Re: Import and export function of SPDX
Jilayne Lovejoy <jilayne.lovejoy@...>
(Apologies for falling off this exchange - had some other things come up
and am now getting caught up with various responses - lots of great discussion, though!) On 6/13/12 9:34 AM, "RUFFIN, MICHEL (MICHEL)" <michel.ruffin@...> wrote: So far our FOSS clauses are not aligned on the SPDX standard (we areOne thing I noticed immediately about your clauses is the definition of FOSS - which is quite broad. While I can understand why it might make sense to use a broad definition for contracts, it includes some categories of software (e.g. (ii) and (iii) in your definition) that other people/parties might not consider "FOSS." In terms of the SPDX License List, for example, I believe (if memory serves) that we discussed to what "kinds" of licenses should be included on the list and an argument against including, what I would refer to as "freeware" licenses (usually under some kind of click-through EULA that more resembles a more traditional, restrictive IP license, than open source) should not be on the list. I don't know if this definition's breadth would necessarily create a conflict in practical reality or not, but thought I'd at least point it out... Thanks for sharing this. Really great to hear that you have adopted the SPDX License List already. I'm not sure if you or anyone from your team is on the legal work group mailing list, but that may be helpful to stay on top of issues/updates/discussion there. (for example, a new version of the license list was just uploaded this week :) Jilayne Jilayne Lovejoy | Corporate Counsel OpenLogic, Inc. jlovejoy@... <applewebdata://EAA1F861-B11E-4827-976F-55756901A796/jlovejoy@... | 720 240 4545
|
|
Re: FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
Philip Odence
Michel,
Your idea about standard FOSS clauses might fit into the charter of the Linux Foundation Open Compliance Program. http://www.linuxfoundation.org/programs/legal/compliance (To head off the question, the program is for open source compliance in general, not limited to Linux.) I am cc'ing Ibrahim who coordinates that for the LF with hopes that he will weigh in. (I believe, he's out of the office this week, so he may not respond immediately.) Phil On 6/18/12 9:30 AM, "RUFFIN, MICHEL (MICHEL)" <michel.ruffin@...> wrote: Thank you very much for your quick answer and suggestions.
|
|
FW: License List Matching Guidelines - update
Philip Odence
To SPDX General List Members,
The legal team is putting final touches on matching guidelines. In case you have not been following, this is your chance to speak up if you see any show-stoppers. The legal team has been regularly reporting progress on this work, so I don't expect it to
be a surprise for anyone, but I want to err on the side of over-communication as these guidelines will have ongoing technical implications.
Best,
Phil
From: Jilayne Lovejoy <jilayne.lovejoy@...>
Date: Thu, 14 Jun 2012 05:08:49 +0000 To: SPDX-legal <spdx-legal@...> Cc: Phil Odence <podence@...> Subject: License List Matching Guidelines - update Hi All,
We are aiming to finish (at least the first draft of) the SPDX License List Matching Guidelines by the end of June. To this end, we made some progress on today's legal work stream call, but decided to schedule an additional, off-week call to help facilitate
this goal.
1) please review the updated matching guidelines here: http://spdx.org/wiki/spdx-license-list-match-guidelines
In particular, note the decision to use {{ }} to indicate text that can be ignored for matching purposes, this applies in particular to the BSD and old Apache licenses. I have made a first pass at these, but since you won't be able to see them until the
new license list is posted, I'm attaching the relevant text files to this email for review/feedback.
2) if you have any additional thoughts or suggestions, please add a comment to that page at the bottom (note there are some comments already posted). Please comment by end-of-business, next Wednesday, 20 June.
3) attend the special call to discuss all the posted comments and any other outstanding issues:
Thursday, 21 June at 9am PT / noon ET (immediately after the business team call)
Dial-in: 1.866.740.1260
access: 2404545
4) if we don't complete everything on that call, we will finish up on the regular legal call on 6/27 (but I hope to wrap up on next Thursday!!)
Let me know if you have any questions.
