|
Re: Seen in file license recognition
No, I don’t think we should limit the values in “seen in file licenses” to just those which “exact” match the standard header set.
Because I don’t think it is reasonable to expect that SPDX will maintain a comprehensive set of all the variants of headers/texts encountered in files which refer to a specific license in the SPDX license list. Different producers will ‘see’ header variants in files that the SPDX community hasn’t yet ‘seen’ before (e.g. differing from standard headers by insignificant punctuation, spelling), but which are clearly referencing a specific license known to SPDX. SPDX producers should still get to record these observations as ‘seen in file licenses’, shouldn’t they?
Different producers of spdx will inevitably disagree on the values in the list, depending on the thoroughness of their analyses.
The CreatedBy and ReviewedBy fields in SPDX documents will let consumers of SPDX documents know who produced them.
The consumers can consider this information when assessing their risk.
Bill Schineller
Black Duck
On 1/14/11 11:00 AM, "Peter Williams" <peter.williams@...> wrote:
It was clear from the call this morning that when and spdx producer
sees a standard header in a file that license ends up in the "seen in
file licenses" list. However, for all other licenses/license headers
do we expect those to be listed? Do we want to limit the values in
"seen in file licenses" to just those that match the standard header
set? If we don't then different producers of spdx will not agree on
the values in that list.
Peter
openlogic.com
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
Bill Schineller
Knowledge Base Manager
Black Duck Software Inc.
T: +1.781.810.1829
F: +1.781.891.5145
E: bschineller@...
http://www.blackducksoftware.com
|
|
|
Re: Licence abbreviations?
Jilayne Lovejoy <Jlovejoy@...>
I am taking what you refer to as 'how it is used' to be the equivalent
of the header information that is included in the file. When making
the License List, that column was defined to only being propagated if
the license had a specific header text suggested. Obviously, a small
number of licenses actually include this in the license. If the license
did not make this suggestion, then that column is blank in the list.
If we don't constrain this in some way, then the possibilities would be
endless. Even with the shorter licenses, like MIT, while often the
whole license is included in the file, sometimes I have seen a simple
statement saying something like "this is under the MIT license"
I'm not sure if that is helpful, but hopefully that explains what that
column means in the License List (the Word document with the list
"protocols" should explain this and the same for each column)
toggle quoted message
Show quoted text
-----Original Message----- From: dmgerman@... [mailto:dmgerman@...] On Behalf Of dmg Sent: Thursday, January 13, 2011 7:36 PM To: Jilayne Lovejoy Cc: spdx@... Subject: Re: Licence abbreviations? On Fri, Jan 14, 2011 at 11:31 AM, Jilayne Lovejoy <Jlovejoy@...> wrote: What kind of example did you have in mind? Do you mean an example of a particular software package that uses a particular license? A file that contains it. For example, this is the usage of the GPL-2.0+ (excerpted from a Bison file): usage is very different from the text of the license itself. --dmg ------------------------------------------------------------------------ --------------------- /* A Bison parser, made by GNU Bison 1.875. */ /* Skeleton parser for Yacc-like parsing with Bison, Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -- --dmg --- Daniel M. German http://turingmachine.org
|
|
|
Re: Purpose of licensing info
Jilayne Lovejoy <Jlovejoy@...>
It seems like there are three possible scenarios for this field:
"I looked and found ____" = field propagated
"I looked and didn't find anything" = NotSpecified
"I didn't even look" = ? field left blank ?
I think the purpose should include the third scenario as well. "None" is confusing, as it is too similar to "NotSpecified" (not sure if that was the suggestion in any case)
5.3b.1 Purpose: This field contains license information explicitly found in the file. If no license information is found it should be denoted as "NotSpecified". If the file was not investigated, then this field should be left blank. This information could be represented using standard short form names. See Appendix I for standardized license short forms. If the detected license information is not one of the standardized license short forms, this field must contain a reference to the full text of the information found in the file included in this SPDX file in section 4. If more than one piece of license information is detected in the file, then each should be listed.
toggle quoted message
Show quoted text
-----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Peterson, Scott K (HP Legal) Sent: Friday, January 14, 2011 8:41 AM To: Peter Williams Cc: spdx@... Subject: RE: Purpose of licensing info None would imply that one looked and none was found. Absence of the field would not imply whether there was or was not any license information in the file. For example, if someone wanted to use the SPDX format to represent the information for their project, they might manually create the data. They won't necessarily want to take the trouble to indicate whether there was information in each file or not. The asserted license field would be enough for their purpose. Others might prefer that they added information about what was explicitly in the file. Whether the developer wanted to do that extra work ought to be up to them. -- Scott -----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Peter Williams Sent: Friday, January 14, 2011 10:36 AM To: spdx@... Subject: Re: Purpose of licensing info Given that the field is optional do we need a "none" value? Wouldn't the absence of this field mean "none". On Fri, Jan 14, 2011 at 8:15 AM, Peterson, Scott K (HP Legal) <scott.k.peterson@...> wrote: I have a revision to my proposal below. The file format should permit uses where no assertion about what licensing information is or is not explicitly present in the file. In those cases the field could be omitted. If one want to represent the fact the file was scanned for license information and none was found, the file could have a value of "NoneSpecified".
Thus the change to what I proposed below:
5.3b.3 Cardinality: Optional, zero or many.
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Peterson, Scott K (HP Legal)
Sent: Friday, January 14, 2011 9:46 AM
To: spdx@...
Subject: RE: Purpose of licensing info
With the intent that I heard on the phone this morning, calling the second license field "Detected License" or "Declared License" will confuse people as to the intended meaning of the information in this field. This field is representing information that may be useful in determining the applicable license terms. The field itself is not necessarily representing a license.
Thus I propose modifying 5.3b as follows:
5.3b Detected License Information
5.3b.1 Purpose: This field contains license information explicitly found in the file. If no license information is found it should be denoted as "NotSpecified". This information could be represented using standard short form names. See Appendix I for standardized license short forms. If the detected license information is not one of the standardized license short forms, this field must contain a reference to the full text of the information found in the file included in this SPDX file in section 4. If more than one piece of license information is detected in the file, then each should be listed.
