1. Spdx
  2. Messages

Expanded

Topics Messages Polls
   Date   
Today's SPDX General Meeting

Philip Odence
 

Sorry not to get this reminder out earlier, but August just snuck up on me!



Meeting Time: Thurs, Aug 1, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- 

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack/Scott


Cross Functional Issues – Phil
Website Update – Jack
Request New License: IBM PowerPC Initialization and Boot Software(ibm-pibs)

Roger Meier <roger@...>
 

Hi all

Based on Wolfgang Denk's question regarding the PIBS License
Identifier(PowerPC Initialization and Boot Software) on the spdx general
mailing list. I would like to officially request this License to be added to
the SPDX License List according to
http://spdx.org/spdx-license-list/request-new-license

1.proposed Full Name for the license: IBM PowerPC Initialization and Boot
Software
2.proposed License Short Identifier: ibm-pibs
3.Provide a functioning URL: not available
4.Create and attach license text ibm-pibs.txt (attachment)
5.OSI-approved: No
6.Short explanation regarding the need for this license to be included on
the License List:
This License is used within "Das U-Boot -- the Universal Boot Loader",
File list:

http://git.denx.de/?p=u-boot.git;a=blob;f=arch/powerpc/cpu/ppc4xx/4xx_pci.c;
h=2ca355b1347969cca6ac4b0bd355329c51dd1fc0;hb=9fab4bf4cc077c21e43941866f3f2c
196f28670d

http://git.denx.de/?p=u-boot.git;a=blob;f=arch/powerpc/cpu/ppc4xx/4xx_uart.c
;h=1ad19abff6db2138dea7287b6eeecb840418d601;hb=9fab4bf4cc077c21e43941866f3f2
c196f28670d

http://git.denx.de/?p=u-boot.git;a=blob;f=arch/powerpc/cpu/ppc4xx/miiphy.c;h
=297155fdafa064b955e53e9832de93bfb0cfb85b;hb=9fab4bf4cc077c21e43941866f3f2c1
96f28670d
Official information from IBM describing the Software Licensing Model
(chapter 5):

https://www-01.ibm.com/chips/techlib/techlib.nsf/techdocs/BD4A044F267FE8BC87
256F820055C6CF/$file/pibs_overview.pdf
U-Boot started to use a SPDX-License-Identifier per file instead of the
license text, see here:
http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/166449

Thank you!
-roger

ibm-pibs.txt

ibm-pibs.txt

Re: PIBS License Identifier

Wolfgang Denk
 

Dear Jack,

In message <858B013A986C4F43A8A43AF62F39E5660CCEE5D7@...> you wrote:

As far as I can recall they have not been looked at. Someone on the
legal team who maintains the list may have a better idea. Do you have
links to some of the files so we can look at them?
Unfortunately I cannot find any still working links to the actual
PIBS software; Allt here is left is some "PIBS Overview" document at
[1] which mentions that PIBS is licensed using an "IBM proprietary
open source license."

The best reference that is publicly online available appears to be
these files [2], [3] and [4] in U-Boot which were derived from some
PIBS code.

[1] https://www-01.ibm.com/chips/techlib/techlib.nsf/techdocs/BD4A044F267FE8BC87256F820055C6CF/$file/pibs_overview.pdf
[2] http://git.denx.de/?p=u-boot.git;a=blob;f=arch/powerpc/cpu/ppc4xx/4xx_pci.c;h=2ca355b1347969cca6ac4b0bd355329c51dd1fc0;hb=9fab4bf4cc077c21e43941866f3f2c196f28670d
[3] http://git.denx.de/?p=u-boot.git;a=blob;f=arch/powerpc/cpu/ppc4xx/4xx_uart.c;h=1ad19abff6db2138dea7287b6eeecb840418d601;hb=9fab4bf4cc077c21e43941866f3f2c196f28670d
[4] http://git.denx.de/?p=u-boot.git;a=blob;f=arch/powerpc/cpu/ppc4xx/miiphy.c;h=297155fdafa064b955e53e9832de93bfb0cfb85b;hb=9fab4bf4cc077c21e43941866f3f2c196f28670d


Hope this helps.


Best regards,

Wolfgang Denk

--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@...
The human race is a race of cowards; and I am not only marching in
that procession but carrying a banner. - Mark Twain
Re: PIBS License Identifier

Manbeck, Jack
 

Wolfgang,

As far as I can recall they have not been looked at. Someone on the legal team who maintains the list may have a better idea. Do you have links to some of the files so we can look at them?