Cheers,
Jilayne Lovejoy | Corporate Counsel
OpenLogic, Inc. jlovejoy@... | 720
240 4545
|
|
Re: Package Verification Code (section 4.7)
Gary O'Neall
Hi Marc-Etienne,
toggle quoted messageShow quoted text
Responses inline below.... An example implementation of the 1.1 verification code can be found at http://git.spdx.org/?p=spdx-tools.git;a=blob;f=src/org/spdx/rdfparser/Verifi cationCodeGenerator.java;h=3c15b8b420fa1a5d5c5ed72d548c0cb43330d28c;hb=HEAD Gary
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Marc-Etienne Vargenau Sent: Tuesday, June 19, 2012 7:33 AM To: spdx@... Subject: Package Verification Code (section 4.7) Hello, The text of Package Verification Code (section 4.7) has been changed from SPDX 1.0 to SPDX 1.1 draft. 1) Does that mean that the algorithm changed or is it just described better? [Gary] See bug 968 (https://bugs.linuxfoundation.org/show_bug.cgi?id=968) for a description of the problems and fixes in the Package Verification code algorithm. 2) After sorting, the CR/LF must be removed before applying SHA1? [Gary] Correct 3) The text in SPDX 1.1 draft refers to "normalized_filename" but this is no longer defined. [Gary] This is probably a bug in the spec - if you don't mind, go ahead and add a bug for this. BTW - the normalized filename was more critical in the previous algorithms since it included the filename in the checksum calculation. A fix for the documentation may just be removing the referenced and calling it just a filename. Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@... _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx
|
|
Re: Compilation of SPDX tools
Gary O'Neall
Hi Marc-Etienne,
toggle quoted messageShow quoted text
I am expecting to have the tools posted for the 1.1 spec by July 9th. We still have a few more items to close on for the spec, so the schedule is subject to change. I'll post a note to the spdx tech list once the tools have been published. Gary
-----Original Message-----
From: Marc-Etienne Vargenau [mailto:Marc-Etienne.Vargenau@...] Sent: Monday, June 18, 2012 2:33 AM To: Gary O'Neall Cc: spdx@... Subject: Re: Compilation of SPDX tools Le 15/06/2012 20:47, Gary O'Neall a écrit : Hi Marc-Etienne,Hi Gary, Thanks, I could download the tools from this page. The most recent checked in code is a bit in flux as we have notWhen is the final SPDX 1.1 expected? BTW - If you use an Eclipse development environment, there is projectI do not, but I will try that. Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
|
|
Package Verification Code (section 4.7)
Marc-Etienne Vargenau
Hello,
The text of Package Verification Code (section 4.7) has been changed from SPDX 1.0 to SPDX 1.1 draft. 1) Does that mean that the algorithm changed or is it just described better? 2) After sorting, the CR/LF must be removed before applying SHA1? 3) The text in SPDX 1.1 draft refers to "normalized_filename" but this is no longer defined. Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
|
|
Re: TR: SPDX standard: files are placed in public domain
Bradley M. Kuhn <bkuhn@...>
Kevin Fleming wrote at 17:05 (EDT) on Friday:
[An] SPDX file consists almost exclusively of data collected fromI'd suspect strongly that there *is* an arrangement copyright on the arrangement someone makes. I hope SPDX has done something to deal with this fact. Arrangement copyrights are usually pretty thin, but I do think that arranging data into an SPDX file is a creative expression. It's clear from reading the spec that there's different ways to arrange the same data into an SPDX file. -- -- bkuhn
|
|
Re: FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
RUFFIN MICHEL
Thank you very much for your quick answer and suggestions.
