recommend adding SPDX identifiers to the source files – see https://spdx.org/ids for more information.
For the SPDX documents, I would recommend making that part of the standard release process. When new releases are published, you can publish a new SPDX document for that release. This will probably require a bit of tooling, some of which is available in open source at github.com/spdx.
Let us know if you have any other questions or would like more details.
Regards, Gary
From: spdx@... <spdx@...> On Behalf Of Ashok Madugula
Sent: Sunday, January 26, 2020 11:18 PM To: spdx@... Subject: [spdx] Migration to SPDX
Hi : We are planning to migrate to SPDX Licenses. If we are using general MIT License . Can we replace the existing license file with SPDX Identifier ? Do we need to generate new SPDX Document and publish them regularly ?
Regards Ashok Madugula This email and any attachments are intended for the sole use of the named recipient(s) and contain(s) confidential information that may be proprietary, privileged or copyrighted under applicable law. If you are not the intended recipient, do not read, copy, or forward this email message or any attachments. Delete this email message and any attachments immediately.
|
|
|
|
Migration to SPDX
Ashok Madugula
Hi : We are planning to migrate to SPDX Licenses. If we are using general MIT License . Can we replace the existing license file with SPDX Identifier ? Do we need to generate new SPDX Document and publish them regularly ?
Regards Ashok Madugula
|
|
|
|
Re: Question on creating new SPDX Identifier
Gary O'Neall
Hi Ashok,
Based on the license matching guidelines, the text matches MIT. You can test the license text using the SPDX online tools at http://13.57.134.254/app/check_license/
Gary
From: spdx@... <spdx@...> On Behalf Of Ashok Madugula
Sent: Wednesday, January 15, 2020 12:54 AM To: spdx@... Subject: [spdx] Question on creating new SPDX Identifier
HI : We are using the following license which is almost same as X11 . Do we need to raise a request for new SPDX Identifier ? If so , can you let us know the process ?
*************************************************** LICENSE START Copyright (C) YYYY – YYYY Xilinx, Inc. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. LICENSE END *****************************************************
This is almost same as X11 .
************************************************
X11 License Copyright (C) 1996 X Consortium Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of the X Consortium shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from the X Consortium. X Window System is a trademark of X Consortium, Inc.
Regards Ashok Madugula This email and any attachments are intended for the sole use of the named recipient(s) and contain(s) confidential information that may be proprietary, privileged or copyrighted under applicable law. If you are not the intended recipient, do not read, copy, or forward this email message or any attachments. Delete this email message and any attachments immediately.
|
|
|
|
Question on creating new SPDX Identifier
Ashok Madugula
HI : We are using the following license which is almost same as X11 . Do we need to raise a request for new SPDX Identifier ? If so , can you let us know the process ?
*************************************************** LICENSE START Copyright (C) YYYY – YYYY Xilinx, Inc. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. LICENSE END *****************************************************
This is almost same as X11 .
************************************************
X11 License Copyright (C) 1996 X Consortium Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of the X Consortium shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from the X Consortium. X Window System is a trademark of X Consortium, Inc.
Regards Ashok Madugula
|
|
|