|
Re: Licensing Workshop at LinuxTag 2011 (XML errors)
Esteban Rockett <mgia3940@...>
Jilayne - lets discuss at your convinence. (today if possible)
toggle quoted message
Show quoted text
Rockett On Tue, May 31, 2011 at 7:12 AM, Martin Michlmayr <tbm@...> wrote: * Joerg Schilling <Joerg.Schilling@...> [2011-05-26 10:25]: -- Motorola Inc. E.A. Rockett Senior Counsel Software, Applications & Digital Content Licensing (408)541-6703 (O) (408)541-6900 (F) (415)508-7625 (M) rockett@... |
|
|
|
Re: Licensing Workshop at LinuxTag 2011 (XML errors)
Martin Michlmayr
* Joerg Schilling <Joerg.Schilling@...> [2011-05-26 10:25]:
BTW: Could you add a OSI tag to http://spdx.org/licenses/CPL-1.0? This license is superceeded but it is used for the korn shell and other AT&TJilayne, are you the right person to take care of this? For the overview table http://spdx.org/licenses/ it would also beGary, is this something you can add to your tool? -- Martin Michlmayr Open Source Program Office, Hewlett-Packard |
|
|
|
OSI adopts SPDX short names
Philip Odence
See my blog post on the subject: |
|
|
|
Re: Licensing Workshop at LinuxTag 2011 (XML errors)
Joerg Schilling <Joerg.Schilling@...>
Martin Michlmayr <tbm@...> wrote:
I've put the update in place now. However, the issues pointed out byThank you! BTW: Could you add a OSI tag to http://spdx.org/licenses/CPL-1.0? This license is superceeded but it is used for the korn shell and other AT&T software and for this reason, it is important to see that it is OSI approved. For the overview table http://spdx.org/licenses/ it would also be nice to have a one character marker column that flags wether a license is OSI approved or not. Jörg -- EMail:joerg@... (home) Jörg Schilling D-13353 Berlin js@... (uni) joerg.schilling@... (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily |
|
|
|
Re: Licensing Workshop at LinuxTag 2011 (XML errors)
Martin Michlmayr
* Gary O'Neall <gary@...> [2011-05-25 18:05]:
Thanks for pointing out the errors. I believe this is a known encodingI've put the update in place now. However, the issues pointed out by Juergen and Joerg are different to the known issue. I've fixed the issues up manually now and verified that all licenses parse properly. I'll work with Gary offline to make sure his tools get updated. -- Martin Michlmayr Open Source Program Office, Hewlett-Packard |
|
|
|
Re: Licensing Workshop at LinuxTag 2011
Stefano Zacchiroli <leader@...>
[ adding Debian relevant people for DEP5 & preserving all extra needed
Cc:-s mentioned in the thread thus far (I hope :)) ] On Wed, May 25, 2011 at 01:35:01PM +0200, Ciaran Farrell wrote: We saw that there is a variety of ways in which distributions describe theAgreed, of course. Currently, one example of an online collaborative effort (under the auspicesA small clarification is needed here. Actually DEP5 predates SPDX (although it took quite a while to complete...). A handy link to DEP5 is <http://dep.debian.net/deps/dep5/>. In the current state, DEP5 has not explicitly adopted SPDX, although we have tried to stay as close as possible to it. There are still some difference though, which you can find listed at <http://wiki.debian.org/Proposals/CopyrightFormat#Differences_between_DEP5_and_SPDX> together with some of the actions we've taken wrt those differences. I've not been personally involved in the standardization of DEP5 in Debian, but Lars Wirzenius and Steve Langasek have been and I'm adding them in the loop. I'm sure they can provide way more precise information about all this than me. Cheers. -- Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7 zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/ Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere ti resta John Fante -- V. Capossela .......| ..: |.......... -- C. Adams |
|
|
|
Re: Licensing Workshop at LinuxTag 2011 (XML errors)
Soeren_Rabenstein@...
