Date   

Re: Licensing Workshop at LinuxTag 2011 (XML errors)

Esteban Rockett <mgia3940@...>
 

agreed.


On Tue, May 31, 2011 at 9:36 AM, dmg <dmg@...> wrote:
Hi Martin,

it will also help to have a simple tar file with all the licenses,
each in its own file, and without the HTML tagging.
Basically, the actual text of the license.

--dmg

On Tue, May 31, 2011 at 7:12 AM, Martin Michlmayr <tbm@...> wrote:
> * Joerg Schilling <Joerg.Schilling@...> [2011-05-26 10:25]:
>> BTW: Could you add a OSI tag to http://spdx.org/licenses/CPL-1.0?
>
>> This license is superceeded but it is used for the korn shell and other AT&T
>> software and for this reason, it is important to see that it is OSI approved.
>
> Jilayne, are you the right person to take care of this?
>
>> For the overview table http://spdx.org/licenses/ it would also be
>> nice to have a one character marker column that flags wether a
>> license is OSI approved or not.
>
> Gary, is this something you can add to your tool?
>
> --
> Martin Michlmayr
> Open Source Program Office, Hewlett-Packard
> _______________________________________________
> Spdx mailing list
> Spdx@...
> https://fossbazaar.org/mailman/listinfo/spdx
>



--
--dmg

---
Daniel M. German
http://turingmachine.org
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx



--
Motorola Inc.
E.A. Rockett
Senior Counsel
Software, Applications &
Digital Content Licensing
(408)541-6703 (O)
(408)541-6900 (F)
(415)508-7625 (M)
rockett@...


Re: Licensing Workshop at LinuxTag 2011 (XML errors)

dmg
 

Hi Martin,

it will also help to have a simple tar file with all the licenses,
each in its own file, and without the HTML tagging.
Basically, the actual text of the license.

--dmg

On Tue, May 31, 2011 at 7:12 AM, Martin Michlmayr <tbm@...> wrote:
* Joerg Schilling <Joerg.Schilling@...> [2011-05-26 10:25]:
BTW: Could you add a OSI tag to http://spdx.org/licenses/CPL-1.0?
This license is superceeded but it is used for the korn shell and other AT&T
software and for this reason, it is important to see that it is OSI approved.
Jilayne, are you the right person to take care of this?

For the overview table http://spdx.org/licenses/ it would also be
nice to have a one character marker column that flags wether a
license is OSI approved or not.
Gary, is this something you can add to your tool?

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
--
--dmg

---
Daniel M. German
http://turingmachine.org


Re: Licensing Workshop at LinuxTag 2011 (XML errors)

Esteban Rockett <mgia3940@...>
 

Jilayne - lets discuss at your convinence. (today if possible)

Rockett


On Tue, May 31, 2011 at 7:12 AM, Martin Michlmayr <tbm@...> wrote:
* Joerg Schilling <Joerg.Schilling@...> [2011-05-26 10:25]:
> BTW: Could you add a OSI tag to http://spdx.org/licenses/CPL-1.0?

> This license is superceeded but it is used for the korn shell and other AT&T
> software and for this reason, it is important to see that it is OSI approved.

Jilayne, are you the right person to take care of this?

> For the overview table http://spdx.org/licenses/ it would also be
> nice to have a one character marker column that flags wether a
> license is OSI approved or not.

Gary, is this something you can add to your tool?

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard
_______________________________________________



--
Motorola Inc.
E.A. Rockett
Senior Counsel
Software, Applications &
Digital Content Licensing
(408)541-6703 (O)
(408)541-6900 (F)
(415)508-7625 (M)
rockett@...


Re: Licensing Workshop at LinuxTag 2011 (XML errors)

Martin Michlmayr
 

* Joerg Schilling <Joerg.Schilling@...> [2011-05-26 10:25]:
BTW: Could you add a OSI tag to http://spdx.org/licenses/CPL-1.0?
This license is superceeded but it is used for the korn shell and other AT&T
software and for this reason, it is important to see that it is OSI approved.
Jilayne, are you the right person to take care of this?

For the overview table http://spdx.org/licenses/ it would also be
nice to have a one character marker column that flags wether a
license is OSI approved or not.
Gary, is this something you can add to your tool?

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard


OSI adopts SPDX short names

Philip Odence
 


Re: Licensing Workshop at LinuxTag 2011 (XML errors)

Joerg Schilling <Joerg.Schilling@...>
 

Martin Michlmayr <tbm@...> wrote:

I've put the update in place now. However, the issues pointed out by
Juergen and Joerg are different to the known issue. I've fixed the
issues up manually now and verified that all licenses parse properly.
I'll work with Gary offline to make sure his tools get updated.
Thank you!

BTW: Could you add a OSI tag to http://spdx.org/licenses/CPL-1.0?

This license is superceeded but it is used for the korn shell and other AT&T
software and for this reason, it is important to see that it is OSI approved.

