Date   

Re: Ninka, and SPDX On the linux kernel and BSD licenses

dmg
 

On Tue, Jul 12, 2011 at 6:43 AM, Kate Stewart
<kate.stewart@...> wrote:
Hi Daniel,
  Lets move this thread to the SPDX legal subgroup discussion list.
Since I think we'll need them to comment on the issues.   To my eyes,
yes those sentence fragments look basically equivalent,  and we need
to figure out a way to abstract these options, but I'm not a lawyer.  :)

 Thanks, Kate
I am not in that mailing list.

It would be of great help if somebody help me with the analysis of the
non-matching license files,
while I concentrate on adding SPDX licenses to ninka.

--dmg


On Tue, 2011-07-12 at 03:40 -0700, D M German wrote:
Hi Everybody,

I started implementing SPDX licenses in Ninka. I started with the BSDs
(4, 3 and 2).

My goal is to try to 'SPDX' the kernel before LinuxCon. Of the files
that Ninka is properly identifying their license, there are many with
other variants of the BSD:


----------------------------------------------------------------------
     71 BSD3
     37 spdxBSD2
     13 spdxBSD3
      8 GPLv2,BSD3
      8 GPLv2+,spdxBSD2
      5 BSD2EndorseInsteadOfBinary
      3 GPLv2,BSD3NoWarranty
      2 spdxBSD4
      2 SeeFile,BSD3
      2 BSDOnlyEndorseNoWarranty
      1 GPLv2+,spdxBSD3
      1 GPLv2+,BSD3
      1 GPLv2+,BSD2var2
----------------------------------------------------------------------

Here is an example of the BSD3 (non-spdx):

./drivers/net/wimax/i2400m/usb-tx.c

The sentence that does not match the SPDX version is:

Neither the name of Intel Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

instead of:

Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
Possibly just remove "the" from matching text?

Neither the name of <ORGANIZATION> nor...  is what the text could read,
not sure "the" is adding to the semantics.


Here is another example  of the BSD3 (non-spdx):

./fs/nfsd/nfs4recover.c

This is the sentence that does not match:

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

instead of:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Good question.   ???

Kate



--
--dmg

---
Daniel M. German
http://turingmachine.org


Re: Ninka, and SPDX On the linux kernel and BSD licenses

Kim Weins
 

Daniel

These seem like examples of the things we may want to "templatize" in the
standard licenses. Those efforts have been delayed behind other items. The
legal team can speak to these specific issues of whether we would consider
them equivalent.

Kim



On Tue 7/12/11 4:40 AM, "D M German" <dmg@...> wrote:


Hi Everybody,

I started implementing SPDX licenses in Ninka. I started with the BSDs
(4, 3 and 2).

My goal is to try to 'SPDX' the kernel before LinuxCon. Of the files
that Ninka is properly identifying their license, there are many with
other variants of the BSD:


----------------------------------------------------------------------
71 BSD3
37 spdxBSD2
13 spdxBSD3
8 GPLv2,BSD3
8 GPLv2+,spdxBSD2
5 BSD2EndorseInsteadOfBinary
3 GPLv2,BSD3NoWarranty
2 spdxBSD4
2 SeeFile,BSD3
2 BSDOnlyEndorseNoWarranty
1 GPLv2+,spdxBSD3
1 GPLv2+,BSD3
1 GPLv2+,BSD2var2
----------------------------------------------------------------------

Here is an example of the BSD3 (non-spdx):

./drivers/net/wimax/i2400m/usb-tx.c

The sentence that does not match the SPDX version is:

Neither the name of Intel Corporation nor the names of its contributors may be
used to endorse or promote products derived from this software without
specific prior written permission.

instead of:

Neither the name of the <ORGANIZATION> nor the names of its contributors may
be used to endorse or promote products derived from this software without
specific prior written permission.


Here is another example of the BSD3 (non-spdx):

./fs/nfsd/nfs4recover.c

This is the sentence that does not match:

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

instead of:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.



--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic


Re: Ninka, and SPDX On the linux kernel and BSD licenses

Kate Stewart <kate.stewart@...>
 

Hi Daniel,
Lets move this thread to the SPDX legal subgroup discussion list.
Since I think we'll need them to comment on the issues. To my eyes,
yes those sentence fragments look basically equivalent, and we need
to figure out a way to abstract these options, but I'm not a lawyer. :)

Thanks, Kate

On Tue, 2011-07-12 at 03:40 -0700, D M German wrote:
Hi Everybody,

I started implementing SPDX licenses in Ninka. I started with the BSDs
(4, 3 and 2).