5.ba.2 Intent: Here, the intent is to record the information that is explicitly present in the file that might be relevant to determination of the terms under which the file is licensed.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseInfo:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Examples:
LicenseInfo: GPL-2.0
LicenseInfo: FullLicense-456
LicenseInfo: FullLicense-457
Where FullLicense-456 is "This file is licensed under the same terms as Perl."
where FullLicense-457 is "For license terms, see the file LICENSE."
-- Scott
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@...
Sent: Thursday, January 13, 2011 2:47 PM
To: spdx@...
Subject: Re: Purpose of licensing info
Based on discussions on the SPDX call today, I think we are closing in on the following proposal for the file level to address the concerns raised by Open Logic.
There will be a special call tomorrow at 9am EST to get resolution on this issue. Please let Esteban Rockett or myself know, off-list, if you are interested in participating and were not in the legal call yesterday or the coordination call today.
Proposal: section 5.3 (License(s)) of the spec will become 3 fields:
5.3a Asserted License
5.3a.1 Purpose: This field contains the license governing the file if it can be determined. If no license information can be determined, the license is denoted as "Unknown". The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a "disjunctive" license.
5.3a.2 Intent: Here, the intent is to have a uniform method to refer to the license that is determined to represent the file with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3a.3 Cardinality: Mandatory, one.
5.3a.4 Tag: "LicenseAsserted:"
5.3a.5 RDF: TBD (include Disjunctive form here)
5.3a.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3a.7 Example:
LicenseAsserted: GPL-2.0
5.3b Detected License(s)
5.3b.1 Purpose: This field contains the license governing the file if it is known. It will be explicit from the file header or other information found in the file's source code. If no license information is found it should be denoted as "NotSpecified". If no license information can be determined, the license is denoted as "Unknown". The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a "disjunctive" license.
5.ba.2 Intent: Here, the intent is to have a uniform method to refer to each license with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseDetected:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Example:
LicenseDetected: GPL-2.0
LicenseDetected: FullLicense-2
5.3c License Comments
5.3c.1 Purpose: This field is a detailed description of the analysis and any relevent background references that went in to making the asserted license for a file, if the asserted license does not match the detected license that the person creating the SPDX file wants to share with the reviewers.
5.3c.2 Intent: Here, the intent is to provide technical readers/reviewers with a detailed technical explanation of how the asserted license was determined if it does not match the detected license.
5.3c.3 Cardinality: Optional, single instance
5.3c.4 Tag: "LicenseComments:"
5.3c.5 RDF: TBD
5.3c.6 Data Format: free form text than can span multiple lines, preceded with <text> and ending with </text>.
5.3c.7 Example: LicenseComments: <text> The asserted license was taken from the package level that the file was included in. </text>
The above is preliminary at this point, so needs some polishing. I've entered it in bugzilla (http://bugs.linux-foundation.org/show_bug.cgi?id=625), so after the discussion tomorrow, feel free to subscribe, and make improvements there.
Kate
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx_______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
new version of License List uploaded
Jilayne Lovejoy <Jlovejoy@...>
I
just uploaded v1.5 of the License List spreadsheet and accompanying
guidelines/notes document to the SPDX website here:
http://spdx.org/wiki/working-version-license-list
This
version reflects adds a column for comparison to the Debian short name
protocols and list (http://dep.debian.net/deps/dep5/)
and some comments where there were differences in license long names. Notes/observations/questions
re: these additions below (this is also listed on the Word doc associated with
the license):
- Column added for comparison to Debian license
list short names:
- If left blank, then license not on Debian list
- If short name is the same, then
“same” entered in this column
- If short name is different, then Debian
variation entered here
- Debian uses Expat license
instead of MIT; Expat is not on SPDX list ??
- Debian identifies GPL font and
SSL exception which were not on SPDX list; font exception was added to
SPDX list
- Should we add the SSL
exception? It looks like a suggestion more than a standard exception
based on the info contained in a link. I’ve never seen this
one before – anyone have any thoughts on this?
- SPDX list had exceptions not
on Debian list, but short names using Debian short names rules listed in
this column
- Debian lists Perl as a license,
but this is really a disjunctive licensing situation with either GPL or Artistic;
it doesn’t seem like “Perl” should be listed as a
separate license in this case as there are other scenarios like this
- Added other GFDL v1.1 and v1.3
to license list, as they were missing
- Debian lists GNU Free
Documentation License with no invariant sections à
did not add this… ??
Jilayne Lovejoy
| Corporate Counsel
jlovejoy@...
720
240 4545 | phone
720
240 4556 | fax
1 888
OpenLogic | toll free
www.openlogic.com
OpenLogic,
Inc.
Headquarters,
Broomfield, Colorado 80021
|
|
|
Re: Purpose of licensing info
Agree.
Tom Incorvia
tom.incorvia@...
Direct: (512) 340-1336
Mobile: (408) 499 6850
toggle quoted message
Show quoted text
-----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Kim Weins Sent: Friday, January 14, 2011 11:01 AM To: Peter Williams; SPDX Subject: Re: Purpose of licensing info I vote for best effort of the producer On Fri 1/14/11 9:51 AM, "Peter Williams" <peter.williams@...> wrote: On Fri, Jan 14, 2011 at 9:11 AM, Peterson, Scott K (HP Legal)
<scott.k.peterson@...> wrote:
(3)
In the file:
³See COPYING² [where the COPYING file is a copy of the GPL]
Metadata:
asserted license: GPL-2.0
license information in file: ³See COPYING² Are we going to define the mechanism for deciding if a bit of text
that is not a standard header is a licensing statement? Or is it just
the best effort of the producer?