For the overview table http://spdx.org/licenses/ it would also be nice to have
a one character marker column that flags wether a license is OSI approved or
not.

Jörg

--
EMail:joerg@... (home) Jörg Schilling D-13353 Berlin
js@... (uni)
joerg.schilling@... (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily


Re: Licensing Workshop at LinuxTag 2011 (XML errors)

Martin Michlmayr
 

* Gary O'Neall <gary@...> [2011-05-25 18:05]:
Thanks for pointing out the errors. I believe this is a known encoding
error which should be fixed when we next update the licenses. This will be
fixed on the next update. We don't have a specific date for the next update
but it should be less than a week from now.
I've put the update in place now. However, the issues pointed out by
Juergen and Joerg are different to the known issue. I've fixed the
issues up manually now and verified that all licenses parse properly.
I'll work with Gary offline to make sure his tools get updated.

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard


Re: Licensing Workshop at LinuxTag 2011

Stefano Zacchiroli <leader@...>
 

[ adding Debian relevant people for DEP5 & preserving all extra needed
Cc:-s mentioned in the thread thus far (I hope :)) ]

On Wed, May 25, 2011 at 01:35:01PM +0200, Ciaran Farrell wrote:
We saw that there is a variety of ways in which distributions describe the
license of a package (or a component of a package) - where the distributions
actually mean the same license but have different designations (short names)
for their package metadata.

Whereas we didn't actually conclusively decide on anything, we did agree that
it would be beneficial if the distributions would adopt a common scheme of
designating license names.
Agreed, of course.

Currently, one example of an online collaborative effort (under the auspices
of the Linux Foundation) is SPDX (spdx.org) (which has been adopted by Debian
in DEP5).
A small clarification is needed here. Actually DEP5 predates SPDX
(although it took quite a while to complete...). A handy link to DEP5 is
<http://dep.debian.net/deps/dep5/>. In the current state, DEP5 has not
explicitly adopted SPDX, although we have tried to stay as close as
possible to it. There are still some difference though, which you can
find listed at
<http://wiki.debian.org/Proposals/CopyrightFormat#Differences_between_DEP5_and_SPDX>
together with some of the actions we've taken wrt those differences.

I've not been personally involved in the standardization of DEP5 in
Debian, but Lars Wirzenius and Steve Langasek have been and I'm adding
them in the loop. I'm sure they can provide way more precise information
about all this than me.

Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere
ti resta John Fante -- V. Capossela .......| ..: |.......... -- C. Adams


Re: Licensing Workshop at LinuxTag 2011 (XML errors)

Soeren_Rabenstein@...
 

I am not sure who manages this page, but
http://spdx.org/licenses/ISC and
some
others cannot be displayed on my firefox as they give a xml parsing
error.

Confirming this problem for Firefox 4.0.1 (Win32)

Cheers
Soeren

=====================================================================================================================================
This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it
is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete
the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized
disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views
or opinions expressed are solely those of the author and do not represent those of ASUSTeK. Thank you for your cooperation.
=====================================================================================================================================


Re: license name question

Philip Odence
 

First, let me be a pain in the neck and suggest we should move this
discussion to the spdx-legal list. We've committed to limiting this
general list to more summary information and less real work.

My opinion on the discussion below is that this is a license that it not
on the list, so needs to be treated as a custom license. It would be a
candidate for the list and could be nominated once the Biz team defines a
mechanism for new license inclusion.

On 5/25/11 2:47 PM, "Bob Gobeille" <bob.gobeille@...> wrote:

I brought this up because it is a new signature in FOSSology and I'd like
the name to be as close to the SPDX guidelines as possible. I really
like Daniel's method of identifying disjunctive licenses, but I don't see
that syntax in the SPDX guideline.

Would "GPL-2+-KDEupgradeClause" convey appropriate meaning? Or maybe I
should use Daniel's name until this is formalized or added to the license
list?

Bob

On May 25, 2011, at 10:40 AM, Jilayne Lovejoy wrote:

Daniel, et al.

By "KDEupgradeClause" you are referring to the previous posts re: KDE
reserving the right to decide on post-v3 versions of GPL as well, is
that
right?

I suppose from the standpoint of our current SPDX license list short
and the
spec guidelines, Daniel has a good point and my previous suggestion
that it
would be "GPLv2+" (I know, that is not the exact correct short
identifier,
but for expediency purposes...) is not exactly right, but more
accuratly, it
would be: a disjunctive set of GPLv2 or GPLv3

Jilayne


On 5/25/11 10:35 AM, "Daniel M. German" <dmg@...> wrote:

Hi Bob, Scott, Jilayne, Armijn,

On Wed, May 25, 2011 at 8:51 AM, Lamons, Scott (Open Source Program
Office) <scott.lamons@...> wrote:
This is the way I read it as well. However I don't know why they
wouldn't
just license it under GPLv2 or GPLv3 and eliminate the "or (at your
option)
any later version..." which seems completely unnecessary and forces
you into
effectively dealing with a non-standard license in SPDX.
We (as in Ninka) decided to consider this a (GPLv2 |
GPLv3-KDEupgradeClause). It can also be considered: (GPLv2 | GPLv3 |
GPLv3-KDEupgradeClause) from a practical point of view
that would simplify analysis. It is not a GPLv2+ or (GPLv2| GPLv3+)
since the upgrade path is different (in the former one the KDE
foundation decides the upgrade path, in the latter the FSF).