My goal is to try to 'SPDX' the kernel before LinuxCon. Of the files
that Ninka is properly identifying their license, there are many with
other variants of the BSD:


----------------------------------------------------------------------
71 BSD3
37 spdxBSD2
13 spdxBSD3
8 GPLv2,BSD3
8 GPLv2+,spdxBSD2
5 BSD2EndorseInsteadOfBinary
3 GPLv2,BSD3NoWarranty
2 spdxBSD4
2 SeeFile,BSD3
2 BSDOnlyEndorseNoWarranty
1 GPLv2+,spdxBSD3
1 GPLv2+,BSD3
1 GPLv2+,BSD2var2
----------------------------------------------------------------------

Here is an example of the BSD3 (non-spdx):

./drivers/net/wimax/i2400m/usb-tx.c

The sentence that does not match the SPDX version is:

Neither the name of Intel Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

instead of:

Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
Possibly just remove "the" from matching text?

Neither the name of <ORGANIZATION> nor... is what the text could read,
not sure "the" is adding to the semantics.


Here is another example of the BSD3 (non-spdx):

./fs/nfsd/nfs4recover.c

This is the sentence that does not match:

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

instead of:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Good question. ???

Kate


Ninka, and SPDX On the linux kernel and BSD licenses

dmg
 

Hi Everybody,

I started implementing SPDX licenses in Ninka. I started with the BSDs
(4, 3 and 2).

My goal is to try to 'SPDX' the kernel before LinuxCon. Of the files
that Ninka is properly identifying their license, there are many with
other variants of the BSD:


----------------------------------------------------------------------
71 BSD3
37 spdxBSD2
13 spdxBSD3
8 GPLv2,BSD3
8 GPLv2+,spdxBSD2
5 BSD2EndorseInsteadOfBinary
3 GPLv2,BSD3NoWarranty
2 spdxBSD4
2 SeeFile,BSD3
2 BSDOnlyEndorseNoWarranty
1 GPLv2+,spdxBSD3
1 GPLv2+,BSD3
1 GPLv2+,BSD2var2
----------------------------------------------------------------------

Here is an example of the BSD3 (non-spdx):

./drivers/net/wimax/i2400m/usb-tx.c

The sentence that does not match the SPDX version is:

Neither the name of Intel Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

instead of:

Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.


Here is another example of the BSD3 (non-spdx):

./fs/nfsd/nfs4recover.c

This is the sentence that does not match:

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

instead of:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.



--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .


Re: updating Ninka to output SPDX licenses

Jilayne Lovejoy <jilayne.lovejoy@...>
 

I would say, yes.

Jilayne

On 7/11/11 4:39 PM, "Daniel M. German" <dmg@...> wrote:


I have a question regarding when text matches a license. I am curious
how should I interpret optional quotes around some text.

In particular, the BSD-4 includes this text:

This product includes software developed by the <organization>.

Would this text be equivalent:

``This product includes software developed by the <organization>.''

or

"This product includes software developed by the <organization>."


updating Ninka to output SPDX licenses

dmg
 

I have a question regarding when text matches a license. I am curious
how should I interpret optional quotes around some text.

In particular, the BSD-4 includes this text:

This product includes software developed by the <organization>.

Would this text be equivalent:

``This product includes software developed by the <organization>.''

or

"This product includes software developed by the <organization>."



--
--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .


Question on DRAFT 20110605 (package cardinality/verification)

Mario Tokarz <mario@...>
 

Hi all,

I have two questions regarding the latest spec from your home
page. Thanks in advance for the time and consideration.

1.) Page 10 states that "A package can contain subpackages". How would
those be added to the description, they do not seem to be part of the
data model as shown on pg 35.

Supporting subpackages with a full set of metadata seems to be a good
approach to support descriptions of a full system image.

2.) Page 11/12: While package verification code is optional (most
likely to be used when SPDX is not part of the src-archive), the
verification code is mandatory.

While discussing this with a colleague we could not quite figure out
why this is the case or whether this should be better one or the other
(i.e. it is mandatory to have one of the two within one description).


I would be glad to get some thoughts on this.

Thx,
Mario

--
Mario Tokarz
BMW Car IT GmbH


SPDX web site review

Kirsten Newcomer
 

Hi all,

The website refresh team has put together a proposed information map for the SPDX web site refresh initiative. The map can be found here:

http://spdx.org/wiki/spdx-web-site-mind-maps

We’ll be reviewing this map today as part of the Business Team meeting from 12-12:30 pm ET.