http://spdx.org/licenses/ISC andI am not sure who manages this page, but someerror.others cannot be displayed on my firefox as they give a xml parsing Confirming this problem for Firefox 4.0.1 (Win32) Cheers Soeren ===================================================================================================================================== This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views or opinions expressed are solely those of the author and do not represent those of ASUSTeK. Thank you for your cooperation. ===================================================================================================================================== |
|
|
|
Re: license name question
Philip Odence
First, let me be a pain in the neck and suggest we should move this
toggle quoted message
Show quoted text
discussion to the spdx-legal list. We've committed to limiting this general list to more summary information and less real work. My opinion on the discussion below is that this is a license that it not on the list, so needs to be treated as a custom license. It would be a candidate for the list and could be nominated once the Biz team defines a mechanism for new license inclusion. On 5/25/11 2:47 PM, "Bob Gobeille" <bob.gobeille@...> wrote:
I brought this up because it is a new signature in FOSSology and I'd like |
|
|
|
Re: license name question
Bob Gobeille
I brought this up because it is a new signature in FOSSology and I'd like the name to be as close to the SPDX guidelines as possible. I really like Daniel's method of identifying disjunctive licenses, but I don't see that syntax in the SPDX guideline.
toggle quoted message
Show quoted text
Would "GPL-2+-KDEupgradeClause" convey appropriate meaning? Or maybe I should use Daniel's name until this is formalized or added to the license list? Bob On May 25, 2011, at 10:40 AM, Jilayne Lovejoy wrote:
Daniel, et al. |
|
|
|
Re: Licensing Workshop at LinuxTag 2011 (XML errors)
Gary O'Neall
Hi Juergen,
toggle quoted message
Show quoted text
Thanks for pointing out the errors. I believe this is a known encoding error which should be fixed when we next update the licenses. This will be fixed on the next update. We don't have a specific date for the next update but it should be less than a week from now. Gary -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Juergen Weigert Sent: Wednesday, May 25, 2011 7:53 AM To: Joerg Schilling Cc: hoefel@...; cdenicolo@...; sebastian@...; fatih@...; vuntz@...; jsstewart@...; n-roeser@...; misc@...; zack@...; amanda.brock@...; spdx@...; jmbsvicetto@... Subject: Re: Licensing Workshop at LinuxTag 2011 (XML errors) On May 25, 11 15:26:01 +0200, Joerg Schilling wrote: I am not sure who manages this page, but http://spdx.org/licenses/ISC andsome others cannot be displayed on my firefox as they give a xml parsing error.Firefox diagnostics are misleading here. We have https://bugzilla.mozilla.org/show_bug.cgi?id=655661 for this. The SPDX pages are served with mime-type application/xml, but entities are used that are illegal in XML. We should either promote to application/html or get all entities fixed. Do we have anybody at SPDX, who would want to look into this? thanks, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@... back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Jeff Hawn, J.Guild, F.Immendoerffer, HRB 16746 (AG Nuernberg), Maxfeldstrasse 5, 90409 Nuernberg, Germany SuSE. Supporting Linux since 1992. _______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx |
|
|
|
Re: Licensing Workshop at LinuxTag 2011
Bruno Cornec <Bruno.Cornec@...>
Hello,
Ciaran Farrell said on Wed, May 25, 2011 at 01:35:01PM +0200: Currently, one example of an online collaborative effort (under the auspicesJust for completion (and maybe discussion with them), I attended a session at the latest Solutions Linux in Paris, where a project called Open Source Cartouche was described, which is near from SPDX. Cf: http://www.opensourcecartouche.org/ (Shameless plug for the source: http://brunocornec.wordpress.com/2011/05/12/second-day-at-solutions-linux-2011/) "Open Source Cartouche by Philippe-Arnaud Haranger (Atos Origin – Team Pascal Pujo) Study made around an Aerospatial customer. 9 years of devs, and strong willingness to use FLOSS components. Study showed incompatible licenses. Copy/Paste of code in 2000+ bricks. Quote: “My God ! What have been done ?” Licensing wasn’t a priority (they already didn’t document) Code contamination is made on purpose, because they need it, and is due to local teams, outsourcing, and external application maintenance. Consequences: licenses not respected, proprietary code tainted (PI loss) Open Source was favoured, but in reality they created risks. Solutons: Strong governance (creates too many constraints in general) or Tooling (cost, but efficient) or Manual Audit (cost, complex, impact) or take risk (costs and impact) or open source the SW (anyway conformity required, but impact as irreversible). The earlier it’s done the less it costs. Solution is Open Source Cartouche (what is around the Pharaon) – derived from QSOS. Identify licenses and the recursivity of components integrated It’s a structural approach beforehands, instead of scan afterwards (even if this is also required) Put more trust in the FLOSS, Avoid contamination and protect community works. Presenter asked the possibility of using this formalism in FOSSology ? Some Remarks on my side: I asked the question: What is the position vs SPDX ? I think they are probably in competition, and that they forget to consider it before launching something on their side. What is important is to have a standard adopted. The answer was that there is a fear of Blackduck that may create problems for communities. Their standard proposal is simpler than SPDX so more pragmatic, and thus propably easier to adopt by FLOSS projects. And the team is open to make required adaptations. However, it won’t work as a franco-french stuff !! I think we need an SPDX lite if we aim at being adopted by FLOSS projects, as the current status of the project is just only understandable by lawyers. I’ll try to generate some discussions around that on the SPDX ML. Thinking about all this I think it would be valuable as well to lauch a new initiative to create the CERT/CVE base of licenses violations, working on the same model (disclosure after problem is solved)." HTH, Bruno. -- Open Source & Linux Profession Lead EMEA / http://opensource.hp.com HP/Intel/Red Hat Open Source Solutions Initiative / http://www.hpintelco.net http://www.HyPer-Linux.org http://mondorescue.org http://project-builder.org La musique ancienne? http://www.musique-ancienne.org http://www.medieval.org |
|
|
|
Re: license name question
Jilayne Lovejoy <jilayne.lovejoy@...>
Daniel, et al.