--dmg


My 2 cents.

-Scott

-----Original Message-----
From: spdx-bounces@...
[mailto:spdx-bounces@...]
On Behalf Of Jilayne Lovejoy
Sent: Wednesday, May 25, 2011 9:44 AM
To: Gobeille, Robert; spdx@...
Subject: Re: license name question

This would be GPL-2+ - as it's really just describing GPL v2 or
later.
THere is no GPL v2.1 (that would be LGPL v2.1, I know, confusing!)

As for the KDE exception - the notice reads to me that KDE is
reserving
the
right to approve future versions of the GPL for use as the license
for
this
code, which seems different to me than an exception. I understand it
to be
saying - 'if there's a GPL v4, we want the chance to check that out
and
accept or not accecpt it instead of preemptively saying we'll accept
a
license before it has even been written.' Makes sense and seems
reasonable,
actually.

I guess I would think of this as different than an exception, since
usually
an exception usually adds or modifies the terms of the original
license,
which I suppose this does in a way, but in a different way than we
usually
think of?

Jilayne


On 5/25/11 9:34 AM, "Bob Gobeille" <bob.gobeille@...> wrote:

I just ran into the following license. It is GPL v2 or GPL v3+ KDE
exception. Note the absence of GPLv2.1. If 2.1 was included, the
name would
be GPL-2+-with-KDE-exception, but since it isn't, what is the
protocol?

GPL-2or3-with-KDE-exception
???

Here is the code license notice:
/*********************************************************************
*
*******
***********
* Copyright (c) 2007 Ian Monroe <ian@...>
*
* (c) 2010 Jeff Mitchell <mitchell@...>
*
*
*
* This program is free software; you can redistribute it and/or
modify it
under *
* the terms of the GNU General Public License as published by the
Free
Software *
* Foundation; either version 2 of the License, or (at your option)
version 3
or *
* any later version accepted by the membership of KDE e.V. (or its
successor
approved *
* by the membership of KDE e.V.), which shall act as a proxy
defined
in
Section 14 of *
* version 3 of the license.
*
*
*
* This program is distributed in the hope that it will be useful,
but WITHOUT
ANY *
* WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS
FOR A *
* PARTICULAR PURPOSE. See the GNU General Public License for more
details.
*
*
*
* You should have received a copy of the GNU General Public License
along
with *
* this program. If not, see <http://www.gnu.org/licenses/>.
*

**********************************************************************
*
*******
**********/


Thanks,
Bob Gobeille
Hewlett Packard
Open Source Program Office
(http://fossology.org)
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021

_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx


Re: license name question

Bob Gobeille
 

I brought this up because it is a new signature in FOSSology and I'd like the name to be as close to the SPDX guidelines as possible. I really like Daniel's method of identifying disjunctive licenses, but I don't see that syntax in the SPDX guideline.

Would "GPL-2+-KDEupgradeClause" convey appropriate meaning? Or maybe I should use Daniel's name until this is formalized or added to the license list?

Bob

On May 25, 2011, at 10:40 AM, Jilayne Lovejoy wrote:

Daniel, et al.

By "KDEupgradeClause" you are referring to the previous posts re: KDE
reserving the right to decide on post-v3 versions of GPL as well, is that
right?

I suppose from the standpoint of our current SPDX license list short and the
spec guidelines, Daniel has a good point and my previous suggestion that it
would be "GPLv2+" (I know, that is not the exact correct short identifier,
but for expediency purposes...) is not exactly right, but more accuratly, it
would be: a disjunctive set of GPLv2 or GPLv3

Jilayne


On 5/25/11 10:35 AM, "Daniel M. German" <dmg@...> wrote:

Hi Bob, Scott, Jilayne, Armijn,

On Wed, May 25, 2011 at 8:51 AM, Lamons, Scott (Open Source Program
Office) <scott.lamons@...> wrote:
This is the way I read it as well. However I don't know why they wouldn't
just license it under GPLv2 or GPLv3 and eliminate the "or (at your option)
any later version..." which seems completely unnecessary and forces you into
effectively dealing with a non-standard license in SPDX.
We (as in Ninka) decided to consider this a (GPLv2 |
GPLv3-KDEupgradeClause). It can also be considered: (GPLv2 | GPLv3 |
GPLv3-KDEupgradeClause) from a practical point of view
that would simplify analysis. It is not a GPLv2+ or (GPLv2| GPLv3+)
since the upgrade path is different (in the former one the KDE
foundation decides the upgrade path, in the latter the FSF).