Peter
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx _______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdxThis message has been scanned for viruses by MailController - www.MailController.altohiway.com
|
|
|
Re: Purpose of licensing info
I vote for best effort of the producer On Fri 1/14/11 9:51 AM, "Peter Williams" <peter.williams@...> wrote: On Fri, Jan 14, 2011 at 9:11 AM, Peterson, Scott K (HP Legal)
<scott.k.peterson@...> wrote:
(3)
In the file:
³See COPYING² [where the COPYING file is a copy of the GPL]
Metadata:
asserted license: GPL-2.0
license information in file: ³See COPYING² Are we going to define the mechanism for deciding if a bit of text
that is not a standard header is a licensing statement? Or is it just
the best effort of the producer?
Peter
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
Re: Purpose of licensing info
Peter Williams <peter.williams@...>
On Fri, Jan 14, 2011 at 9:11 AM, Peterson, Scott K (HP Legal) <scott.k.peterson@...> wrote: (3)
In the file:
“See COPYING” [where the COPYING file is a copy of the GPL]
Metadata:
asserted license: GPL-2.0
license information in file: “See COPYING” Are we going to define the mechanism for deciding if a bit of text that is not a standard header is a licensing statement? Or is it just the best effort of the producer? Peter
|
|
|
Re: Purpose of licensing info
Peterson, Scott K (HP Legal)
Now that I understand the interest in representing material that was explicitly found in the file, let me check my understanding about what specifically is expected to be recorded. (1) In the file: [standard GPLv2+ header] Metadata: asserted license: GPL-2.0+ license information in file: GPL-2.0+ (2) In the file: “Licensed under GPL version 2 or any later version” Metadata: asserted license: GPL-2.0+ license information in file: “Licensed under GPL version 2 or any later version” (3) In the file: “See COPYING” [where the COPYING file is a copy of the GPL] Metadata: asserted license: GPL-2.0 license information in file: “See COPYING” Is my understanding of the intent for recording information about what was actually in the file correct? -- Scott
|
|
|
Seen in file license recognition
Peter Williams <peter.williams@...>
It was clear from the call this morning that when and spdx producer
sees a standard header in a file that license ends up in the "seen in
file licenses" list. However, for all other licenses/license headers
do we expect those to be listed? Do we want to limit the values in
"seen in file licenses" to just those that match the standard header
set? If we don't then different producers of spdx will not agree on
the values in that list.
Peter
openlogic.com
|
|
|
shortnames for license information
Peterson, Scott K (HP Legal)
The discussion of "license information" (as contrasted with "licenses") suggests possible value in slightly generalizing the list of standard licenses to a list of standards shortnames.
From the spreadsheet, I see that a shortname may or may not have a corresponding standard header.
One could also add shortnames that did have a corresponding standard header ("licensed under the same terms as Perl", but that did not have a corresponding license text.
-- Scott
|
|
|
Re: Purpose of licensing info
Peterson, Scott K (HP Legal)
"License Information in File" Yes, that is better. And, that avoids “detected”. From the phone call this morning, I understand people read different things into that word. -- Scott
From: Philip Odence [mailto:podence@...]
Sent: Friday, January 14, 2011 10:29 AM
To: Peterson, Scott K (HP Legal)
Cc: spdx@...
Subject: Re: Purpose of licensing info This all looks very good Scott. I think naming is really important. I suggest being even more explicit with the name of the field to avoid confusion all together and call it: "License Information in File" Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502 On Jan 14, 2011, at 9:45 AM, Peterson, Scott K (HP Legal) wrote:
With the intent that I heard on the phone this morning, calling the second license field "Detected License" or "Declared License" will confuse people as to the intended meaning of the information in this field. This field is representing information that may be useful in determining the applicable license terms. The field itself is not necessarily representing a license.
Thus I propose modifying 5.3b as follows:
5.3b Detected License Information
5.3b.1 Purpose: This field contains license information explicitly found in the file. If no license information is found it should be denoted as “NotSpecified”. This information could be represented using standard short form names. See Appendix I for standardized license short forms. If the detected license information is not one of the standardized license short forms, this field must contain a reference to the full text of the information found in the file included in this SPDX file in section 4. If more than one piece of license information is detected in the file, then each should be listed.
5.ba.2 Intent: Here, the intent is to record the information that is explicitly present in the file that might be relevant to determination of the terms under which the file is licensed.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseInfo:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Examples:
LicenseInfo: GPL-2.0
LicenseInfo: FullLicense-456
LicenseInfo: FullLicense-457
Where FullLicense-456 is "This file is licensed under the same terms as Perl."
where FullLicense-457 is "For license terms, see the file LICENSE."
-- Scott
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@...
Sent: Thursday, January 13, 2011 2:47 PM
To: spdx@...
Subject: Re: Purpose of licensing info
Based on discussions on the SPDX call today, I think we are closing in on the following proposal for the file level to address the concerns raised by Open Logic.
There will be a special call tomorrow at 9am EST to get resolution on this issue. Please let Esteban Rockett or myself know, off-list, if you are interested in participating and were not in the legal call yesterday or the coordination call today.
Proposal: section 5.3 (License(s)) of the spec will become 3 fields:
5.3a Asserted License
5.3a.1 Purpose: This field contains the license governing the file if it can be determined. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license.
5.3a.2 Intent: Here, the intent is to have a uniform method to refer to the license that is determined to represent the file with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3a.3 Cardinality: Mandatory, one.
5.3a.4 Tag: "LicenseAsserted:"
5.3a.5 RDF: TBD (include Disjunctive form here)
5.3a.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3a.7 Example:
LicenseAsserted: GPL-2.0
5.3b Detected License(s)
5.3b.1 Purpose: This field contains the license governing the file if it is known. It will be explicit from the file header or other information found in the file’s source code. If no license information is found it should be denoted as “NotSpecified”. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license.
5.ba.2 Intent: Here, the intent is to have a uniform method to refer to each license with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseDetected:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Example:
LicenseDetected: GPL-2.0
LicenseDetected: FullLicense-2
5.3c License Comments
5.3c.1 Purpose: This field is a detailed description of the analysis and any relevent background references that went in to making the asserted license for a file, if the asserted license does not match the detected license that the person creating the SPDX file wants to share with the reviewers.