By "KDEupgradeClause" you are referring to the previous posts re: KDE reserving the right to decide on post-v3 versions of GPL as well, is that right? I suppose from the standpoint of our current SPDX license list short and the spec guidelines, Daniel has a good point and my previous suggestion that it would be "GPLv2+" (I know, that is not the exact correct short identifier, but for expediency purposes...) is not exactly right, but more accuratly, it would be: a disjunctive set of GPLv2 or GPLv3 Jilayne On 5/25/11 10:35 AM, "Daniel M. German" <dmg@...> wrote: Hi Bob, Scott, Jilayne, Armijn,Jilayne Lovejoy | Corporate Counsel jlovejoy@... 720 240 4545 | phone 720 240 4556 | fax 1 888 OpenLogic | toll free www.openlogic.com OpenLogic, Inc. 10910 W 120th Ave, Suite 450 Broomfield, Colorado 80021 |
|
|
|
Re: license name question
dmg
Hi Bob, Scott, Jilayne, Armijn,
On Wed, May 25, 2011 at 8:51 AM, Lamons, Scott (Open Source Program Office) <scott.lamons@...> wrote: This is the way I read it as well. However I don't know why they wouldn't just license it under GPLv2 or GPLv3 and eliminate the "or (at your option) any later version..." which seems completely unnecessary and forces you into effectively dealing with a non-standard license in SPDX.We (as in Ninka) decided to consider this a (GPLv2 | GPLv3-KDEupgradeClause). It can also be considered: (GPLv2 | GPLv3 | GPLv3-KDEupgradeClause) from a practical point of view that would simplify analysis. It is not a GPLv2+ or (GPLv2| GPLv3+) since the upgrade path is different (in the former one the KDE foundation decides the upgrade path, in the latter the FSF). --dmg My 2 cents. -- --dmg --- Daniel M. German http://turingmachine.org |
|
|
|
Re: license name question
Armijn Hemel <armijn@...>
On 05/25/2011 05:51 PM, Lamons, Scott (Open Source Program Office) wrote:
This is the way I read it as well. However I don't know why they wouldn't just license it under GPLv2 or GPLv3 and eliminate the "or (at your option) any later version..." which seems completely unnecessary and forces you into effectively dealing with a non-standard license in SPDX.Because KDE e.V. is a German non-profit and its members like to have endless meetings ;-) Kidding aside, this license change came a few years ago because they went through a lot of pain when they wanted to relicense some code. The KDE project spent 1.5 years trying to track down five copyright holders for this license change. They did not respond for a variety of reasons ('dropped off the planet', 'dead', etc.) and KDE did not want to ever go through a similar painful process in the future, so this was part of their solution. (more details available from Adriaan de Groot from KDE) armijn -- ------------------------------------------------------------------------ armijn@... || http://www.gpl-violations.org/ ------------------------------------------------------------------------ |
|
|
|
Re: license name question
Lamons, Scott (Open Source Program Office) <scott.lamons@...>
This is the way I read it as well. However I don't know why they wouldn't just license it under GPLv2 or GPLv3 and eliminate the "or (at your option) any later version..." which seems completely unnecessary and forces you into effectively dealing with a non-standard license in SPDX.
toggle quoted message
Show quoted text
My 2 cents. -Scott -----Original Message----- |
|
|
|
Re: license name question
Bob Gobeille
doh!
toggle quoted message
Show quoted text
Thank you and Armijn for straightening me out. So would a reasonable license name be "GPL-2+-KDE" ? Bob Gobeille On May 25, 2011, at 9:43 AM, Jilayne Lovejoy wrote:
This would be GPL-2+ - as it's really just describing GPL v2 or later. |
|
|
|
Re: license name question
Jilayne Lovejoy <jilayne.lovejoy@...>
This would be GPL-2+ - as it's really just describing GPL v2 or later.
