Hi,
Updated version of the specification, incorporating the feedback received
is now posted on the SPDX site an http://www.spdx.org/spec/current.

Would very much appreciate those who have been making suggestions/bug
fixes/etc. over the last month could take a pass through it, and make sure I've
incorporated your feedback.

There's still a bit of format polishing and wordsmithing left to do, and
some diagrams/license lists to update, so its still a work in progress.


Thanks!

Kate

We will attend OWF 2011 too.
Guillaume

--
Guillaume ROUSSEAU
CEO, Co-Founder, Antelink
Président, Cofondateur, Antelink

18, rue Yves Toudic, 75010, Paris 10ème, France
http://www.antelink.com/
+33 1 42 39 30 78

That would be great since I won't be there this year.

Kim


On Mon 7/18/11 10:17 AM, "Michael J Herzog" <mjherzog@...> wrote:

Martin,

Philippe is planning to go to OWF so he can give the SPDX talk this time.

Regards, Michael

Michael J. Herzog
+1 650 380 0680 | mjherzog_at_nexB.com
nexB [Open by Design] http://www.nexb.com

CONFIDENTIALITY NOTICE: This e-mail (including attachments) may contain
information that is proprietary or confidential. If you are not the intended
recipient or a person responsible for its delivery to the intended recipient,
do not copy or distribute it. Please permanently delete the e-mail and any
attachments, and notify us immediately at (650) 380-0680.


On 7/18/2011 6:49 AM, Martin Michlmayr wrote:

I'm organizing a legal/licensing track at Open World Forum (September
22-24, Paris). It would be great to have a talk about SPDX. Kim,
are you planning to attend OWF again and interested in giving an
update on SPDX? If not, anyone else interested?

CFP: Legal and Licensing Aspects of Open Source at OWF 2011

Licensing is an important component of every free software and open
source project. This is especially true as an increasing number of
corporations are adopting and distributing open source applications and
code. This track considers various legal and licensing aspects of open
source, both from a community and a corporate perspective.

This track is a great opportunity for you to discuss legal and licensing
aspects of open source with lawyers, decision makers, open source
developers and other people who are interested in legal aspects of open
source.

Here is a non-exhaustive list of topics we would like to cover:

- Contributor agreements and copyright assignment (e.g. Harmony)
- Standards for exchanging license data (e.g. SPDX)
- Open source licensing in the cloud (e.g. AGPL; open source in Javascript)
- Open source compliance (tools, processes, etc)
- Open source and patents
- Incorporating projects as non-profit organizations

Please send a title and an abstract (5-15 lines) of your talk, with a short
(5-10 lines) bio and the expected length of your talk (50 minutes for
longer talks, 25 minutes for short talks) to Martin Michlmayr at tbm@...

Final date for submission: August 7, 2011

_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic

Martin,

Philippe is planning to go to OWF so he can give the SPDX talk this time.

Regards, Michael

Michael J. Herzog
+1 650 380 0680 | mjherzog_at_nexB.com
nexB [Open by Design] http://www.nexb.com

CONFIDENTIALITY NOTICE: This e-mail (including attachments) may contain information that is proprietary or confidential. If you are not the intended recipient or a person responsible for its delivery to the intended recipient, do not copy or distribute it. Please permanently delete the e-mail and any attachments, and notify us immediately at (650) 380-0680.

I'm organizing a legal/licensing track at Open World Forum (September
22-24, Paris). It would be great to have a talk about SPDX. Kim,
are you planning to attend OWF again and interested in giving an
update on SPDX? If not, anyone else interested?

CFP: Legal and Licensing Aspects of Open Source at OWF 2011

Licensing is an important component of every free software and open
source project. This is especially true as an increasing number of
corporations are adopting and distributing open source applications and
code. This track considers various legal and licensing aspects of open
source, both from a community and a corporate perspective.

This track is a great opportunity for you to discuss legal and licensing
aspects of open source with lawyers, decision makers, open source
developers and other people who are interested in legal aspects of open
source.