toggle quoted messageShow quoted text
My goal is not only to standardize the legal text of our FOSS clauses. It is also to 1) raise awareness about being able to provide the list of FOSS in a proprietary product or in a big FOSS distribution (Linux, Open BSD, Eclipse, Swing, ...) 2) Big companies are reluctant to provide you a FOSS list. They are more or less in compliance but some of them provide you a URL on their web site on which you find the list of their products and for each of them a several megabyte ASCII File with the list of all licenses of FOSS on their products. That's not usable at all. If one of their customer want to resale their product in one of its products it has to read everything and identify every action to comply "Ha yes this is apache1.1 so I have to put some acknowledgement in my documentation!". 3) Liability clause/money damage. Big companies are not always accepting it. I have been told by some of their lawyers: how can we guarantee that we are not doing mistakes this is a too complex world. If you take a Linux distribution with 6000 package and you look at packages, you can find hundreds of various licenses in one package. Small companies accept more easily these conditions, but they have not too much money. How do you value the fact that you have to stop to distribute your product or the potential issue to have to disclose your source code while it was not planned and it is not your fault. 4) .... a lot of other issues I would challenge the SPDX members to take a Linux standard distribution and to provide me the SPDX file at file level (not at package level). Yes open source is great but it is also really a Bazard 8-) and with maven and cloud computing it will become worse. So the effort is tremendous and cannot be done by one company, it should be shared. And it is time to start. So I will study the short terms options you propose. But for the long term, I would to start to create a new mailing list of people who are intereted in discussing FOSS governance standardization issues (to start: FOSS clause in contracts, having a common Database under a king of Wikipedia contribution system describing FOSS IP, having public tutorial on FOSS issues, and perhaps things like lobbying to reduce the number of FOSS licenses, ...); Martin, can we use the FOSS Bazaar infrastructure to create the mailing list? Michel.Ruffin@..., PhD Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France
-----Message d'origine-----
De : Bradley M. Kuhn [mailto:bkuhn@...] Envoyé : vendredi 15 juin 2012 19:49 À : RUFFIN, MICHEL (MICHEL) Cc : spdx@... Objet : FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network") Michel, I went back and read your previous posts from February on this topic, (as I mentioned earlier in this thread, I don't follow SPDX closely. I mostly joined this thread (Kibo-like) when the term "FSF" came up). However, having gotten fully caught up on your posts, I think your idea is a useful one. In my work doing GPL compliance, I have often had situations where a downstream company has violated and they never actually had clear clauses in their contract with upstream about what would happen if a FLOSS license was violated. This has caused mass confusion and made it more difficult to get the company into compliance. In a few cases, there *were* clearly developed clauses like the ones you mention, and it did indeed facilitate more easy work getting to compliance on the product. So, I'm thus supportive of your effort to promulgate these standardized clauses regarding use of FLOSS in upstream/downstream contracts. Meanwhile, I wish I had a better suggestion for you of where to talk about the idea.... RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT): what is your suggestion for me to try to standardize these FOSS... as others have suggested, FOSS Bazaar might be a good place. I have join the FSFE legal network and I tried to get a reactionIt sounds like in addition to my objections to ftf-legal, that there were other issues: your description seems to indicate ftf-legal wasn't that interested in this giving useful feedback and collaboration on the issue! Any suggestion of organization that would have a look?There was once a forum called "open-bar", which is at: https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT. The mailing lists disappeared a while back. The last email from I have in my archives for <discuss-general@...> was Tuesday 18 Mar 2008. Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I coordinated along with Tom Marble, Richard Fontana, and Karen Sandler, we had some very brief discussions about creating a forum for discussion that was open and available to all about these issues (like open bar was). However, it's unclear if, as a community, we're at a "build it and they would come" moment, so none of us from the FOSDEM 2012 track have put effort in. Thus, at the moment, I think FOSS Bazaar is probably the best place to host this sort of discussion venue, so I think if you want an immediate discussion about your specific topic, that's probably the place to start. Also, as a medium-term suggestion, I strongly recommend you propose a talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon (sadly, North America CFP just closed), or (c) at the 2013 Linux Collaboration Summit Legal Track (which Richard Fontana & I will co-chair) about the topic. Speaking about the topic at conferences is a great way to get interest and feedback. Long term, as a community, it'd be good to solve this general issue: the fora that exist for Legal, Licensing and Policy issues in Free Software are scattered across many different places, and some of the primary ones are closed clubs. I've been witnessing the problem for years and I don't have a good solution to propose to solve it. -- -- bkuhn
|
|
Re: Compilation of SPDX tools
Marc-Etienne Vargenau
Le 15/06/2012 20:47, Gary O'Neall a écrit :
Hi Marc-Etienne,Hi Gary, Thanks, I could download the tools from this page. The most recent checked in code is a bit in flux as we have not completelyWhen is the final SPDX 1.1 expected? BTW - If you use an Eclipse development environment, there is project metaI do not, but I will try that. Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
|
|
Re: TR: SPDX standard: files are placed in public domain
RUFFIN MICHEL
It is not a definite answer, but discussing with our people implementing the spec (marc-Etienne in cc)it seems that the checksums would be usefull to compare package between companies, but I do not see a need for the package tar name
toggle quoted messageShow quoted text
Michel.Ruffin@..., PhD Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France
-----Message d'origine-----
De : spdx-bounces@... [mailto:spdx-bounces@...] De la part de Kevin P. Fleming Envoyé : vendredi 15 juin 2012 23:06 À : spdx@... Objet : Re: TR: SPDX standard: files are placed in public domain On 06/15/2012 03:53 PM, Peter Williams wrote: On Fri Jun 15 14:40:49 2012, RUFFIN, MICHEL (MICHEL) wrote:I suspect that it may be at least partially based on the fact that theBut the question is what was the purpose of this initially?It is a excellent question. I have never understood this purpose of this SPDX file consists almost exclusively of data collected from original sources, and copyright law (at least as I've been told, I'm no lawyer) doesn't provide my copyright protection at all for aggregation of otherwise available data. In essence, an SPDX file may not adequately constitute a 'work of authorship' that warrants copyright protection, and thus there really wouldn't be a legitimate way to control its distribution via licensing. This is just a mildly educated guess late on a Friday afternoon, though. I could be 1000% off base :-) -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: kfleming@... | SIP: kpfleming@... | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx
|
|
Re: TR: SPDX standard: files are placed in public domain
Kevin P. Fleming <kpfleming@...>
On 06/15/2012 03:53 PM, Peter Williams wrote:
On Fri Jun 15 14:40:49 2012, RUFFIN, MICHEL (MICHEL) wrote:I suspect that it may be at least partially based on the fact that the SPDX file consists almost exclusively of data collected from original sources, and copyright law (at least as I've been told, I'm no lawyer) doesn't provide my copyright protection at all for aggregation of otherwise available data. In essence, an SPDX file may not adequately constitute a 'work of authorship' that warrants copyright protection, and thus there really wouldn't be a legitimate way to control its distribution via licensing.But the question is what was the purpose of this initially?It is a excellent question. I have never understood this purpose of this This is just a mildly educated guess late on a Friday afternoon, though. I could be 1000% off base :-) -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: kfleming@... | SIP: kpfleming@... | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org
|
|
Re: TR: SPDX standard: files are placed in public domain
Peter Williams <peter.williams@...>
On Fri Jun 15 14:40:49 2012, RUFFIN, MICHEL (MICHEL) wrote:
But the question is what was the purpose of this initially?It is a excellent question. I have never understood this purpose of this "feature" of SPDX so someone else will have to provide the answer. Peter
|
|
Re: TR: SPDX standard: files are placed in public domain
RUFFIN MICHEL
I need to think a little bit about it with our lawyers on the potential consequences before answering you.