5.3c.2 Intent: Here, the intent is to provide technical readers/reviewers with a detailed technical explanation of how the asserted license was determined if it does not match the detected license.
5.3c.3 Cardinality: Optional, single instance
5.3c.4 Tag: “LicenseComments:”
5.3c.5 RDF: TBD
5.3c.6 Data Format: free form text than can span multiple lines, preceded with <text> and ending with </text>.
5.3c.7 Example: LicenseComments: <text> The asserted license was taken from the package level that the file was included in. </text>
The above is preliminary at this point, so needs some polishing. I've entered it in bugzilla (http://bugs.linux-foundation.org/show_bug.cgi?id=625), so after the discussion tomorrow, feel free to subscribe, and make improvements there.
Kate
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
Re: Purpose of licensing info
Peterson, Scott K (HP Legal)
None would imply that one looked and none was found.
Absence of the field would not imply whether there was or was not any license information in the file.
For example, if someone wanted to use the SPDX format to represent the information for their project, they might manually create the data. They won't necessarily want to take the trouble to indicate whether there was information in each file or not. The asserted license field would be enough for their purpose. Others might prefer that they added information about what was explicitly in the file. Whether the developer wanted to do that extra work ought to be up to them.
-- Scott
toggle quoted message
Show quoted text
-----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Peter Williams Sent: Friday, January 14, 2011 10:36 AM To: spdx@... Subject: Re: Purpose of licensing info Given that the field is optional do we need a "none" value? Wouldn't the absence of this field mean "none". On Fri, Jan 14, 2011 at 8:15 AM, Peterson, Scott K (HP Legal) <scott.k.peterson@...> wrote: I have a revision to my proposal below. The file format should permit uses where no assertion about what licensing information is or is not explicitly present in the file. In those cases the field could be omitted. If one want to represent the fact the file was scanned for license information and none was found, the file could have a value of "NoneSpecified".
Thus the change to what I proposed below:
5.3b.3 Cardinality: Optional, zero or many.
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Peterson, Scott K (HP Legal)
Sent: Friday, January 14, 2011 9:46 AM
To: spdx@...
Subject: RE: Purpose of licensing info
With the intent that I heard on the phone this morning, calling the second license field "Detected License" or "Declared License" will confuse people as to the intended meaning of the information in this field. This field is representing information that may be useful in determining the applicable license terms. The field itself is not necessarily representing a license.
Thus I propose modifying 5.3b as follows:
5.3b Detected License Information
5.3b.1 Purpose: This field contains license information explicitly found in the file. If no license information is found it should be denoted as "NotSpecified". This information could be represented using standard short form names. See Appendix I for standardized license short forms. If the detected license information is not one of the standardized license short forms, this field must contain a reference to the full text of the information found in the file included in this SPDX file in section 4. If more than one piece of license information is detected in the file, then each should be listed.
5.ba.2 Intent: Here, the intent is to record the information that is explicitly present in the file that might be relevant to determination of the terms under which the file is licensed.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseInfo:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Examples:
LicenseInfo: GPL-2.0
LicenseInfo: FullLicense-456
LicenseInfo: FullLicense-457
Where FullLicense-456 is "This file is licensed under the same terms as Perl."
where FullLicense-457 is "For license terms, see the file LICENSE."
-- Scott
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@...
Sent: Thursday, January 13, 2011 2:47 PM
To: spdx@...
Subject: Re: Purpose of licensing info
Based on discussions on the SPDX call today, I think we are closing in on the following proposal for the file level to address the concerns raised by Open Logic.
There will be a special call tomorrow at 9am EST to get resolution on this issue. Please let Esteban Rockett or myself know, off-list, if you are interested in participating and were not in the legal call yesterday or the coordination call today.
Proposal: section 5.3 (License(s)) of the spec will become 3 fields:
5.3a Asserted License
5.3a.1 Purpose: This field contains the license governing the file if it can be determined. If no license information can be determined, the license is denoted as "Unknown". The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a "disjunctive" license.
5.3a.2 Intent: Here, the intent is to have a uniform method to refer to the license that is determined to represent the file with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3a.3 Cardinality: Mandatory, one.
5.3a.4 Tag: "LicenseAsserted:"
5.3a.5 RDF: TBD (include Disjunctive form here)
5.3a.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3a.7 Example:
LicenseAsserted: GPL-2.0
5.3b Detected License(s)
5.3b.1 Purpose: This field contains the license governing the file if it is known. It will be explicit from the file header or other information found in the file's source code. If no license information is found it should be denoted as "NotSpecified". If no license information can be determined, the license is denoted as "Unknown". The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a "disjunctive" license.
5.ba.2 Intent: Here, the intent is to have a uniform method to refer to each license with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseDetected:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Example:
LicenseDetected: GPL-2.0
LicenseDetected: FullLicense-2
5.3c License Comments
5.3c.1 Purpose: This field is a detailed description of the analysis and any relevent background references that went in to making the asserted license for a file, if the asserted license does not match the detected license that the person creating the SPDX file wants to share with the reviewers.
5.3c.2 Intent: Here, the intent is to provide technical readers/reviewers with a detailed technical explanation of how the asserted license was determined if it does not match the detected license.
5.3c.3 Cardinality: Optional, single instance
5.3c.4 Tag: "LicenseComments:"
5.3c.5 RDF: TBD
5.3c.6 Data Format: free form text than can span multiple lines, preceded with <text> and ending with </text>.
5.3c.7 Example: LicenseComments: <text> The asserted license was taken from the package level that the file was included in. </text>
The above is preliminary at this point, so needs some polishing. I've entered it in bugzilla (http://bugs.linux-foundation.org/show_bug.cgi?id=625), so after the discussion tomorrow, feel free to subscribe, and make improvements there.