Here is a non-exhaustive list of topics we would like to cover:

- Contributor agreements and copyright assignment (e.g. Harmony)
- Standards for exchanging license data (e.g. SPDX)
- Open source licensing in the cloud (e.g. AGPL; open source in Javascript)
- Open source compliance (tools, processes, etc)
- Open source and patents
- Incorporating projects as non-profit organizations

Please send a title and an abstract (5-15 lines) of your talk, with a short
(5-10 lines) bio and the expected length of your talk (50 minutes for
longer talks, 25 minutes for short talks) to Martin Michlmayr at tbm@...

Final date for submission: August 7, 2011

--
Martin Michlmayr
Open Source Program Office, Hewlett-Packard

On Fri, Jul 15, 2011 at 6:18 AM, Mario Tokarz <mario@...> wrote:

Hi all,

On Sun, Jul 10, 2011 at 11:34:10PM +0200 , Mario Tokarz wrote:

Hi all,

I have two questions regarding the latest spec from your home
page. Thanks in advance for the time and consideration.

1.) Page 10 states that "A package can contain subpackages". How would
those be added to the description, they do not seem to be part of the
data model as shown on pg 35.

I think that this would relate to Bug 818 - is this correct? If so,
the feature would not be part of release 1.0?

Your are correct. That feature is not planned for this release.

I would need to reread the spec, but if so the formulation could maybe
be improved there.

I think that would be an excellent approach handling this. Any
suggestions for a new formulation would be greatly appreciated.

Peter
openlogic.com

Hi all,

On Sun, Jul 10, 2011 at 11:34:10PM +0200 , Mario Tokarz wrote:

Hi all,

I have two questions regarding the latest spec from your home
page. Thanks in advance for the time and consideration.

1.) Page 10 states that "A package can contain subpackages". How would
those be added to the description, they do not seem to be part of the
data model as shown on pg 35.

I think that this would relate to Bug 818 - is this correct? If so,
the feature would not be part of release 1.0?

I would need to reread the spec, but if so the formulation could maybe
be improved there.

Supporting subpackages with a full set of metadata seems to be a good
approach to support descriptions of a full system image.

Thx,
Mario



--
BMW Car IT GmbH
http://www.bmw-carit.de

hi all,

I have encountered the Microsoft Windows Rally Development Kit License Agreement quite a few times in GPL tarballs.

Strictly speaking this is not an open source license at all, but source code that is using the license has ended up in many devices and the packages have often been labelled as 'GPL'.

An example of it can be found here:

http://svn.dd-wrt.com:8000/browser//src/router/lltd/osl-linux.c?rev=16674

armijn

--
------------------------------------------------------------------------
armijn@... || http://www.gpl-violations.org/
------------------------------------------------------------------------

All:

The meeting with the "un-named concerned parties" regarding the "Author" and "Reviewer" fields (in the SPDX Specification) has not occurred yet (due to logistics). Since today's meeting was to discuss feedback from the above-mentioned meeting with the "un-named concerned parties", I am cancelling today's call to respect everyone' time.

We will reconvene in 2 weeks, at the normal time and slot.

Many thanks,

Rockett

On Tue, Jul 12, 2011 at 6:43 AM, Kate Stewart
<kate.stewart@...> wrote:

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

instead of:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

One more:


Neither the names of the copyright holders nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.

vs

Neither the name of the <ORGANIZATION> nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.




--
--dmg

---
Daniel M. German
http://turingmachine.org

On Tue, Jul 12, 2011 at 6:43 AM, Kate Stewart
<kate.stewart@...> wrote:

Hi Daniel,
  Lets move this thread to the SPDX legal subgroup discussion list.
Since I think we'll need them to comment on the issues.   To my eyes,
yes those sentence fragments look basically equivalent,  and we need
to figure out a way to abstract these options, but I'm not a lawyer.  :)

 Thanks, Kate

I am not in that mailing list.