toggle quoted messageShow quoted text
What I want is freedom, to exchange information between companies without constraints. If we need constraints, we put it in the contract. It is not to SPDX to put the constraints. Let us time to think about consequences/consraints, ... before addressing the issue. But the question is what was the purpose of this initially? Michel.Ruffin@..., PhD Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France
-----Message d'origine-----
De : Peter Williams [mailto:peter.williams@...] Envoyé : vendredi 15 juin 2012 22:25 À : RUFFIN, MICHEL (MICHEL) Cc : Freedman, Barry H (Barry); spdx@... Objet : Re: TR: SPDX standard: files are placed in public domain On Fri Jun 15 09:37:17 2012, RUFFIN, MICHEL (MICHEL) wrote: I am not very happy that data must be made in public domain. For theJust to clarify, is it your desire to be allowed to license SPDX files that you produce under terms of your choice? Or are you suggesting that we change the required licensing of SPDX to include a disclaimer of some sort? Regarding the second bullet, can you provide examples of scenarios where confidentiality agreements (which until now have been the proposed solution to this problem) between you and your partners would be insufficient? Thanks in advance, Peter
|
|
Re: TR: SPDX standard: files are placed in public domain
Peter Williams <peter.williams@...>
On Fri Jun 15 09:37:17 2012, RUFFIN, MICHEL (MICHEL) wrote:
I am not very happy that data must be made in public domain. For theJust to clarify, is it your desire to be allowed to license SPDX files that you produce under terms of your choice? Or are you suggesting that we change the required licensing of SPDX to include a disclaimer of some sort? Regarding the second bullet, can you provide examples of scenarios where confidentiality agreements (which until now have been the proposed solution to this problem) between you and your partners would be insufficient? Thanks in advance, Peter
|
|
Re: FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
RUFFIN MICHEL
First I Would like enlighten that when I speak on the SPDX or FSFE mailing list I speak for the Alcatel-Lucent company; I check before with our FOSS executive committee that I can say things (in most of the cases 8-). But I am not a lawyer and I know this might be tricky discussions in term of company and what you have said. So What I say is not officially the Company stamped decision in term of legal (except if stamped) but it is the rough direction of the company, However it reflects the company policy. Barry Freedman is the official guy to accept or not what I am saying. I guess it is important to notice this.
toggle quoted messageShow quoted text
So Barry and myself are more or less co-directing the Alcatel-lucent internal Executive committee since 2007. He is the lawyer, I am the technical guy with a bit of paralegal training (we have 8 or 10 other members in this committee). So today our points are the following 1) SPDX standard. After discussing with Marc-Etienne who is trying to align our FOSS DB on the SPDX standard we will have to add SHA-1 checksums to our DB. Since we have not that we will look to partners to provide us the data. But in any case we will not have them for all/old entries, so the SPDX standard needs to cope with this kind of situation. 1 bis) what modification we need to do to SDPX standard when we are not able to provide it and to be able to export information. 1 ter) we have issue with the licensing issues of data when coming from SPDX standard: data are public domain with some restriction, but it is not clear 2)Alcatel-Lucent FOSS clauses in suppliers contracts. What group I should contact for standardization of these clauses? 3) Alcatel-lucent is willing to "open source" its FOSS DB Who is interested and how to make this things works 4) Alcatel-Lucent has a lot of tutorials on open source; It is a tremendous work to maintain them, they have been registered on webinar, we are now thinking to update everything and to translate them in foreign languages such as Chinese. Perhaps we can share this effort Should we create a FOSS governance task force? If SPDX is not the good place, If SFSE legal network is not the good place, tell me where! Alcatel-lucent is committed to respect the open source licences philosophies (not only the legal part of it) but we need help because this is far to be clear. That's my Friday evening email, Please think about this, we need to put our forces together. Michel Michel.Ruffin@..., PhD Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France
-----Message d'origine-----