Regards,

Jack Manbeck
Texas Instruments

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Wolfgang Denk
Sent: Sunday, July 28, 2013 10:24 AM
To: spdx@...
Subject: PIBS License Identifier

Hello,

IBM has published several versions of their PIBS (PowerPC Initialization and Boot Software) boot loader source code with a license header like this:

---------- snip ----------
This source code has been made available to you by IBM on an AS-IS basis. Anyone receiving this source is licensed under IBM copyrights to use it in any way he or she deems fit, including copying it, modifying it, compiling it, and redistributing it either with or without modifications. No license under IBM patents or patent applications is to be implied by the copyright license.

Any user of this software should understand that IBM cannot provide technical support for this software and will not be responsible for any consequences resulting from the use of this software.

Any person who transfers this source code or any derivative work must include the IBM copyright notice, this paragraph, and the preceding two paragraphs in the transferred software.

COPYRIGHT I B M CORPORATION 2002
LICENSED MATERIAL - PROGRAM PROPERTY OF I B M
---------- snip ----------

I have another version of this license text dated 1995.

Has any of these been evaluated before? I can't find a SPDX License Identifier for this?

Thanks in advance.

Best regards,

Wolfgang Denk

--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@... Computers are not intelligent. They only think they are.
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
PIBS License Identifier

Wolfgang Denk
 

Hello,

IBM has published several versions of their PIBS (PowerPC
Initialization and Boot Software) boot loader source code with a
license header like this:

---------- snip ----------
This source code has been made available to you by IBM on an AS-IS
basis. Anyone receiving this source is licensed under IBM
copyrights to use it in any way he or she deems fit, including
copying it, modifying it, compiling it, and redistributing it either
with or without modifications. No license under IBM patents or
patent applications is to be implied by the copyright license.

Any user of this software should understand that IBM cannot provide
technical support for this software and will not be responsible for
any consequences resulting from the use of this software.

Any person who transfers this source code or any derivative work
must include the IBM copyright notice, this paragraph, and the
preceding two paragraphs in the transferred software.

COPYRIGHT I B M CORPORATION 2002
LICENSED MATERIAL - PROGRAM PROPERTY OF I B M
---------- snip ----------

I have another version of this license text dated 1995.

Has any of these been evaluated before? I can't find a SPDX License
Identifier for this?

Thanks in advance.

Best regards,

Wolfgang Denk

--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@...
Computers are not intelligent. They only think they are.
Re: U-Boot: short license headers using SPDX Identifier

Jilayne Lovejoy <jilayne.lovejoy@...>
 

YES!!!! Yes, yes, yes. Thank you for being the trail blazer :)

We have talked about this idea quite a bit. I'm posting to the Legal Team
as well, in case some are not also on the General list.


Jilayne Lovejoy
SPDX Legal Team | Co-lead
OpenLogic, Inc. | Corporate Counsel

jlovejoy@...

On 7/26/13 7:20 AM, "Wolfgang Denk" <wd@...> wrote:

Dear Roger,

In message <045001ce89f0$e6805710$b3810530$@bufferoverflow.ch> you wrote:

I had a discussion with U-Boot Creator and Core Developer Wolfgang Denk.
He made some patches, they were accepted and the result is this header:
# (C) Copyright 2000-2013
# Wolfgang Denk, DENX Software Engineering, wd@....
# SPDX-License-Identifier: GPL-2.0+
Thanks (again) for poinin me in this direction. I really like the
idea of consistent, automatically parsable Unique License Identifiers.

and a Licenses folder with a README, Exception and the Licenses:
http://git.denx.de/?p=u-boot.git;a=tree;f=Licenses;hb=HEAD

see also mailing list details here:
http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/165416
or this web site: http://www.denx.de/wiki/U-Boot/Licensing

It is not applied to all files of U-Boot. However, more than 5760 files
already use this new header.
I would like to point out that this is just a "not yet"; this is still
work in progress - unfortunately the conversion requires careful
inspection and manual operation for a significant part of the files.
But then, this just makes all the more clear how urgently such an
improvement was needed.

a very resourceful way to simplify the license topic and an important
step
towards adoption of SPDX
usage within projects and SPDX files provided with OSS releases.
The most interesting thing now is to watch if other projects pick up
the idea...