Kate
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
Re: Purpose of licensing info
I assumed we'd want to distinguish between "I didn't look" and "I looked and found no license info."
L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
On Jan 14, 2011, at 10:36 AM, Peter Williams wrote: Given that the field is optional do we need a "none" value? Wouldn't the absence of this field mean "none". On Fri, Jan 14, 2011 at 8:15 AM, Peterson, Scott K (HP Legal) < scott.k.peterson@...> wrote: I have a revision to my proposal below. The file format should permit uses where no assertion about what licensing information is or is not explicitly present in the file. In those cases the field could be omitted. If one want to represent the fact the file was scanned for license information and none was found, the file could have a value of "NoneSpecified".
Thus the change to what I proposed below:
5.3b.3 Cardinality: Optional, zero or many.
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Peterson, Scott K (HP Legal)
Sent: Friday, January 14, 2011 9:46 AM
To: spdx@...
Subject: RE: Purpose of licensing info
With the intent that I heard on the phone this morning, calling the second license field "Detected License" or "Declared License" will confuse people as to the intended meaning of the information in this field. This field is representing information that may be useful in determining the applicable license terms. The field itself is not necessarily representing a license.
Thus I propose modifying 5.3b as follows:
5.3b Detected License Information
5.3b.1 Purpose: This field contains license information explicitly found in the file. If no license information is found it should be denoted as “NotSpecified”. This information could be represented using standard short form names. See Appendix I for standardized license short forms. If the detected license information is not one of the standardized license short forms, this field must contain a reference to the full text of the information found in the file included in this SPDX file in section 4. If more than one piece of license information is detected in the file, then each should be listed.
5.ba.2 Intent: Here, the intent is to record the information that is explicitly present in the file that might be relevant to determination of the terms under which the file is licensed.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseInfo:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Examples:
LicenseInfo: GPL-2.0
LicenseInfo: FullLicense-456
LicenseInfo: FullLicense-457
Where FullLicense-456 is "This file is licensed under the same terms as Perl."
where FullLicense-457 is "For license terms, see the file LICENSE."
-- Scott
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@...
Sent: Thursday, January 13, 2011 2:47 PM
To: spdx@...
Subject: Re: Purpose of licensing info
Based on discussions on the SPDX call today, I think we are closing in on the following proposal for the file level to address the concerns raised by Open Logic.
There will be a special call tomorrow at 9am EST to get resolution on this issue. Please let Esteban Rockett or myself know, off-list, if you are interested in participating and were not in the legal call yesterday or the coordination call today.
Proposal: section 5.3 (License(s)) of the spec will become 3 fields:
5.3a Asserted License
5.3a.1 Purpose: This field contains the license governing the file if it can be determined. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license.
5.3a.2 Intent: Here, the intent is to have a uniform method to refer to the license that is determined to represent the file with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3a.3 Cardinality: Mandatory, one.
5.3a.4 Tag: "LicenseAsserted:"
5.3a.5 RDF: TBD (include Disjunctive form here)
5.3a.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3a.7 Example:
LicenseAsserted: GPL-2.0
5.3b Detected License(s)
5.3b.1 Purpose: This field contains the license governing the file if it is known. It will be explicit from the file header or other information found in the file’s source code. If no license information is found it should be denoted as “NotSpecified”. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license.
5.ba.2 Intent: Here, the intent is to have a uniform method to refer to each license with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseDetected:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Example:
LicenseDetected: GPL-2.0
LicenseDetected: FullLicense-2
5.3c License Comments
5.3c.1 Purpose: This field is a detailed description of the analysis and any relevent background references that went in to making the asserted license for a file, if the asserted license does not match the detected license that the person creating the SPDX file wants to share with the reviewers.
5.3c.2 Intent: Here, the intent is to provide technical readers/reviewers with a detailed technical explanation of how the asserted license was determined if it does not match the detected license.
5.3c.3 Cardinality: Optional, single instance
5.3c.4 Tag: “LicenseComments:”
5.3c.5 RDF: TBD
5.3c.6 Data Format: free form text than can span multiple lines, preceded with <text> and ending with </text>.
5.3c.7 Example: LicenseComments: <text> The asserted license was taken from the package level that the file was included in. </text>
The above is preliminary at this point, so needs some polishing. I've entered it in bugzilla (http://bugs.linux-foundation.org/show_bug.cgi?id=625), so after the discussion tomorrow, feel free to subscribe, and make improvements there.
Kate
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________ Spdx mailing list Spdx@...https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
Re: Purpose of licensing info
Peter Williams <peter.williams@...>
Given that the field is optional do we need a "none" value? Wouldn't the absence of this field mean "none". On Fri, Jan 14, 2011 at 8:15 AM, Peterson, Scott K (HP Legal) <scott.k.peterson@...> wrote: I have a revision to my proposal below. The file format should permit uses where no assertion about what licensing information is or is not explicitly present in the file. In those cases the field could be omitted. If one want to represent the fact the file was scanned for license information and none was found, the file could have a value of "NoneSpecified".
Thus the change to what I proposed below:
5.3b.3 Cardinality: Optional, zero or many.
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Peterson, Scott K (HP Legal)
Sent: Friday, January 14, 2011 9:46 AM
To: spdx@...
Subject: RE: Purpose of licensing info
With the intent that I heard on the phone this morning, calling the second license field "Detected License" or "Declared License" will confuse people as to the intended meaning of the information in this field. This field is representing information that may be useful in determining the applicable license terms. The field itself is not necessarily representing a license.
Thus I propose modifying 5.3b as follows:
5.3b Detected License Information
5.3b.1 Purpose: This field contains license information explicitly found in the file. If no license information is found it should be denoted as “NotSpecified”. This information could be represented using standard short form names. See Appendix I for standardized license short forms. If the detected license information is not one of the standardized license short forms, this field must contain a reference to the full text of the information found in the file included in this SPDX file in section 4. If more than one piece of license information is detected in the file, then each should be listed.