De : Bradley M. Kuhn [mailto:bkuhn@...] Envoyé : vendredi 15 juin 2012 19:49 À : RUFFIN, MICHEL (MICHEL) Cc : spdx@... Objet : FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network") Michel, I went back and read your previous posts from February on this topic, (as I mentioned earlier in this thread, I don't follow SPDX closely. I mostly joined this thread (Kibo-like) when the term "FSF" came up). However, having gotten fully caught up on your posts, I think your idea is a useful one. In my work doing GPL compliance, I have often had situations where a downstream company has violated and they never actually had clear clauses in their contract with upstream about what would happen if a FLOSS license was violated. This has caused mass confusion and made it more difficult to get the company into compliance. In a few cases, there *were* clearly developed clauses like the ones you mention, and it did indeed facilitate more easy work getting to compliance on the product. So, I'm thus supportive of your effort to promulgate these standardized clauses regarding use of FLOSS in upstream/downstream contracts. Meanwhile, I wish I had a better suggestion for you of where to talk about the idea.... RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT): what is your suggestion for me to try to standardize these FOSS... as others have suggested, FOSS Bazaar might be a good place. I have join the FSFE legal network and I tried to get a reactionIt sounds like in addition to my objections to ftf-legal, that there were other issues: your description seems to indicate ftf-legal wasn't that interested in this giving useful feedback and collaboration on the issue! Any suggestion of organization that would have a look?There was once a forum called "open-bar", which is at: https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT. The mailing lists disappeared a while back. The last email from I have in my archives for <discuss-general@...> was Tuesday 18 Mar 2008. Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I coordinated along with Tom Marble, Richard Fontana, and Karen Sandler, we had some very brief discussions about creating a forum for discussion that was open and available to all about these issues (like open bar was). However, it's unclear if, as a community, we're at a "build it and they would come" moment, so none of us from the FOSDEM 2012 track have put effort in. Thus, at the moment, I think FOSS Bazaar is probably the best place to host this sort of discussion venue, so I think if you want an immediate discussion about your specific topic, that's probably the place to start. Also, as a medium-term suggestion, I strongly recommend you propose a talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon (sadly, North America CFP just closed), or (c) at the 2013 Linux Collaboration Summit Legal Track (which Richard Fontana & I will co-chair) about the topic. Speaking about the topic at conferences is a great way to get interest and feedback. Long term, as a community, it'd be good to solve this general issue: the fora that exist for Legal, Licensing and Policy issues in Free Software are scattered across many different places, and some of the primary ones are closed clubs. I've been witnessing the problem for years and I don't have a good solution to propose to solve it. -- -- bkuhn
|
|
Re: Compilation of SPDX tools
Gary O'Neall
Hi Marc-Etienne,
toggle quoted messageShow quoted text
There is a more recent version at http://spdx.org/content/tools This page will become active once the new website is up and running. Let me know if you have any trouble accessing the page. The most recent checked in code is a bit in flux as we have not completely nailed down the SPDX 1.1 changes. Once we finalize the 1.1 spec, I'll compile and upload a 1.1 compliant version of the tools. BTW - If you use an Eclipse development environment, there is project meta data checked in which will allow the code to be compiled in the IDE. Gary
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Marc-Etienne Vargenau Sent: Friday, June 15, 2012 7:44 AM To: spdx@... Subject: Compilation of SPDX tools Hello, The compiled version et the Java tools in this page: http://www.spdx.org/tools is rather old compared to the source code found in http://git.spdx.org/?p=spdx-tools.git;a=summary Can someone please compile the latest source code and upload the result to the tools page? I tried to compile it myself but did not succeed. The Gem from my Ubuntu seems to be incompatible. Thank for yor help. Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@... _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx
|
|
Re: FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
Kevin P. Fleming <kpfleming@...>
On 06/15/2012 12:49 PM, Bradley M. Kuhn wrote:
Long term, as a community, it'd be good to solve this general issue: theFor what it's worth, you are not alone in wanting to find a solution to this problem :-) The lack of knowledge sharing in the Free Software legal community is disappointing, although the SPDX effort is one step to help with part of that problem. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: kfleming@... | SIP: kpfleming@... | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org
|
|
FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
Bradley M. Kuhn <bkuhn@...>
Michel,
