|
License templates
Peter Williams <peter.williams@...>
In
<https://fossbazaar.org/pipermail/spdx/2010-September/000116.html>
dmg brought up and interesting question regarding how similar two
license texts need to be before they can be considered the same
license. This got me thinking about the proposed license
templates.
I am increasing uncomfortable with the idea of spdx specify a mechanism intended to support recognition of licenses. That very idea seems fraught with peril, both technically and legally. What constitutes similar enough to treat as a single license is a policy decision. Risk averse organizations with a high profile might choose a relatively high bar for sameness, while less risk averse organizations will probably prefer a lower bar. I think setting these policies should be left to the producers and consumers of spdx files. These parties are the only ones with enough information to do it effectively. There are a few situations where a light weight template syntax in the license text field itself would be useful. Such a syntax would allow a way to demarcate really obvious and uncontentious replaceable parts of the license. Square brackets around a description of the replaceable element would probably sufficient. For example, the 3 clause bsd license text would look like this Copyright (c) [YEAR], [OWNER]This would allow spdx to provide canonical forms of licenses without trying to specify policy issues. Peter Williams <http://openlogic.com> |
|
|
|
Re: Some SPDX 1.0 beta examples
Peter Williams <peter.williams@...>
On 9/29/10 2:32 PM, dmg wrote:
This is good. It can start some discussion on the standard.We assume any that file that does not contain explicit license info and does not match any of the open source in our database is licensed under the declared license of the project. In this case the Zlib license. 2. Some files refer to zlib.h as the file with a license. Now, if theI think this is outside the scope of the spdx proper. Many of the decisions about what licenses govern a file will be made on criteria other than an explicit license declaration, direct or indirect. For example, some part of a file might be matched against a database of open source and that open source file might have a license associated with it. In the short term this could be handled as comment on the file object. It might be an interesting follow on project to create an extension to allow expressing the decision criteria for why a particular license was chosen. 3. Is it the same to include a license than to refer to a license?We treat those the same. This is a policy issue to be worked out between the producer and the consumers of the spdx file. I think the spec should avoid specify the copyright/license analysis process. Spdx should just provide a way to express the results of such an analysis. 4. In some files the zlib iicense varies slightly:This also feels like a policy issue to me. We treat those as the same. Peter Williams <http://openlogic.com> |
|
|
|
Re: Mailing list archive
Philip Odence
Done
toggle quoted message
Show quoted text
L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
On Sep 29, 2010, at 5:09 PM, Peter Williams wrote:
|
|
|
|
guidelines for License Notes field
Jilayne Lovejoy <Jlovejoy@...>
As per the discussion during Friday's License call, I typed up a
guideline/description of what should/should not be included in the License Notes field on the License List: License Notes field guidelines - For the purpose of describing what kinds of information should or can be included in this field and what kinds of information should not be included here with examples of both. The information included in the License Notes field should consist of factual information only. Opinions or interpretations of the license should not be included here. Factual information may include such information as the dates of a revision or new version if that information is not already included in the license itself or a note stating that the license has been deprecated by the author. For example, the BSD license might have a Note stating that the original advertising clause was deleted as of July 22, 1999. (see "Historical Note" here for full example: http://opensource.org/licenses/bsd-license.php) This field may also be used to communicate updates to the license due to typographical errors or other data entry alterations (that are not changes to the license by the license's author). Information that in any way interprets the license or draws conclusions as to what the license requires is not appropriate. For example, links to interpretations of the license, even if written by the license's author, should not be included here. Much external information exists on license interpretation and we do not want to favor one over the other. Likewise, statements that the license is a dedication to the public domain should not be included. This is a determination for the recipient of the license to make, not the SPDX creator. |
|
|
|
Re: Mailing list archive
Peter Williams <peter.williams@...>
A name change would be an improvement.