--dmg


My 2 cents.

-Scott

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Jilayne Lovejoy
Sent: Wednesday, May 25, 2011 9:44 AM
To: Gobeille, Robert; spdx@...
Subject: Re: license name question

This would be GPL-2+ - as it's really just describing GPL v2 or later.
THere is no GPL v2.1 (that would be LGPL v2.1, I know, confusing!)

As for the KDE exception - the notice reads to me that KDE is reserving
the
right to approve future versions of the GPL for use as the license for
this
code, which seems different to me than an exception. I understand it
to be
saying - 'if there's a GPL v4, we want the chance to check that out and
accept or not accecpt it instead of preemptively saying we'll accept a
license before it has even been written.' Makes sense and seems
reasonable,
actually.

I guess I would think of this as different than an exception, since
usually
an exception usually adds or modifies the terms of the original
license,
which I suppose this does in a way, but in a different way than we
usually
think of?

Jilayne


On 5/25/11 9:34 AM, "Bob Gobeille" <bob.gobeille@...> wrote:

I just ran into the following license. It is GPL v2 or GPL v3+ KDE
exception. Note the absence of GPLv2.1. If 2.1 was included, the
name would
be GPL-2+-with-KDE-exception, but since it isn't, what is the
protocol?

GPL-2or3-with-KDE-exception
???

Here is the code license notice:
/**********************************************************************
*******
***********
* Copyright (c) 2007 Ian Monroe <ian@...>
*
* (c) 2010 Jeff Mitchell <mitchell@...>
*
*
*
* This program is free software; you can redistribute it and/or
modify it
under *
* the terms of the GNU General Public License as published by the
Free
Software *
* Foundation; either version 2 of the License, or (at your option)
version 3
or *
* any later version accepted by the membership of KDE e.V. (or its
successor
approved *
* by the membership of KDE e.V.), which shall act as a proxy defined
in
Section 14 of *
* version 3 of the license.
*
*
*
* This program is distributed in the hope that it will be useful,
but WITHOUT
ANY *
* WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS
FOR A *
* PARTICULAR PURPOSE. See the GNU General Public License for more
details.
*
*
*
* You should have received a copy of the GNU General Public License
along
with *
* this program. If not, see <http://www.gnu.org/licenses/>.
*

***********************************************************************
*******
**********/


Thanks,
Bob Gobeille
Hewlett Packard
Open Source Program Office
(http://fossology.org)
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


Re: Licensing Workshop at LinuxTag 2011 (XML errors)

Gary O'Neall
 

Hi Juergen,

Thanks for pointing out the errors. I believe this is a known encoding
error which should be fixed when we next update the licenses. This will be
fixed on the next update. We don't have a specific date for the next update
but it should be less than a week from now.

Gary

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On
Behalf Of Juergen Weigert
Sent: Wednesday, May 25, 2011 7:53 AM
To: Joerg Schilling
Cc: hoefel@...; cdenicolo@...; sebastian@...;
fatih@...; vuntz@...; jsstewart@...;
n-roeser@...; misc@...; zack@...;
amanda.brock@...; spdx@...; jmbsvicetto@...
Subject: Re: Licensing Workshop at LinuxTag 2011 (XML errors)

On May 25, 11 15:26:01 +0200, Joerg Schilling wrote:
I am not sure who manages this page, but http://spdx.org/licenses/ISC and
some
others cannot be displayed on my firefox as they give a xml parsing error.
Firefox diagnostics are misleading here.
We have https://bugzilla.mozilla.org/show_bug.cgi?id=655661 for this.

The SPDX pages are served with mime-type application/xml, but entities are
used that are illegal in XML. We should either promote to application/html
or get all entities fixed.
Do we have anybody at SPDX, who would want to look into this?

thanks,
JW-

--
o \ Juergen Weigert paint it green! __/ _=======.=======_
<V> | jw@... back to ascii! __/ _---|____________\/
\ | 0911 74053-508 __/ (____/ /\
(/) | _____________________________/ _/ \_ vim:set sw=2 wm=8
SUSE LINUX Products GmbH, GF: Jeff Hawn, J.Guild, F.Immendoerffer, HRB 16746

(AG Nuernberg), Maxfeldstrasse 5, 90409 Nuernberg, Germany

SuSE. Supporting Linux since 1992.
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx


Re: Licensing Workshop at LinuxTag 2011

Bruno Cornec <Bruno.Cornec@...>
 

Hello,

Ciaran Farrell said on Wed, May 25, 2011 at 01:35:01PM +0200:
Currently, one example of an online collaborative effort (under the auspices
of the Linux Foundation) is SPDX (spdx.org) (which has been adopted by Debian
in DEP5). The workgroup at SPDX.org has come up with a list of commonly used
licenses (see http://www.spdx.org/licenses). The list has many licenses but
not all licenses that distributions will likely need to track and reference.
There should not be a problem with submitting more licenses to SPDX so be
included in that list.
Just for completion (and maybe discussion with them), I attended a
session at the latest Solutions Linux in Paris, where a project called
Open Source Cartouche was described, which is near from SPDX.
Cf: http://www.opensourcecartouche.org/

(Shameless plug for the source:
http://brunocornec.wordpress.com/2011/05/12/second-day-at-solutions-linux-2011/)
"Open Source Cartouche by Philippe-Arnaud Haranger (Atos Origin – Team
Pascal Pujo)

Study made around an Aerospatial customer.
9 years of devs, and strong willingness to use FLOSS components.
Study showed incompatible licenses. Copy/Paste of code in 2000+ bricks.
Quote: “My God ! What have been done ?”