I went back and read your previous posts from February on this topic, (as I mentioned earlier in this thread, I don't follow SPDX closely. I mostly joined this thread (Kibo-like) when the term "FSF" came up). However, having gotten fully caught up on your posts, I think your idea is a useful one. In my work doing GPL compliance, I have often had situations where a downstream company has violated and they never actually had clear clauses in their contract with upstream about what would happen if a FLOSS license was violated. This has caused mass confusion and made it more difficult to get the company into compliance. In a few cases, there *were* clearly developed clauses like the ones you mention, and it did indeed facilitate more easy work getting to compliance on the product. So, I'm thus supportive of your effort to promulgate these standardized clauses regarding use of FLOSS in upstream/downstream contracts. Meanwhile, I wish I had a better suggestion for you of where to talk about the idea.... RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT): what is your suggestion for me to try to standardize these FOSS... as others have suggested, FOSS Bazaar might be a good place. I have join the FSFE legal network and I tried to get a reactionIt sounds like in addition to my objections to ftf-legal, that there were other issues: your description seems to indicate ftf-legal wasn't that interested in this giving useful feedback and collaboration on the issue! Any suggestion of organization that would have a look?There was once a forum called "open-bar", which is at: https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT. The mailing lists disappeared a while back. The last email from I have in my archives for <discuss-general@...> was Tuesday 18 Mar 2008. Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I coordinated along with Tom Marble, Richard Fontana, and Karen Sandler, we had some very brief discussions about creating a forum for discussion that was open and available to all about these issues (like open bar was). However, it's unclear if, as a community, we're at a "build it and they would come" moment, so none of us from the FOSDEM 2012 track have put effort in. Thus, at the moment, I think FOSS Bazaar is probably the best place to host this sort of discussion venue, so I think if you want an immediate discussion about your specific topic, that's probably the place to start. Also, as a medium-term suggestion, I strongly recommend you propose a talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon (sadly, North America CFP just closed), or (c) at the 2013 Linux Collaboration Summit Legal Track (which Richard Fontana & I will co-chair) about the topic. Speaking about the topic at conferences is a great way to get interest and feedback. Long term, as a community, it'd be good to solve this general issue: the fora that exist for Legal, Licensing and Policy issues in Free Software are scattered across many different places, and some of the primary ones are closed clubs. I've been witnessing the problem for years and I don't have a good solution to propose to solve it. -- -- bkuhn
|
|
TR: SPDX standard: files are placed in public domain
RUFFIN MICHEL
Dear all, once again on a different topic within our current effort in implementing the SPDX standard.
Here it is a licensing issue.
I am not very comfortable with the licensing issue for the data when using the standard. See the quick Analysis of Barry below our Senior attorney on IP issues and I have a quick chat today with him on that subject.
I am not very happy that data must be made in public domain. For the following reasons: - ALU should not be responsible of the data if we export it. And I understand that ther e is a clause that loow us to do exception (ALU name not exported with the data, but it should be the other way around by default any export file should not imply any responsibility from exporting company). - if by mischance there are some comments which we will not want to share with the rest of the world. It should be protected by the licensing conditions.
Legally speaking implementing a format that implies some obligation on the data is unclear.
So my question is what is the rational for these licensing conditions and can we alleviate them a bit?
Michel.Ruffin@..., PhD De : Freedman, Barry H (Barry)
Michel and all: I have looked at the Open Data Commons Public Domain Dedication and License 1.0 (“PDDL-1.0”), which is the license for SPDX 1.0, and also Creative Commons CC0 1.0 Universal license, which is the license for SPDX1.1. They are both essentially the same, in that they place the SPDX file itself in the public domain, meaning that we have no further copyright rights therein. But, both versions also make it clear that we can temporarily or permanently limit, by a separate and independent agreement, recipients from (i) distribution of a specific aggregation (collection) of SPDX files to others or (ii) disclosing ALU as the source and/or creator of any specific SPDX file(s).
So, we need to be comfortable that the SPDX file itself (including comments in the file) does not contain anything that we do not want to dedicate. Perhaps we can discuss this further at the next FOSS EC meeting.
Let me know if there are questions. Thx. Barry
Barry H. Freedman Intellectual Property
and Standards Cell:
908-692-6773 CONFIDENTIALITY
NOTICE
|
|
Compilation of SPDX tools
Marc-Etienne Vargenau
Hello,
The compiled version et the Java tools in this page: http://www.spdx.org/tools is rather old compared to the source code found in http://git.spdx.org/?p=spdx-tools.git;a=summary Can someone please compile the latest source code and upload the result to the tools page? I tried to compile it myself but did not succeed. The Gem from my Ubuntu seems to be incompatible. Thank for yor help. Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
|
|