It would be of great help if somebody help me with the analysis of the
non-matching license files,
while I concentrate on adding SPDX licenses to ninka.

--dmg

On Tue, 2011-07-12 at 03:40 -0700, D M German wrote:

Hi Everybody,

I started implementing SPDX licenses in Ninka. I started with the BSDs
(4, 3 and 2).

My goal is to try to 'SPDX' the kernel before LinuxCon. Of the files
that Ninka is properly identifying their license, there are many with
other variants of the BSD:


----------------------------------------------------------------------
     71 BSD3
     37 spdxBSD2
     13 spdxBSD3
      8 GPLv2,BSD3
      8 GPLv2+,spdxBSD2
      5 BSD2EndorseInsteadOfBinary
      3 GPLv2,BSD3NoWarranty
      2 spdxBSD4
      2 SeeFile,BSD3
      2 BSDOnlyEndorseNoWarranty
      1 GPLv2+,spdxBSD3
      1 GPLv2+,BSD3
      1 GPLv2+,BSD2var2
----------------------------------------------------------------------

Here is an example of the BSD3 (non-spdx):

./drivers/net/wimax/i2400m/usb-tx.c

The sentence that does not match the SPDX version is:

Neither the name of Intel Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

instead of:

Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

Possibly just remove "the" from matching text?

Neither the name of <ORGANIZATION> nor...  is what the text could read,
not sure "the" is adding to the semantics.

Here is another example  of the BSD3 (non-spdx):

./fs/nfsd/nfs4recover.c

This is the sentence that does not match:

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

instead of:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

Good question.   ???

Kate

--
--dmg

---
Daniel M. German
http://turingmachine.org

Daniel

These seem like examples of the things we may want to "templatize" in the
standard licenses. Those efforts have been delayed behind other items. The
legal team can speak to these specific issues of whether we would consider
them equivalent.

Kim



On Tue 7/12/11 4:40 AM, "D M German" <dmg@...> wrote:

Hi Everybody,

I started implementing SPDX licenses in Ninka. I started with the BSDs
(4, 3 and 2).

My goal is to try to 'SPDX' the kernel before LinuxCon. Of the files
that Ninka is properly identifying their license, there are many with
other variants of the BSD:


----------------------------------------------------------------------
71 BSD3
37 spdxBSD2
13 spdxBSD3
8 GPLv2,BSD3
8 GPLv2+,spdxBSD2
5 BSD2EndorseInsteadOfBinary
3 GPLv2,BSD3NoWarranty
2 spdxBSD4
2 SeeFile,BSD3
2 BSDOnlyEndorseNoWarranty
1 GPLv2+,spdxBSD3
1 GPLv2+,BSD3
1 GPLv2+,BSD2var2
----------------------------------------------------------------------

Here is an example of the BSD3 (non-spdx):

./drivers/net/wimax/i2400m/usb-tx.c

The sentence that does not match the SPDX version is:

Neither the name of Intel Corporation nor the names of its contributors may be
used to endorse or promote products derived from this software without
specific prior written permission.

instead of:

Neither the name of the <ORGANIZATION> nor the names of its contributors may
be used to endorse or promote products derived from this software without
specific prior written permission.


Here is another example of the BSD3 (non-spdx):

./fs/nfsd/nfs4recover.c

This is the sentence that does not match:

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

instead of:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.



--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @openlogic

Hi Daniel,
Lets move this thread to the SPDX legal subgroup discussion list.
Since I think we'll need them to comment on the issues. To my eyes,
yes those sentence fragments look basically equivalent, and we need
to figure out a way to abstract these options, but I'm not a lawyer. :)

Thanks, Kate

On Tue, 2011-07-12 at 03:40 -0700, D M German wrote:

Hi Everybody,

I started implementing SPDX licenses in Ninka. I started with the BSDs
(4, 3 and 2).