Licensing wasn’t a priority (they already didn’t document)
Code contamination is made on purpose, because they need it, and is due
to local teams, outsourcing, and external application maintenance.
Consequences: licenses not respected, proprietary code tainted (PI loss)
Open Source was favoured, but in reality they created risks.

Solutons: Strong governance (creates too many constraints in general) or
Tooling (cost, but efficient) or Manual Audit (cost, complex, impact) or
take risk (costs and impact) or open source the SW (anyway conformity
required, but impact as irreversible).
The earlier it’s done the less it costs.

Solution is Open Source Cartouche (what is around the Pharaon) – derived
from QSOS.
Identify licenses and the recursivity of components integrated
It’s a structural approach beforehands, instead of scan afterwards (even
if this is also required)
Put more trust in the FLOSS, Avoid contamination and protect community
works.
Presenter asked the possibility of using this formalism in FOSSology ?

Some Remarks on my side:
I asked the question: What is the position vs SPDX ? I think they are
probably in competition, and that they forget to consider it before
launching something on their side. What is important is to have a
standard adopted. The answer was that there is a fear of Blackduck that
may create problems for communities. Their standard proposal is simpler
than SPDX so more pragmatic, and thus propably easier to adopt by FLOSS
projects. And the team is open to make required adaptations. However, it
won’t work as a franco-french stuff !! I think we need an SPDX lite if
we aim at being adopted by FLOSS projects, as the current status of the
project is just only understandable by lawyers. I’ll try to generate
some discussions around that on the SPDX ML.

Thinking about all this I think it would be valuable as well to lauch a
new initiative to create the CERT/CVE base of licenses violations,
working on the same model (disclosure after problem is solved)."


HTH,
Bruno.
--
Open Source & Linux Profession Lead EMEA / http://opensource.hp.com
HP/Intel/Red Hat Open Source Solutions Initiative / http://www.hpintelco.net
http://www.HyPer-Linux.org http://mondorescue.org http://project-builder.org
La musique ancienne? http://www.musique-ancienne.org http://www.medieval.org


Re: license name question

Jilayne Lovejoy <jilayne.lovejoy@...>
 

Daniel, et al.

By "KDEupgradeClause" you are referring to the previous posts re: KDE
reserving the right to decide on post-v3 versions of GPL as well, is that
right?

I suppose from the standpoint of our current SPDX license list short and the
spec guidelines, Daniel has a good point and my previous suggestion that it
would be "GPLv2+" (I know, that is not the exact correct short identifier,
but for expediency purposes...) is not exactly right, but more accuratly, it
would be: a disjunctive set of GPLv2 or GPLv3

Jilayne


On 5/25/11 10:35 AM, "Daniel M. German" <dmg@...> wrote:

Hi Bob, Scott, Jilayne, Armijn,

On Wed, May 25, 2011 at 8:51 AM, Lamons, Scott (Open Source Program
Office) <scott.lamons@...> wrote:
This is the way I read it as well.  However I don't know why they wouldn't
just license it under GPLv2 or GPLv3 and eliminate the "or (at your option)
any later version..."  which seems completely unnecessary and forces you into
effectively dealing with a non-standard license in SPDX.
We (as in Ninka) decided to consider this a (GPLv2 |
GPLv3-KDEupgradeClause). It can also be considered: (GPLv2 | GPLv3 |
GPLv3-KDEupgradeClause) from a practical point of view
that would simplify analysis. It is not a GPLv2+ or (GPLv2| GPLv3+)
since the upgrade path is different (in the former one the KDE
foundation decides the upgrade path, in the latter the FSF).

--dmg


My 2 cents.

-Scott

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Jilayne Lovejoy
Sent: Wednesday, May 25, 2011 9:44 AM
To: Gobeille, Robert; spdx@...
Subject: Re: license name question

This would be GPL-2+ - as it's really just describing GPL v2 or later.
THere is no GPL v2.1 (that would be LGPL v2.1, I know, confusing!)

As for the KDE exception - the notice reads to me that KDE is reserving
the
right to approve future versions of the GPL for use as the license for
this
code, which seems different to me than an exception.  I understand it
to be
saying - 'if there's a GPL v4, we want the chance to check that out and
accept or not accecpt it instead of preemptively saying we'll accept a
license before it has even been written.' Makes sense and seems
reasonable,
actually.