Best regards,

Wolfgang Denk

--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@...
Drawing on my fine command of language, I said nothing.
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
Re: U-Boot: short license headers using SPDX Identifier

Wolfgang Denk
 

Dear Roger,

In message <045001ce89f0$e6805710$b3810530$@bufferoverflow.ch> you wrote:

I had a discussion with U-Boot Creator and Core Developer Wolfgang Denk.
He made some patches, they were accepted and the result is this header:
# (C) Copyright 2000-2013
# Wolfgang Denk, DENX Software Engineering, wd@....
# SPDX-License-Identifier: GPL-2.0+
Thanks (again) for poinin me in this direction. I really like the
idea of consistent, automatically parsable Unique License Identifiers.

and a Licenses folder with a README, Exception and the Licenses:
http://git.denx.de/?p=u-boot.git;a=tree;f=Licenses;hb=HEAD

see also mailing list details here:
http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/165416
or this web site: http://www.denx.de/wiki/U-Boot/Licensing

It is not applied to all files of U-Boot. However, more than 5760 files
already use this new header.
I would like to point out that this is just a "not yet"; this is still
work in progress - unfortunately the conversion requires careful
inspection and manual operation for a significant part of the files.
But then, this just makes all the more clear how urgently such an
improvement was needed.

a very resourceful way to simplify the license topic and an important step
towards adoption of SPDX
usage within projects and SPDX files provided with OSS releases.
The most interesting thing now is to watch if other projects pick up
the idea...

Best regards,

Wolfgang Denk

--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@...
Drawing on my fine command of language, I said nothing.
U-Boot: short license headers using SPDX Identifier

Roger Meier <roger@...>
 

All

I had a discussion with U-Boot Creator and Core Developer Wolfgang Denk.
He made some patches, they were accepted and the result is this header:
# (C) Copyright 2000-2013
# Wolfgang Denk, DENX Software Engineering, wd@....
# SPDX-License-Identifier: GPL-2.0+

and a Licenses folder with a README, Exception and the Licenses:
http://git.denx.de/?p=u-boot.git;a=tree;f=Licenses;hb=HEAD

see also mailing list details here:
http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/165416
or this web site: http://www.denx.de/wiki/U-Boot/Licensing

It is not applied to all files of U-Boot. However, more than 5760 files
already use this new header.

a very resourceful way to simplify the license topic and an important step
towards adoption of SPDX
usage within projects and SPDX files provided with OSS releases.

all the best!
-roger

PS: similar discussions at Apache:
https://issues.apache.org/jira/browse/LEGAL-114
Have a tool that supports SPDX?

Manbeck, Jack
 

Greetings all,

 

We are looking to develop a comprehensive list of tools that support SPDX on our website. If you would like to be listed please go to the tool link request page in the wiki (http://wiki.spdx.org/view/Business_Team/Tool_Link_Request ) and follow the instructions there. Feel free to contact me directly if you have further questions.

 

Best regards,

 

Jack Manbeck

SPDX Web Site

LinuxCon schedule posted

Lamons, Scott (Open Source Program Office) <scott.lamons@...>
 

A little more on Fantec

Philip Odence
 

I've posted a couple of items about the Fantec case to the SPDX legal list. Adding this one and including all, because it's authored by Mark Radcliffe (counsel to OSI) and because Mark puts in nice plug for SPDX.

http://osdelivers.blackducksoftware.com/2013/07/12/fantec-critical-lessons-for-foss-compliance/
IDs for Sun Industry Standards Source License

Camille Moulin <camille.moulin@...>
 

Hi all,

I'm comparing SPDX and Fossology's licenses IDs and encountered a little difficulty regarding the Sun Industry Standards Source License.
The SPDX id for the version 1.1 of the license is just "SISSL", while Fossology's is "SISSL-1.1". At first glance, it seems that Fossology's choice is more consistent with SPDX's naming scheme, and I don't see the benefits of removing the version number. It also seems that there is a 1.2 version of this license (http://gridscheduler.sourceforge.net/Gridengine_SISSL_license.html ).
So, would adding the version number to the ID be desirable / possible ?

Best,
Camille

--
Gouvernance Open Source - Alter Way www.alterway.fr
SPDX General Meeting Minutes Correction

Philip Odence
 

Thanks to my friend Bruno Grasset for pointing out an error in my previous memo.

I had overwritten the May 2 minutes with the content of the July 3 minutes. The link I provided was to the correct content, but with the wrong title. Thanks to the Wiki's revisioning capability, I was able to retrieve the May 2 minutes as well as to properly create the July 3 minutes:

Sorry for any confusion this may have caused.
Minutes from July 3 SPDX General Meeting

Philip Odence
 

towards a new version of ninka.

dmg
 

hi everybody,

if you use ninka, this might be useful to you.

With the help of Armijn i have been cleaning up some regressions and
improved some licenses.