toggle quoted message
Show quoted text
I see your point about not complicating navigation for existing participants. However, having a top level page that basically free of content, as the participation page is now, is a waste. Would moving the minutes and spec development links to the top of the partcipation page and then adding a "Getting Started" section below those links work? It would make the navigation links for on going participation even easier to get to than they are now. And it would be really obvious for potential participants how to go about getting started. Peter On 9/29/10 2:48 PM, Philip Odence wrote:
Peter, |
|
|
|
Re: Mailing list archive
Philip Odence
Peter,
toggle quoted message
Show quoted text
I'm responsible for the hierarchy, so I'll weigh in. I'd rather change the name to "Getting Started" or something like that (if it's the "Guidelines" that bothers you) rather than moving it. I understand it takes an extra click, but the page contains information that one no longer needs once signed up and familiar, so why make everyone keep looking at it? I'm not hard over on this, but I do think it's better where it is. Phil L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
On Sep 29, 2010, at 4:35 PM, Peter Williams wrote:
|
|
|
|
Re: Mailing list archive
Peter Williams <peter.williams@...>
Does anyone object to moving the content of <http://www.spdx.org/wiki/spdx/participation-guidelines> to the main participation page, <http://www.spdx.org/node/2240>? A page named "guidelines" seems more like a code of conduct than a page containing the details of how one would go about participating. And the extra click seem unnecessary.
toggle quoted message
Show quoted text
Peter On 9/29/10 2:29 PM, Peter Williams wrote:
On 9/29/10 2:16 PM, Armijn Hemel wrote:Sweet, thanks. I added a link to the participation guidelines page in |
|
|
|
Re: Some SPDX 1.0 beta examples
dmg
This is good. It can start some discussion on the standard.
First, one question: I scanned the file for zlib and I found some issues with it, but I think are worth discussing: 1. Some files do not contain a license, yet they are marked as one: dmg@i:/tmp/zlib-1.2.5$ more contrib/minizip/zip.c /* zip.c -- IO on .zip files using zlib Version 1.1, February 14h, 2010 part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html ) Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html ) Modifications for Zip64 support Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com ) For more info read MiniZip_info.txt Changes Oct-2009 - Mathias Svensson - Remove old C style function prototypes Oct-2009 - Mathias Svensson - Added Zip64 Support when creating new file archives Oct-2009 - Mathias Svensson - Did some code cleanup and refactoring to get better overview of some functions. Oct-2009 - Mathias Svensson - Added zipRemoveExtraInfoBlock to strip extra field data from its ZIP64 data It is used when recreting zip archive with RAW when deleting items from a zip. ZIP64 data is automaticly added to items that needs it, and existing ZIP64 data need to be removed. Oct-2009 - Mathias Svensson - Added support for BZIP2 as compression mode (bzip2 lib is required) Jan-2010 - back to unzip and minizip 1.0 name scheme, with compatibility layer */ ------------ 2. Some files refer to zlib.h as the file with a license. Now, if the SHA1 of the file does not change, I would presume (as a user) that I don't need to scan it again, which is good. But what if zlib.h changes? Would it be useful in the SPDX to use a "reference" field to denote such a thing? --------- 3. Is it the same to include a license than to refer to a license? --- 4. In some files the zlib iicense varies slightly: This software is provided 'as-is', without any express or implied warranty. In no event will the author be held liable for any damages arising from the use of this software. and in others This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. --dmg On Wed, Sep 29, 2010 at 12:52 PM, Philip Odence <podence@...> wrote: I moved it to -- --dmg --- Daniel M. German http://turingmachine.org |
|
|
|
Re: Mailing list archive
Armijn Hemel <armijn@...>
On Wed, 2010-09-29 at 16:24 -0400, Philip Odence wrote:
Now that you have appeared in the NY Times with a Boston Red Sox hatActually I was replying to Peter's question. I guess that your mail client might not have shown that it was a reply. But, to actually make it a question: is there an archive available of the period before August 10? armijn -- --------------------------------------------------------------------------- armijn@... || http://www.gpl-violations.org/ --------------------------------------------------------------------------- |
|
|
|
Re: Mailing list archive
Peter Williams <peter.williams@...>
On 9/29/10 2:16 PM, Armijn Hemel wrote:
Sweet, thanks. I added a link to the participation guidelines page in the wiki. Hopefully one more link will make google pick it up. Peter |
|
|
|
Re: Mailing list archive
Philip Odence
Armijn, Now that you have appeared in the NY Times with a Boston Red Sox hat http://www.nytimes.com/2010/09/26/business/26ping.html?src=busln, I feel I must respond quickly. There are a number of places in SPDX.org that provide links to the mail list sign up, for example: Click on the mail list sign up link. Then click on the first link that appears on the mail list page https://fossbazaar.org/mailman/listinfo/spdx and you will be taken to the archive. Phil L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
On Sep 29, 2010, at 4:16 PM, Armijn Hemel wrote:
|
|
|
|
Re: Mailing list archive
Armijn Hemel <armijn@...>
On Wed, 2010-09-29 at 14:04 -0600, Peter Williams wrote:
Is the spdx mailing list archived anywhere? I was looking to read uphttps://fossbazaar.org/pipermail/spdx/ armijn -- --------------------------------------------------------------------------- armijn@... || http://www.gpl-violations.org/ --------------------------------------------------------------------------- |
|
|
|
Mailing list archive
Peter Williams <peter.williams@...>
Is the spdx mailing list archived anywhere? I was looking to read up on the past debate around a particular part of the spec and I was unable to locate an archive of the mailing list.
It is crucial that the forum in which so many of the decisions regarding SPDX are made be archived and made available on the web. The lack of an archive on the web make our work quite opaque to anyone who is not currently subscribed. It also hides this effort from people who might be interested because none of it shows up in search engines. It is possible to turn on an archiving feature in our list server? Peter Williams <http://openlogic.com> |
|
|
|
Re: Some SPDX 1.0 beta examples
Philip Odence
I moved it to Home » Wiki » Software Package Data Exchange (SPDX) » Spec Development » Sandbox For Sharing Examples, Ideas, Etc. Not sure if it way my knowledge or permissions or both, but anyway, it's there. Good stuff, Peter. On Sep 29, 2010, at 3:45 PM, Peter Williams wrote:
|
|
|
|
Some SPDX 1.0 beta examples
Peter Williams <peter.williams@...>
Hi all,
I have posted some examples, along with some notes about them at <http://spdx.org/wiki/openlogic-spdx-10-beta-examples>. The examples are intended to conform to the 1.0 beta version of the spec except that we used sha-256 checksums -- rather than sha-1 -- to identify the files. I was not able to figure out how to add that page to the examples sandbox. (Perhaps i do not permission to do that? ) Would someone with more knowledge of (or permissions with) the wiki do that for me? Comments and feedback are welcome. Peter Williams <http://openlogic.com> |
|
|
|
SPDX RDF Sub-group Mtg 4 concall / gotomeeting details
Bill Schineller
Colleagues,
Sorry for sending out the call-in details late. The call will be at the usual Tuesday time the RDF subgroup has been meeting the last 3 weeks. We'll be discussing mechanism for representing the machine-readable ontology within a single XHTML document. Perhaps Peter can demonstrate online? SPDX RDF Sub-group Mtg 4 (TODAY) Tuesday Sept 28, 11AM eastern time Toll-free dial-in number (U.S. and Canada): (877) 435-0230 International dial-in number: (253) 336-6732 Conference code: 7833942033 URL to join meeting: http://blackducksoftware.na6.acrobat.com/r70154570/ Bill Schineller Knowledge Base Manager Black Duck Software Inc. T: +1.781.810.1829 F: +1.781.891.5145 E: bschineller@... http://www.blackducksoftware.com |
|
|
|
Minutes from Sept 23 SPDX call
Philip Odence
L. Philip Odence Vice President of Business Development Black Duck Software, inc. 265 Winter Street, Waltham, MA 02451 Phone: 781.810.1819, Mobile: 781.258.9502
|
|
|
|
Re: HTML Spec page weird look on spdx.org
Philip Odence
Kate is doing her best to fix it up asap.