I guess I would think of this as different than an exception, since
usually
an exception usually adds or modifies the terms of the original
license,
which I suppose this does in a way, but in a different way than we
usually
think of?

Jilayne


On 5/25/11 9:34 AM, "Bob Gobeille" <bob.gobeille@...> wrote:

I just ran into the following license.  It is  GPL v2 or GPL v3+ KDE
exception.  Note the absence of GPLv2.1.  If 2.1 was included, the
name would
be GPL-2+-with-KDE-exception, but since it isn't, what is the
protocol?

GPL-2or3-with-KDE-exception
???

Here is the code license notice:
/**********************************************************************
*******
***********
 * Copyright (c) 2007 Ian Monroe <ian@...>
*
 *           (c) 2010 Jeff Mitchell <mitchell@...>
*
 *
*
 * This program is free software; you can redistribute it and/or
modify it
under        *
 * the terms of the GNU General Public License as published by the
Free
Software        *
 * Foundation; either version 2 of the License, or (at your option)
version 3
or        *
 * any later version accepted by the membership of KDE e.V. (or its
successor
approved  *
 * by the membership of KDE e.V.), which shall act as a proxy defined
in
Section 14 of  *
 * version 3 of the license.
*
 *
*
 * This program is distributed in the hope that it will be useful,
but WITHOUT
ANY      *
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS
FOR A      *
 * PARTICULAR PURPOSE. See the GNU General Public License for more
details.
*
 *
*
 * You should have received a copy of the GNU General Public License
along
with         *
 * this program.  If not, see <http://www.gnu.org/licenses/>.
*

***********************************************************************
*******
**********/


Thanks,
Bob Gobeille
Hewlett Packard
Open Source Program Office
  (http://fossology.org)
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy |  Corporate Counsel
jlovejoy@...

720 240 4545  |  phone
720 240 4556  |  fax
1 888 OpenLogic  |  toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


Re: license name question

dmg
 

Hi Bob, Scott, Jilayne, Armijn,

On Wed, May 25, 2011 at 8:51 AM, Lamons, Scott (Open Source Program
Office) <scott.lamons@...> wrote:
This is the way I read it as well.  However I don't know why they wouldn't just license it under GPLv2 or GPLv3 and eliminate the "or (at your option) any later version..."  which seems completely unnecessary and forces you into effectively dealing with a non-standard license in SPDX.
We (as in Ninka) decided to consider this a (GPLv2 |
GPLv3-KDEupgradeClause). It can also be considered: (GPLv2 | GPLv3 |
GPLv3-KDEupgradeClause) from a practical point of view
that would simplify analysis. It is not a GPLv2+ or (GPLv2| GPLv3+)
since the upgrade path is different (in the former one the KDE
foundation decides the upgrade path, in the latter the FSF).

--dmg


My 2 cents.

-Scott

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Jilayne Lovejoy
Sent: Wednesday, May 25, 2011 9:44 AM
To: Gobeille, Robert; spdx@...
Subject: Re: license name question

This would be GPL-2+ - as it's really just describing GPL v2 or later.
THere is no GPL v2.1 (that would be LGPL v2.1, I know, confusing!)

As for the KDE exception - the notice reads to me that KDE is reserving
the
right to approve future versions of the GPL for use as the license for
this
code, which seems different to me than an exception.  I understand it
to be
saying - 'if there's a GPL v4, we want the chance to check that out and
accept or not accecpt it instead of preemptively saying we'll accept a
license before it has even been written.' Makes sense and seems
reasonable,
actually.

I guess I would think of this as different than an exception, since
usually
an exception usually adds or modifies the terms of the original
license,
which I suppose this does in a way, but in a different way than we
usually
think of?

Jilayne


On 5/25/11 9:34 AM, "Bob Gobeille" <bob.gobeille@...> wrote:

I just ran into the following license.  It is  GPL v2 or GPL v3+ KDE
exception.  Note the absence of GPLv2.1.  If 2.1 was included, the
name would
be GPL-2+-with-KDE-exception, but since it isn't, what is the
protocol?

GPL-2or3-with-KDE-exception
???

Here is the code license notice:
/**********************************************************************
*******
***********
 * Copyright (c) 2007 Ian Monroe <ian@...>
*
 *           (c) 2010 Jeff Mitchell <mitchell@...>
*
 *
*
 * This program is free software; you can redistribute it and/or
modify it
under        *
 * the terms of the GNU General Public License as published by the
Free
Software        *
 * Foundation; either version 2 of the License, or (at your option)
version 3
or        *
 * any later version accepted by the membership of KDE e.V. (or its
successor
approved  *
 * by the membership of KDE e.V.), which shall act as a proxy defined
in
Section 14 of  *
 * version 3 of the license.
*
 *
*
 * This program is distributed in the hope that it will be useful,
but WITHOUT
ANY      *
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS
FOR A      *
 * PARTICULAR PURPOSE. See the GNU General Public License for more
details.
*
 *
*
 * You should have received a copy of the GNU General Public License
along
with         *
 * this program.  If not, see <http://www.gnu.org/licenses/>.
*

***********************************************************************
*******
**********/


Thanks,
Bob Gobeille
Hewlett Packard
Open Source Program Office
  (http://fossology.org)
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy |  Corporate Counsel
jlovejoy@...