Meeting info:
US  866-740-1260
Int'l  http://www.readytalk.com/support/international-numbers.php

ID 2404502

Web Meeting
Www.readytalk.com
ID 2404502

Thanks!

Kirsten
--  
Kirsten Newcomer
Senior Product Manager
Black Duck Software, Inc.

knewcomer@...
Office: +1.781.810.1839   Mobile: +1.781-710-2184



Re: A face-to-face meeting in Vancouver?

Kim Weins
 

Hi Daniel

Since we will be launching SPDX at LinuxCOn Vancouver, we are also planning
to schedule a BOF to discuss SPDX.

I may have an extra pass for you -- I think we get 5 with our sponsorship
and won't need them all.

Kim



On Fri 7/1/11 1:03 PM, "D M German" <dmg@...> wrote:


Hi everybody,

Is there any plan to have a face-to-face meeting in Vancouver during
LinuxCon? For me it is very close, so I'll be interested in doing so,
even informally.

I am probably not going to register for LinuxCon (too expensive for me,
but if anybody donates me a pass, I'll be happy to take it :)

--dmg

--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic


optional effective license of a package.

dmg
 

hi everybody,

We (the research team I am part of, which includes Armijn) have being
building a method/tool to identify dependencies in binaries by observing
the build process.

One of the test cases we are using is ffmpeg. What makes ffmpeg
interesting is that it can be configured and build under three different
licenses: LGPLv2.1+, GPLv2+, or GPLv3+.

How? you pass a parameter at compilation time that indicates which
license you want (by default lgplv2.1+).

How would this be described in SPDX?

A similar licensing scheme is the FreeBSD kernel. By default is BSD-3 (if
I remember correctly) but it can be compiled as GPLv2+.

--dmg


--
--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .


A face-to-face meeting in Vancouver?

dmg
 

Hi everybody,

Is there any plan to have a face-to-face meeting in Vancouver during
LinuxCon? For me it is very close, so I'll be interested in doing so,
even informally.

I am probably not going to register for LinuxCon (too expensive for me,
but if anybody donates me a pass, I'll be happy to take it :)

--dmg

--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .


FOSSBazaar/SPDX server upgraded

Martin Michlmayr
 

I performed a system upgrade (Debian 5.0 to 6.0) on the server hosting
FOSSBazaar and SPDX. If you notice and problems with the web site or
mailing lists, please let me know.

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard


Agenda for Thursday General Meeting

Philip Odence
 

Meeting Time: June 30, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Technical Team Report - Kate

Business Team Report - Kim

Legal Team Report - Rockett/Karen


Cross Functional Issues – Discussion
Approach to bringing V1 to closure by early August- Kim
Website update- Kirsten/Pierre/Steve


Open Action Items

  • MartinM- Report back on # of people on respective mailing lists. ONGOING
  • Kim -- share Biz Team proposed process for adding licenses to SPDX list more broadly
  • Michael H. -- provide info on existing BOM standards that should be useful for future consideration
  • Legal/Biz Teams- Review and update Master Schedule
  • ?? -- volunteers needed to review and update the FAQ: http://spdx.org/wiki/draft-spdx-faq


SPDX Beta Feedback (and Web Site Redesign)

Kim Weins
 

9:00 AM - 10:30 AM July 7, 2011
Location: See below

This replaces our biz team meeting on this day.  We'd like participation
from tech and legal teams to.

First hour will be Beta feedback
Last half hour will be review of ideas from team working on Web Site
redesign

Kim


US  866-740-1260
Int'l  http://www.readytalk.com/support/international-numbers.php

ID 2404502

Web Meeting
Www.readytalk.com
ID 2404502


Cancelled: SPDX Business (Rollout) Call 11ET/8PT

Kim Weins
 

We will replace this meeting with Beta feedback meeting for this one date.

Kim

-----



US  866-740-1260
Int'l  http://www.readytalk.com/support/international-numbers.php

ID 2404502

Web Meeting
Www.readytalk.com
ID 2404502

Agenda
We will be covering several areas on the rollout plan.

1. Beta process
2. User Content - what is needed
3. Evangelism and outreach


SPDX Beta Feedback Meeting on Jul 7

Kim Weins
 

Hi all

We will have a call to review all of the SPDX Beta feedback on Jul 7 at 11 ET/8PT.    We will try to get all of the Beta participants on the call.  In advance of the call, we will try to get Beta feedback sent out on the email lists.  I’m inviting all of the teams, since it will be important to have representation from all the workstreams.