5.ba.2 Intent: Here, the intent is to record the information that is explicitly present in the file that might be relevant to determination of the terms under which the file is licensed.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseInfo:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Examples:
LicenseInfo: GPL-2.0
LicenseInfo: FullLicense-456
LicenseInfo: FullLicense-457
Where FullLicense-456 is "This file is licensed under the same terms as Perl."
where FullLicense-457 is "For license terms, see the file LICENSE."
-- Scott
-----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@...
Sent: Thursday, January 13, 2011 2:47 PM
To: spdx@...
Subject: Re: Purpose of licensing info
Based on discussions on the SPDX call today, I think we are closing in on the following proposal for the file level to address the concerns raised by Open Logic.
There will be a special call tomorrow at 9am EST to get resolution on this issue. Please let Esteban Rockett or myself know, off-list, if you are interested in participating and were not in the legal call yesterday or the coordination call today.
Proposal: section 5.3 (License(s)) of the spec will become 3 fields:
5.3a Asserted License
5.3a.1 Purpose: This field contains the license governing the file if it can be determined. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license.
5.3a.2 Intent: Here, the intent is to have a uniform method to refer to the license that is determined to represent the file with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3a.3 Cardinality: Mandatory, one.
5.3a.4 Tag: "LicenseAsserted:"
5.3a.5 RDF: TBD (include Disjunctive form here)
5.3a.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3a.7 Example:
LicenseAsserted: GPL-2.0
5.3b Detected License(s)
5.3b.1 Purpose: This field contains the license governing the file if it is known. It will be explicit from the file header or other information found in the file’s source code. If no license information is found it should be denoted as “NotSpecified”. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license.
5.ba.2 Intent: Here, the intent is to have a uniform method to refer to each license with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseDetected:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Example:
LicenseDetected: GPL-2.0
LicenseDetected: FullLicense-2
5.3c License Comments
5.3c.1 Purpose: This field is a detailed description of the analysis and any relevent background references that went in to making the asserted license for a file, if the asserted license does not match the detected license that the person creating the SPDX file wants to share with the reviewers.
5.3c.2 Intent: Here, the intent is to provide technical readers/reviewers with a detailed technical explanation of how the asserted license was determined if it does not match the detected license.
5.3c.3 Cardinality: Optional, single instance
5.3c.4 Tag: “LicenseComments:”
5.3c.5 RDF: TBD
5.3c.6 Data Format: free form text than can span multiple lines, preceded with <text> and ending with </text>.
5.3c.7 Example: LicenseComments: <text> The asserted license was taken from the package level that the file was included in. </text>
The above is preliminary at this point, so needs some polishing. I've entered it in bugzilla (http://bugs.linux-foundation.org/show_bug.cgi?id=625), so after the discussion tomorrow, feel free to subscribe, and make improvements there.
Kate
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
Re: Purpose of licensing info
This all looks very good Scott. I think naming is really important. I suggest being even more explicit with the name of the field to avoid confusion all together and call it: "License Information in File"
L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
On Jan 14, 2011, at 9:45 AM, Peterson, Scott K (HP Legal) wrote: With the intent that I heard on the phone this morning, calling the second license field "Detected License" or "Declared License" will confuse people as to the intended meaning of the information in this field. This field is representing information that may be useful in determining the applicable license terms. The field itself is not necessarily representing a license. Thus I propose modifying 5.3b as follows: 5.3b Detected License Information 5.3b.1 Purpose: This field contains license information explicitly found in the file. If no license information is found it should be denoted as “NotSpecified”. This information could be represented using standard short form names. See Appendix I for standardized license short forms. If the detected license information is not one of the standardized license short forms, this field must contain a reference to the full text of the information found in the file included in this SPDX file in section 4. If more than one piece of license information is detected in the file, then each should be listed. 5.ba.2 Intent: Here, the intent is to record the information that is explicitly present in the file that might be relevant to determination of the terms under which the file is licensed. 5.3b.3 Cardinality: Mandatory, one or many. 5.3b.4 Tag: "LicenseInfo:" 5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified ) 5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N 5.3b.7 Examples: LicenseInfo: GPL-2.0 LicenseInfo: FullLicense-456 LicenseInfo: FullLicense-457 Where FullLicense-456 is "This file is licensed under the same terms as Perl." where FullLicense-457 is "For license terms, see the file LICENSE." -- Scott -----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@...Sent: Thursday, January 13, 2011 2:47 PM To: spdx@...Subject: Re: Purpose of licensing info Based on discussions on the SPDX call today, I think we are closing in on the following proposal for the file level to address the concerns raised by Open Logic. There will be a special call tomorrow at 9am EST to get resolution on this issue. Please let Esteban Rockett or myself know, off-list, if you are interested in participating and were not in the legal call yesterday or the coordination call today. Proposal: section 5.3 (License(s)) of the spec will become 3 fields: 5.3a Asserted License 5.3a.1 Purpose: This field contains the license governing the file if it can be determined. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license. 5.3a.2 Intent: Here, the intent is to have a uniform method to refer to the license that is determined to represent the file with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD. 5.3a.3 Cardinality: Mandatory, one. 5.3a.4 Tag: "LicenseAsserted:" 5.3a.5 RDF: TBD (include Disjunctive form here) 5.3a.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N 5.3a.7 Example: LicenseAsserted: GPL-2.0 5.3b Detected License(s) 5.3b.1 Purpose: This field contains the license governing the file if it is known. It will be explicit from the file header or other information found in the file’s source code. If no license information is found it should be denoted as “NotSpecified”. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license. 5.ba.2 Intent: Here, the intent is to have a uniform method to refer to each license with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD. 5.3b.3 Cardinality: Mandatory, one or many. 5.3b.4 Tag: "LicenseDetected:" 5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified ) 5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N 5.3b.7 Example: LicenseDetected: GPL-2.0 LicenseDetected: FullLicense-2 5.3c License Comments 5.3c.1 Purpose: This field is a detailed description of the analysis and any relevent background references that went in to making the asserted license for a file, if the asserted license does not match the detected license that the person creating the SPDX file wants to share with the reviewers. 5.3c.2 Intent: Here, the intent is to provide technical readers/reviewers with a detailed technical explanation of how the asserted license was determined if it does not match the detected license. 5.3c.3 Cardinality: Optional, single instance 5.3c.4 Tag: “LicenseComments:” 5.3c.5 RDF: TBD 5.3c.6 Data Format: free form text than can span multiple lines, preceded with <text> and ending with </text>. 5.3c.7 Example: LicenseComments: <text> The asserted license was taken from the package level that the file was included in. </text> The above is preliminary at this point, so needs some polishing. I've entered it in bugzilla ( http://bugs.linux-foundation.org/show_bug.cgi?id=625), so after the discussion tomorrow, feel free to subscribe, and make improvements there. Kate _______________________________________________ Spdx mailing list Spdx@...https://fossbazaar.org/mailman/listinfo/spdx _______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
Re: Purpose of licensing info
Peterson, Scott K (HP Legal)
I have a revision to my proposal below. The file format should permit uses where no assertion about what licensing information is or is not explicitly present in the file. In those cases the field could be omitted. If one want to represent the fact the file was scanned for license information and none was found, the file could have a value of "NoneSpecified".