toggle quoted message
Show quoted text
On Sep 26, 2010, at 4:44 PM, "Philippe Ombredanne" <pombredanne@...> wrote:
All: |
|
|
|
HTML Spec page weird look on spdx.org
Philippe Ombredanne
All:
this is most likely a known problem, but the draft web page for the spec at http://www.spdx.org/wiki/spdx/specification seems to be quite hard to read (many empty lines), the paragraph numbers are almost all "1", and the page is munged (the bottom is not displayed) on Firefox. -- Cordially Philippe philippe ombredanne | 1 650 799 0949 | pombredanne at nexb.com nexB - Open by Design (tm) - http://www.nexb.com |
|
|
|
Re: Spec comments and suggestions
Gary O'Neall
Good point on the copyright holder/copyright information. We could have all
toggle quoted message
Show quoted text
of the copyrights combined in one field - e.g. if a file or package has 3 copyrights A, B, and C - we could have a single copyright field of "A, B, and C". This, however, would make it difficult to parse and potentially loose information. I would be in favor or changing the cardinality to 1 or more. On the Download URL - agree with the comment. I would also add that the recently discussed optional field of a DOAP document could provide quite a bit of additional information on the package. The DOAP document includes optional fields for the following: Download-page - Mirror of software download web page. Download-mirror - Mirror of the Web page from which the project software can be downloaded. Homepage - URL of a project's homepage, associated with exactly one project. Old-homepage - URL of a project's past homepage, associated with exactly one project. Repository - Source code repository. Wiki - URL of Wiki for collaborative discussion of project. Gary -----Original Message-----
From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Jilayne Lovejoy Sent: Friday, September 24, 2010 8:31 AM To: spdx@... Subject: Spec comments and suggestions Hello All, I am getting up to speed, have taken a close look at the current spec, and have some comments noted below. 3.4 Download URL COMMENT: We may want to have some guideline as to which page is to be specified for this field, i.e. the home page or the download page where there is both or the website has many pages. 3.5 Additional Source Information COMMENT: We may want to add a guideline for this field to encourage complete information. In my experience, brief notes written by someone else (let alone myself sometimes) are sometimes incomprehensible later. While this is hard to control, requesting that people use complete sentences (with a proper subject) and minimize the use of pronouns might help ensure this information is useful and clear to the next person. Perhaps simply rewriting the example as suggested below may meet this goal. 3.5.7 Example: SourceInfo: The glibc-2.11.1 used here was obtained from git://sourceware.org/git/glibc.git. 3.6 Declared License(s) for a Package 3.6.7 Example: DeclaredLicense/DisjunctiveLicense: ________ - Add example of how this will look. This may have already been mentioned. 3.8 Declared Copyright Holder of Package 3.8.3 Cardinality: Mandatory, single instance - There is often more than one author or copyright holder, so this needs to accommodate multiple instances. 5.4 Copyright Information Detected 5.4.3 Cardinality: Mandatory, single instance - There is often more than one author or copyright holder, so this needs to accommodate multiple instances. OTHER: In several places in the spec the idea of identifying a license as either "NotSpecified" or "UnKnown" is mentioned. The current definitions of these terms in the license list are a bit unclear to me and could easily overlap. I would suggest revising them as such: NoLicense (instead of NotSpecified) = no license was found in the file or elsewhere whatsoever UnKnown = some license info was found, but it is unclear what license applies, if the license found applies, etc. - In both cases, it would be helpful to have a comment field to accompany these designations for the purpose of explaining why this conclusion was reached Cheers, Jilayne Lovejoy | Corporate Counsel jlovejoy@... 720 240 4545 | phone 720 240 4556 | fax 1 888 OpenLogic | toll free www.openlogic.com OpenLogic, Inc. Headquarters, Broomfield, Colorado 80021 _______________________________________________ Spdx mailing list Spdx@... https://fossbazaar.org/mailman/listinfo/spdx |
|
|