This will replace the Business call for that date.  We will also extend the time by a half hour so that we can also cover feedback from the website redesign team.

Look for the invite, and please attend!

Kim







Kim Weins |
Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410  |  cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic


Updated Invitation: SPDX Legal Workstream Call 11ET/10CT/8PT @ Wed Jun 22 8am - 9am (spdx@fossbazaar.org)

Esteban Rockett <mgia3940@...>
 

This event has been changed.

SPDX Legal Workstream Call 11ET/10CT/8PT

Changed: All:

Due to the Linux Foundation Member Counsel Meeting, I am moving this to next week

Many thanks,

Rockett

Motorola Inc.
E.A. Rockett
Senior Counsel
Software, Applications &
Digital Content Licensing
(408)541-6703 (O)
(408)541-6900 (F)
(415)508-7625 (M)
rockett@...

When
Changed: Wed Jun 22 8am – 9am Pacific Time
Where
Conference Bridge 1.877.825.8522 PIN:0376146 (map)
Calendar
spdx@...
Who
mgia3940@... - organizer
amanda.brock@... - creator
tony.gomes@...
sadams@...
feb.cabrasawan@...
jmcbroom@...
rfontana@...
linda.shih@...
Alexandra.Siegel@...
mpierovi@...
kathleen.mullins@...
JOHN ELLIS
rtiller@...
alastern@...
Mikko.Amper@...
adcohn@...
paul.madick@...
ilardi@...
areid@...
tom.incorvia@...
Mansour Ghomeshi
smortin@...
owen.james.boyle@...
scott.k.peterson@...
Guy.Colpitts@...
bgieseman@...
pmcbride@...
spaek@...
tcarlson@...
andrew.wilson@...
barbara.reilly@...
jwacha@...
bkahin@...
vmah@...
andrew.updegrove@...
mrc@...
mccoy.smith@...
ssemel@...
gsjones@...
kcopenhaver@...
spdx-legal-request@...
spdx@...

Going?   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account spdx@... because you are an attendee of this event.

To stop receiving future notifications for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.


Thursday SPDX General Meeting

Philip Odence
 

Apologies, but once again, I have a conflict and will not be able to join, however Kirsten will (once again) do a fine job chairing in my absence. In addition to reviewing the minutes from the last meeting, please also read over the License Field discussion prior to the meeting http://www.spdx.org/wiki/license-field-discussion.


Meeting Time: June 16, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:
Conference code:  7812589502
Toll-free dial-in number (U.S. and Canada):  (877) 435-0230
International dial-in number: (253) 336-6732
For those dialing in from other regions, a list of toll free numbers can be found: 
https://www.intercallonline.com/portlets/scheduling/viewNumbers/viewNumber.do?ownerNumber=6053870&audioType=RP&viewGa=false&ga=OFF

 
Administrative Agenda
Attendance
Technical Team Report - Kate

Business Team Report - Kim

Legal Team Report - Rockett/Karen


Cross Functional Issues – Discussion
Website update- Kirsten/Pierre/Steve
License Field Discussion from Wiki


License Field Discussion

Philip Odence
 

There have been multiple discussions in different working groups about the nomenclature, meaning and intent of the package license fields. To ensure we are all on the right page, we want ot have some wiki-based discussion about the fields with perhaps some examples and use cases tha that we can capture for documentation, FAQs, etc. We may need to go thru this same exercise at the file level, but let's start here.
Go to:

We look forward to your comments on the Wiki.




Beyond copyright/licensing ?

Olivier Berger <olivier.berger@...>
 

Hi.

(I'm new here, so pardon me if this is some kind of FAQ.)

The SPDX acronym looks quite general, and the charter doesn't seem to
limit itself to licensing/copyright matters.

However, looking at the material online, it seems to me that it is the
main area of development of SPDX.

Are there other matters on the work bench ? For instance, I'm working on
standardization of the interfaces of tools used by FLOSS developers, and
SPDX looks like a major stepping stone for fostering interoperability in
the development / QA process, just as it provides a clean reference for
identification of packages (licensing issues aside). Think about tracing
which distribution packages contain copies of a particular version of a
package that exhibits a bug, etc.

Is there a summary of the different other aspects SPDX will be
addressing, after 1.0, beyond licensing ?

Thanks in advance.

Best regards,
--
Olivier BERGER <olivier.berger@...>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)

1161 - 1180 of 1590