Thus the change to what I proposed below:
5.3b.3 Cardinality: Optional, zero or many.
toggle quoted message
Show quoted text
-----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Peterson, Scott K (HP Legal) Sent: Friday, January 14, 2011 9:46 AM To: spdx@... Subject: RE: Purpose of licensing info With the intent that I heard on the phone this morning, calling the second license field "Detected License" or "Declared License" will confuse people as to the intended meaning of the information in this field. This field is representing information that may be useful in determining the applicable license terms. The field itself is not necessarily representing a license. Thus I propose modifying 5.3b as follows: 5.3b Detected License Information 5.3b.1 Purpose: This field contains license information explicitly found in the file. If no license information is found it should be denoted as “NotSpecified”. This information could be represented using standard short form names. See Appendix I for standardized license short forms. If the detected license information is not one of the standardized license short forms, this field must contain a reference to the full text of the information found in the file included in this SPDX file in section 4. If more than one piece of license information is detected in the file, then each should be listed. 5.ba.2 Intent: Here, the intent is to record the information that is explicitly present in the file that might be relevant to determination of the terms under which the file is licensed. 5.3b.3 Cardinality: Mandatory, one or many. 5.3b.4 Tag: "LicenseInfo:" 5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified ) 5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N 5.3b.7 Examples: LicenseInfo: GPL-2.0 LicenseInfo: FullLicense-456 LicenseInfo: FullLicense-457 Where FullLicense-456 is "This file is licensed under the same terms as Perl." where FullLicense-457 is "For license terms, see the file LICENSE." -- Scott -----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@... Sent: Thursday, January 13, 2011 2:47 PM To: spdx@... Subject: Re: Purpose of licensing info Based on discussions on the SPDX call today, I think we are closing in on the following proposal for the file level to address the concerns raised by Open Logic. There will be a special call tomorrow at 9am EST to get resolution on this issue. Please let Esteban Rockett or myself know, off-list, if you are interested in participating and were not in the legal call yesterday or the coordination call today. Proposal: section 5.3 (License(s)) of the spec will become 3 fields: 5.3a Asserted License 5.3a.1 Purpose: This field contains the license governing the file if it can be determined. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license. 5.3a.2 Intent: Here, the intent is to have a uniform method to refer to the license that is determined to represent the file with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD. 5.3a.3 Cardinality: Mandatory, one. 5.3a.4 Tag: "LicenseAsserted:" 5.3a.5 RDF: TBD (include Disjunctive form here) 5.3a.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N 5.3a.7 Example: LicenseAsserted: GPL-2.0 5.3b Detected License(s) 5.3b.1 Purpose: This field contains the license governing the file if it is known. It will be explicit from the file header or other information found in the file’s source code. If no license information is found it should be denoted as “NotSpecified”. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license. 5.ba.2 Intent: Here, the intent is to have a uniform method to refer to each license with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD. 5.3b.3 Cardinality: Mandatory, one or many. 5.3b.4 Tag: "LicenseDetected:" 5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified ) 5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N 5.3b.7 Example: LicenseDetected: GPL-2.0 LicenseDetected: FullLicense-2 5.3c License Comments 5.3c.1 Purpose: This field is a detailed description of the analysis and any relevent background references that went in to making the asserted license for a file, if the asserted license does not match the detected license that the person creating the SPDX file wants to share with the reviewers. 5.3c.2 Intent: Here, the intent is to provide technical readers/reviewers with a detailed technical explanation of how the asserted license was determined if it does not match the detected license. 5.3c.3 Cardinality: Optional, single instance 5.3c.4 Tag: “LicenseComments:” 5.3c.5 RDF: TBD 5.3c.6 Data Format: free form text than can span multiple lines, preceded with <text> and ending with </text>. 5.3c.7 Example: LicenseComments: <text> The asserted license was taken from the package level that the file was included in. </text> The above is preliminary at this point, so needs some polishing. I've entered it in bugzilla ( http://bugs.linux-foundation.org/show_bug.cgi?id=625), so after the discussion tomorrow, feel free to subscribe, and make improvements there. Kate _______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx_______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
Re: Purpose of licensing info
Peterson, Scott K (HP Legal)
With the intent that I heard on the phone this morning, calling the second license field "Detected License" or "Declared License" will confuse people as to the intended meaning of the information in this field. This field is representing information that may be useful in determining the applicable license terms. The field itself is not necessarily representing a license.
Thus I propose modifying 5.3b as follows:
5.3b Detected License Information
5.3b.1 Purpose: This field contains license information explicitly found in the file. If no license information is found it should be denoted as “NotSpecified”. This information could be represented using standard short form names. See Appendix I for standardized license short forms. If the detected license information is not one of the standardized license short forms, this field must contain a reference to the full text of the information found in the file included in this SPDX file in section 4. If more than one piece of license information is detected in the file, then each should be listed.