THere is no GPL v2.1 (that would be LGPL v2.1, I know, confusing!) As for the KDE exception - the notice reads to me that KDE is reserving the right to approve future versions of the GPL for use as the license for this code, which seems different to me than an exception. I understand it to be saying - 'if there's a GPL v4, we want the chance to check that out and accept or not accecpt it instead of preemptively saying we'll accept a license before it has even been written.' Makes sense and seems reasonable, actually. I guess I would think of this as different than an exception, since usually an exception usually adds or modifies the terms of the original license, which I suppose this does in a way, but in a different way than we usually think of? Jilayne On 5/25/11 9:34 AM, "Bob Gobeille" <bob.gobeille@...> wrote: I just ran into the following license. It is GPL v2 or GPL v3+ KDEJilayne Lovejoy | Corporate Counsel jlovejoy@... 720 240 4545 | phone 720 240 4556 | fax 1 888 OpenLogic | toll free www.openlogic.com OpenLogic, Inc. 10910 W 120th Ave, Suite 450 Broomfield, Colorado 80021 |
|
|
|
Re: license name question
Armijn Hemel <armijn@...>
On 05/25/2011 05:34 PM, Bob Gobeille wrote:
I just ran into the following license. It is GPL v2 or GPL v3+ KDE exception. Note the absence of GPLv2.1. If 2.1 was included, the name would be GPL-2+-with-KDE-exception, but since it isn't, what is the protocol?I've never heard of GPLv2.1, but if you mean LGPLv2.1, the KDE project has a similar license for that too. Basically this license says: "KDE e.V. currently only approves GPLv2 or GPLv3, but if the members of KDE e.V. approve a newer version, then that license is OK for this code too" armijn -- ------------------------------------------------------------------------ armijn@... || http://www.gpl-violations.org/ ------------------------------------------------------------------------ |
|
|
|
license name question
Bob Gobeille
I just ran into the following license. It is GPL v2 or GPL v3+ KDE exception. Note the absence of GPLv2.1. If 2.1 was included, the name would be GPL-2+-with-KDE-exception, but since it isn't, what is the protocol?
GPL-2or3-with-KDE-exception ??? Here is the code license notice: /**************************************************************************************** * Copyright (c) 2007 Ian Monroe <ian@...> * * (c) 2010 Jeff Mitchell <mitchell@...> * * * * This program is free software; you can redistribute it and/or modify it under * * the terms of the GNU General Public License as published by the Free Software * * Foundation; either version 2 of the License, or (at your option) version 3 or * * any later version accepted by the membership of KDE e.V. (or its successor approved * * by the membership of KDE e.V.), which shall act as a proxy defined in Section 14 of * * version 3 of the license. * * * * This program is distributed in the hope that it will be useful, but WITHOUT ANY * * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A * * PARTICULAR PURPOSE. See the GNU General Public License for more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see <http://www.gnu.org/licenses/>. * ****************************************************************************************/ Thanks, Bob Gobeille Hewlett Packard Open Source Program Office (http://fossology.org) |
|
|
|
Re: Licensing Workshop at LinuxTag 2011 (XML errors)
Juergen Weigert <jw@...>
On May 25, 11 15:26:01 +0200, Joerg Schilling wrote:
I am not sure who manages this page, but http://spdx.org/licenses/ISC and someFirefox diagnostics are misleading here. We have https://bugzilla.mozilla.org/show_bug.cgi?id=655661 for this. The SPDX pages are served with mime-type application/xml, but entities are used that are illegal in XML. We should either promote to application/html or get all entities fixed. Do we have anybody at SPDX, who would want to look into this? thanks, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@... back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Jeff Hawn, J.Guild, F.Immendoerffer, HRB 16746 (AG Nuernberg), Maxfeldstrasse 5, 90409 Nuernberg, Germany SuSE. Supporting Linux since 1992. |
|
|