720 240 4545  |  phone
720 240 4556  |  fax
1 888 OpenLogic  |  toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx


--
--dmg

---
Daniel M. German
http://turingmachine.org


Re: license name question

Armijn Hemel <armijn@...>
 

On 05/25/2011 05:51 PM, Lamons, Scott (Open Source Program Office) wrote:
This is the way I read it as well. However I don't know why they wouldn't just license it under GPLv2 or GPLv3 and eliminate the "or (at your option) any later version..." which seems completely unnecessary and forces you into effectively dealing with a non-standard license in SPDX.
Because KDE e.V. is a German non-profit and its members like to have endless meetings ;-)

Kidding aside, this license change came a few years ago because they went through a lot of pain when they wanted to relicense some code. The KDE project spent 1.5 years trying to track down five copyright holders for this license change. They did not respond for a variety of reasons ('dropped off the planet', 'dead', etc.) and KDE did not want to ever go through a similar painful process in the future, so this was part of their solution.

(more details available from Adriaan de Groot from KDE)

armijn

--
------------------------------------------------------------------------
armijn@... || http://www.gpl-violations.org/
------------------------------------------------------------------------


Re: license name question

Lamons, Scott (Open Source Program Office) <scott.lamons@...>
 

This is the way I read it as well. However I don't know why they wouldn't just license it under GPLv2 or GPLv3 and eliminate the "or (at your option) any later version..." which seems completely unnecessary and forces you into effectively dealing with a non-standard license in SPDX.

My 2 cents.

-Scott

-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...]
On Behalf Of Jilayne Lovejoy
Sent: Wednesday, May 25, 2011 9:44 AM
To: Gobeille, Robert; spdx@...
Subject: Re: license name question

This would be GPL-2+ - as it's really just describing GPL v2 or later.
THere is no GPL v2.1 (that would be LGPL v2.1, I know, confusing!)

As for the KDE exception - the notice reads to me that KDE is reserving
the
right to approve future versions of the GPL for use as the license for
this
code, which seems different to me than an exception. I understand it
to be
saying - 'if there's a GPL v4, we want the chance to check that out and
accept or not accecpt it instead of preemptively saying we'll accept a
license before it has even been written.' Makes sense and seems
reasonable,
actually.

I guess I would think of this as different than an exception, since
usually
an exception usually adds or modifies the terms of the original
license,
which I suppose this does in a way, but in a different way than we
usually
think of?

Jilayne


On 5/25/11 9:34 AM, "Bob Gobeille" <bob.gobeille@...> wrote:

I just ran into the following license. It is GPL v2 or GPL v3+ KDE
exception. Note the absence of GPLv2.1. If 2.1 was included, the
name would
be GPL-2+-with-KDE-exception, but since it isn't, what is the
protocol?

GPL-2or3-with-KDE-exception
???

Here is the code license notice:
/**********************************************************************
*******
***********
* Copyright (c) 2007 Ian Monroe <ian@...>
*
* (c) 2010 Jeff Mitchell <mitchell@...>
*
*
*
* This program is free software; you can redistribute it and/or
modify it
under *
* the terms of the GNU General Public License as published by the
Free
Software *
* Foundation; either version 2 of the License, or (at your option)
version 3
or *
* any later version accepted by the membership of KDE e.V. (or its
successor
approved *
* by the membership of KDE e.V.), which shall act as a proxy defined
in
Section 14 of *
* version 3 of the license.
*
*
*
* This program is distributed in the hope that it will be useful,
but WITHOUT
ANY *
* WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS
FOR A *
* PARTICULAR PURPOSE. See the GNU General Public License for more
details.
*
*
*
* You should have received a copy of the GNU General Public License
along
with *
* this program. If not, see <http://www.gnu.org/licenses/>.
*

***********************************************************************
*******
**********/


Thanks,
Bob Gobeille
Hewlett Packard
Open Source Program Office
(http://fossology.org)
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx


Re: license name question

Bob Gobeille
 

doh!
Thank you and Armijn for straightening me out.

So would a reasonable license name be "GPL-2+-KDE" ?

Bob Gobeille

On May 25, 2011, at 9:43 AM, Jilayne Lovejoy wrote:

This would be GPL-2+ - as it's really just describing GPL v2 or later.
THere is no GPL v2.1 (that would be LGPL v2.1, I know, confusing!)

As for the KDE exception - the notice reads to me that KDE is reserving the
right to approve future versions of the GPL for use as the license for this
code, which seems different to me than an exception. I understand it to be
saying - 'if there's a GPL v4, we want the chance to check that out and
accept or not accecpt it instead of preemptively saying we'll accept a
license before it has even been written.' Makes sense and seems reasonable,
actually.