5.ba.2 Intent: Here, the intent is to record the information that is explicitly present in the file that might be relevant to determination of the terms under which the file is licensed.
5.3b.3 Cardinality: Mandatory, one or many.
5.3b.4 Tag: "LicenseInfo:"
5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )
5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N
5.3b.7 Examples:
LicenseInfo: GPL-2.0
LicenseInfo: FullLicense-456
LicenseInfo: FullLicense-457
Where FullLicense-456 is "This file is licensed under the same terms as Perl."
where FullLicense-457 is "For license terms, see the file LICENSE."
-- Scott
toggle quoted message
Show quoted text
-----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@... Sent: Thursday, January 13, 2011 2:47 PM To: spdx@... Subject: Re: Purpose of licensing info Based on discussions on the SPDX call today, I think we are closing in on the following proposal for the file level to address the concerns raised by Open Logic. There will be a special call tomorrow at 9am EST to get resolution on this issue. Please let Esteban Rockett or myself know, off-list, if you are interested in participating and were not in the legal call yesterday or the coordination call today. Proposal: section 5.3 (License(s)) of the spec will become 3 fields: 5.3a Asserted License 5.3a.1 Purpose: This field contains the license governing the file if it can be determined. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license. 5.3a.2 Intent: Here, the intent is to have a uniform method to refer to the license that is determined to represent the file with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD. 5.3a.3 Cardinality: Mandatory, one. 5.3a.4 Tag: "LicenseAsserted:" 5.3a.5 RDF: TBD (include Disjunctive form here) 5.3a.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N 5.3a.7 Example: LicenseAsserted: GPL-2.0 5.3b Detected License(s) 5.3b.1 Purpose: This field contains the license governing the file if it is known. It will be explicit from the file header or other information found in the file’s source code. If no license information is found it should be denoted as “NotSpecified”. If no license information can be determined, the license is denoted as “Unknown”. The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a “disjunctive” license. 5.ba.2 Intent: Here, the intent is to have a uniform method to refer to each license with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD. 5.3b.3 Cardinality: Mandatory, one or many. 5.3b.4 Tag: "LicenseDetected:" 5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified ) 5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N 5.3b.7 Example: LicenseDetected: GPL-2.0 LicenseDetected: FullLicense-2 5.3c License Comments 5.3c.1 Purpose: This field is a detailed description of the analysis and any relevent background references that went in to making the asserted license for a file, if the asserted license does not match the detected license that the person creating the SPDX file wants to share with the reviewers. 5.3c.2 Intent: Here, the intent is to provide technical readers/reviewers with a detailed technical explanation of how the asserted license was determined if it does not match the detected license. 5.3c.3 Cardinality: Optional, single instance 5.3c.4 Tag: “LicenseComments:” 5.3c.5 RDF: TBD 5.3c.6 Data Format: free form text than can span multiple lines, preceded with <text> and ending with </text>. 5.3c.7 Example: LicenseComments: <text> The asserted license was taken from the package level that the file was included in. </text> The above is preliminary at this point, so needs some polishing. I've entered it in bugzilla ( http://bugs.linux-foundation.org/show_bug.cgi?id=625), so after the discussion tomorrow, feel free to subscribe, and make improvements there. Kate _______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
Re: Purpose of licensing info
Peter Williams <peter.williams@...>
On Thu, Jan 13, 2011 at 9:31 PM, <kate.stewart@...> wrote:
Hi Scott,
The meaning of the declared and detected at the package is
different than what we've been discussing at the file level, and
separation of the two different cases (package level vs. file level)
is important and significant.
How are these different? In both cases it is the set of licenses the author(s) have declared/stated they believe (or want you to believe) cover the entity in question. Seems pretty much the same to me except that the entity is file in one case and a package in the other (which is most likely just a file). Peter openlogic.com
|
|
|
Minutes from Jan 13 SPDX General Meeting
The Tech Team has put in place an instance of Bugzilla. We'll be using it to track all kinds of SPDX issues including licenses, documentation and website issues. So, you may want an account even if you are not involved in the details of drafting the spec. The product is "spdx" and under that are projects: spec, licenses, documentation, pretty printer, website. The signup process is typical and quick.
Next General Meeting is Jan 27.
L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
|
|
|
Re: Purpose of licensing info
Soeren, First, you inferred the issue correctly. I was in the conversation and had exactly the same idea as you. I ended up never putting it out on the table because several of the participants in the discussion (who were from real end user companies) took the position that it was absolutely mandatory for them to know the license data contained in the file, even if it was thought or known to be erroneous. So, I concluded that two license fields were required. There could still be an argument for adding your suggested field as a fourth; it would essentially be a standardized comment field. However I still think we'd need to free form comment field to capture unanticipated cases or other information deemed important by the author. Phil
L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
I am trying to understand the meaning and value of "detected" and/or
"declared" as distinguished from "your best guess", i.e., "asserted".
I don't know about this one. Would this statement be representable in
a declared license file? It requires multiple facts and deduction
[...] I haven't been in the spdx-team from the beginning on, so I do not exactly know what the original purpose of these two license declarations is. But judging from daily experience I assume it is to cover the situation where there is neither a license file nor any licensing comments in the source code, however it is known from other sources (e.g. community website) that the software is licensed under particular terms. In fact there might be multiple facts and deductions involved. In order to avoid conflicting license tags in one spdx file, wouldn't it be more viable to have only one license tag, but an additional tag determining the source of that license information (maybe in categories like "license file", "documentation". "website[URL]", etc) ? Cheers Soeren ===================================================================================================================================== This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views or opinions expressed are solely those of the author and do not represent those of ASUSTeK. Thank you for your cooperation. ===================================================================================================================================== _______________________________________________ Spdx mailing list Spdx@...https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