The new code is now in the github repo:

http://github.com/dmgerman/ninka

- Renamed InterACPILic to IntelACPILic
- Renamed openSSLvar2 to Apachev1.0
- Split QtorGPLv2orv3exception to QtorGPLv2orv3 from the exception
- Better detection fo GPL lcienses
- BSD and MIT spdx licenses detected (prefixed with spdx ie. spdxBSD3)
- Added a bunch of licenses...

unless I find some major problems, I will release a new version in few
days.

--dmg


--
Daniel M. German "There is the greatest difference
between presuming an opinion to be
true, because, with every opportunity
for contesting it, it
has not been refuted,
and assuming its truth for the purpose
John Stuart Mill -> of not permitting its refutation. "
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .
SPDX General Meeting Reminder - Wednesday, July 3

Philip Odence
 

Recognizing that Thursday is a holiday in the US, we will run the meeting at the normal time, but on Wednesday. 


NOTE: In as part of the business team report, Phil will do a quick review of the survey results. In advance of the meeting, download the docs at the bottom of this page:




Meeting Time: Wednesday, July 3, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- 

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack/Scott
Phil will review quickly results of survey

Cross Functional Issues – Phil
Website Update – Jack
SPDX General Meeting

Philip Odence
  

When: Wednesday, July 03, 2013 11:00 AM-12:00 PM. (UTC-05:00) Eastern Time (US & Canada)
Where: Bridge info enclosed

*~*~*~*~*~*~*~*~*~*
As the 4th is a holiday in the US, will do the call on July 3, same time. Hope everyone can make it.

Please accept so this recurring meeting is on your calendar, however no need to respond.

DIAL IN:
Toll-free dial-in number (U.S. and Canada): (877) 435-0230
International dial-in number: (253) 336-6732

Conference code: 7812589502
SPDX General Meeting Thursday

Philip Odence
 

NOTE: In as part of the business team report, Phil will do a quick review of the survey results. In advance of the meeting, download the docs at the bottom of this page:





Meeting Time: Thursday, June 6, 8am PST / 10 am CST / 11am EST / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Approve Minutes- 

Technical Team Report - Kate


Legal Team Report - Jilayne


Business Team Report – Jack/Scott
Phil will review results of survey

Cross Functional Issues – Phil
Website Update – Jack
Re: Software unique identification

Roger Meier <roger@...>
 

Hi Michel

I think the "Official Common Platform Enumeration (CPE) Dictionary" http://nvd.nist.gov/cpe.cfm is a good starting point for this topic.
another source to consider is ISO/IEC 19770

all the best!
-roger
;-r

Quoting "RUFFIN, MICHEL (MICHEL)" <michel.ruffin@...>:

Dear all we are facing a very difficult issue: How to identify uniquely Software.

In Alcatel-Lucent (ALU) we would like to link all our databases on SW (FOSS SW, proprietary SW, FOSS SW coming in proprietary solutions, FOSS coming from outsourcing contracts, ...) The goal is to automate a lot of things: royalty tracking, producing documentations on FOSS respecting the license obligations automatically, knowing which ALU product is using what SW, automatically connecting with tools such as Blackduck protex or Palamida or any others of their competitors, ....................................................

The major issue is SW unique identification: Today we have the following:
- Maven naming system: but it is limited to java open source libraries
- ALU internal system (but so far limited mostly to commercial SW but we are extending to FOSS but not perfect) and we have to interact with suppliers and customers on this identification
- Blackduck internal unique identification (One millions FOSS but do not cope with proprietary SW and we do not want to be dependent of a company)
- SPDX Check sums for binaries (but do not provide the same checksum with .zip and .gpz)
- SPDX Check sums on source codes but does not work if ALU is doing a small modification to the comments in the file

I know that SPDX is not perhaps the best place to discuss this issue, but I would like to engage a discussion on this topic

So my question here is: do you have similar concerns in your companies, and what can we do to solve this issue (should we create a group on this?)

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, N&P IS/IT
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France
Re: Software unique identification

Armijn Hemel - Tjaldur Software Governance Solutions <armijn@...>
 

hi,

I am currently a senior systems engineer at Nokia, and I can say
without reservation that we face this problem also, identifying
specific versions of software (binaries as well as sources). Binaries
can change, even if the source does not, if for example the compiler
is updated, or associated libraries. This is especially problematic
when the libraries are (as is often the case) dynamically-linked
shared libraries.
This is not my experience at all. In the Binary Analysis Tool I use fingerprinting using string constants, function names, variable names, and so on, and I can reliably tell versions of binaries apart (granted: the information has to be in my database). This is absolutely no problem at all.

armijn

--
Armijn Hemel, MSc
Tjaldur Software Governance Solutions
861 - 880 of 1695