I guess I would think of this as different than an exception, since usually
an exception usually adds or modifies the terms of the original license,
which I suppose this does in a way, but in a different way than we usually
think of?

Jilayne


On 5/25/11 9:34 AM, "Bob Gobeille" <bob.gobeille@...> wrote:

I just ran into the following license. It is GPL v2 or GPL v3+ KDE
exception. Note the absence of GPLv2.1. If 2.1 was included, the name would
be GPL-2+-with-KDE-exception, but since it isn't, what is the protocol?

GPL-2or3-with-KDE-exception
???

Here is the code license notice:
/*****************************************************************************
***********
* Copyright (c) 2007 Ian Monroe <ian@...>
*
* (c) 2010 Jeff Mitchell <mitchell@...>
*
*
*
* This program is free software; you can redistribute it and/or modify it
under *
* the terms of the GNU General Public License as published by the Free
Software *
* Foundation; either version 2 of the License, or (at your option) version 3
or *
* any later version accepted by the membership of KDE e.V. (or its successor
approved *
* by the membership of KDE e.V.), which shall act as a proxy defined in
Section 14 of *
* version 3 of the license.
*
*
*
* This program is distributed in the hope that it will be useful, but WITHOUT
ANY *
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A *
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
*
*
* You should have received a copy of the GNU General Public License along
with *
* this program. If not, see <http://www.gnu.org/licenses/>.
*

******************************************************************************
**********/


Thanks,
Bob Gobeille
Hewlett Packard
Open Source Program Office
(http://fossology.org)
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


Re: license name question

Jilayne Lovejoy <jilayne.lovejoy@...>
 

This would be GPL-2+ - as it's really just describing GPL v2 or later.
THere is no GPL v2.1 (that would be LGPL v2.1, I know, confusing!)

As for the KDE exception - the notice reads to me that KDE is reserving the
right to approve future versions of the GPL for use as the license for this
code, which seems different to me than an exception. I understand it to be
saying - 'if there's a GPL v4, we want the chance to check that out and
accept or not accecpt it instead of preemptively saying we'll accept a
license before it has even been written.' Makes sense and seems reasonable,
actually.

I guess I would think of this as different than an exception, since usually
an exception usually adds or modifies the terms of the original license,
which I suppose this does in a way, but in a different way than we usually
think of?

Jilayne


On 5/25/11 9:34 AM, "Bob Gobeille" <bob.gobeille@...> wrote:

I just ran into the following license. It is GPL v2 or GPL v3+ KDE
exception. Note the absence of GPLv2.1. If 2.1 was included, the name would
be GPL-2+-with-KDE-exception, but since it isn't, what is the protocol?

GPL-2or3-with-KDE-exception
???

Here is the code license notice:
/*****************************************************************************
***********
* Copyright (c) 2007 Ian Monroe <ian@...>
*
* (c) 2010 Jeff Mitchell <mitchell@...>
*
*
*
* This program is free software; you can redistribute it and/or modify it
under *
* the terms of the GNU General Public License as published by the Free
Software *
* Foundation; either version 2 of the License, or (at your option) version 3
or *
* any later version accepted by the membership of KDE e.V. (or its successor
approved *
* by the membership of KDE e.V.), which shall act as a proxy defined in
Section 14 of *
* version 3 of the license.
*
*
*
* This program is distributed in the hope that it will be useful, but WITHOUT
ANY *
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A *
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
*
*
* You should have received a copy of the GNU General Public License along
with *
* this program. If not, see <http://www.gnu.org/licenses/>.
*

******************************************************************************
**********/


Thanks,
Bob Gobeille
Hewlett Packard
Open Source Program Office
(http://fossology.org)
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Jilayne Lovejoy | Corporate Counsel
jlovejoy@...

720 240 4545 | phone
720 240 4556 | fax
1 888 OpenLogic | toll free
www.openlogic.com

OpenLogic, Inc.
10910 W 120th Ave, Suite 450
Broomfield, Colorado 80021


Re: license name question

Armijn Hemel <armijn@...>
 

On 05/25/2011 05:34 PM, Bob Gobeille wrote:
I just ran into the following license. It is GPL v2 or GPL v3+ KDE exception. Note the absence of GPLv2.1. If 2.1 was included, the name would be GPL-2+-with-KDE-exception, but since it isn't, what is the protocol?

GPL-2or3-with-KDE-exception
I've never heard of GPLv2.1, but if you mean LGPLv2.1, the KDE project has a similar license for that too.

Basically this license says:

"KDE e.V. currently only approves GPLv2 or GPLv3, but if the members of KDE e.V. approve a newer version, then that license is OK for this code too"

armijn

--
------------------------------------------------------------------------
armijn@... || http://www.gpl-violations.org/
------------------------------------------------------------------------

1201 - 1220 of 1604