My goal is to try to 'SPDX' the kernel before LinuxCon. Of the files
that Ninka is properly identifying their license, there are many with
other variants of the BSD:


----------------------------------------------------------------------
71 BSD3
37 spdxBSD2
13 spdxBSD3
8 GPLv2,BSD3
8 GPLv2+,spdxBSD2
5 BSD2EndorseInsteadOfBinary
3 GPLv2,BSD3NoWarranty
2 spdxBSD4
2 SeeFile,BSD3
2 BSDOnlyEndorseNoWarranty
1 GPLv2+,spdxBSD3
1 GPLv2+,BSD3
1 GPLv2+,BSD2var2
----------------------------------------------------------------------

Here is an example of the BSD3 (non-spdx):

./drivers/net/wimax/i2400m/usb-tx.c

The sentence that does not match the SPDX version is:

Neither the name of Intel Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

instead of:

Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

Possibly just remove "the" from matching text?

Neither the name of <ORGANIZATION> nor... is what the text could read,
not sure "the" is adding to the semantics.

Here is another example of the BSD3 (non-spdx):

./fs/nfsd/nfs4recover.c

This is the sentence that does not match:

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

instead of:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

Good question. ???

Kate

Hi Everybody,

I started implementing SPDX licenses in Ninka. I started with the BSDs
(4, 3 and 2).

My goal is to try to 'SPDX' the kernel before LinuxCon. Of the files
that Ninka is properly identifying their license, there are many with
other variants of the BSD:


----------------------------------------------------------------------
71 BSD3
37 spdxBSD2
13 spdxBSD3
8 GPLv2,BSD3
8 GPLv2+,spdxBSD2
5 BSD2EndorseInsteadOfBinary
3 GPLv2,BSD3NoWarranty
2 spdxBSD4
2 SeeFile,BSD3
2 BSDOnlyEndorseNoWarranty
1 GPLv2+,spdxBSD3
1 GPLv2+,BSD3
1 GPLv2+,BSD2var2
----------------------------------------------------------------------

Here is an example of the BSD3 (non-spdx):

./drivers/net/wimax/i2400m/usb-tx.c

The sentence that does not match the SPDX version is:

Neither the name of Intel Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

instead of:

Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.


Here is another example of the BSD3 (non-spdx):

./fs/nfsd/nfs4recover.c

This is the sentence that does not match:

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

instead of:

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.



--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .

I would say, yes.

Jilayne

I have a question regarding when text matches a license. I am curious
how should I interpret optional quotes around some text.

In particular, the BSD-4 includes this text:

This product includes software developed by the <organization>.

Would this text be equivalent:

``This product includes software developed by the <organization>.''

or

"This product includes software developed by the <organization>."



--
--
Daniel M. German
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .

Hi all,

I have two questions regarding the latest spec from your home
page. Thanks in advance for the time and consideration.

1.) Page 10 states that "A package can contain subpackages". How would
those be added to the description, they do not seem to be part of the
data model as shown on pg 35.

Supporting subpackages with a full set of metadata seems to be a good
approach to support descriptions of a full system image.

2.) Page 11/12: While package verification code is optional (most
likely to be used when SPDX is not part of the src-archive), the
verification code is mandatory.

While discussing this with a colleague we could not quite figure out
why this is the case or whether this should be better one or the other
(i.e. it is mandatory to have one of the two within one description).


I would be glad to get some thoughts on this.

Thx,
Mario

--
Mario Tokarz
BMW Car IT GmbH

Hi all,

The website refresh team has put together a proposed information map for the SPDX web site refresh initiative. The map can be found here:

http://spdx.org/wiki/spdx-web-site-mind-maps

We’ll be reviewing this map today as part of the Business Team meeting from 12-12:30 pm ET.

Meeting info:
US  866-740-1260
Int'l  http://www.readytalk.com/support/international-numbers.php

ID 2404502

Web Meeting
Www.readytalk.com
ID 2404502

Thanks!

Kirsten
--  
Kirsten Newcomer
Senior Product Manager
Black Duck Software, Inc.

knewcomer@...
Office: +1.781.810.1839   Mobile: +1.781-710-2184