Date   

Re: Chime instead of Zoom, a modest proposal

John Sullivan
 

"James Bottomley" <James.Bottomley@...> writes:

Well, I'm glad you asked ... so far the most promising fully open trial
is this one:

https://bigbluebutton.org/
Yeah, FSF is running an instance that is being used to successfully
teach classes at MIT right now. We'll post more about it soon, but can
confirm that it works for 20+, with video and screen sharing. Also have
quite a bit of info at
https://libreplanet.org/wiki/Remote_Communication.

-john

--
John Sullivan | he/his/him | Executive Director and VP, Free Software Foundation
GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B
https://status.fsf.org/johns | https://fsf.org/blogs/RSS

Do you use free software? Donate to join the FSF and support freedom at
<https://my.fsf.org/join>.


Re: Chime instead of Zoom, a modest proposal

James Bottomley
 

On Mon, 2020-04-13 at 20:55 -0700, Kyle Mitchell wrote:
Others have more religious affinity for the Linux desktop.
Wow that's a blast from the early part of this millenium. Since Linux
now runs over 80% of the world's computing resources, I thought we'd
got over stigmatizing people who actually run it on their desktops.

It's not for want of others trying: my workplace keeps sending me
windows laptops, but they aren't really useful for my daily activities
and it turns out that if you don't switch them on very often, they simply stop working and eventually the capital expense isn't worth it.

But I haven't seen any libre option that stacks up to Zoom's
reliability. Other closed competitors---Hangouts
especially---never met that bar, either.
Well, I'm glad you asked ... so far the most promising fully open trial
is this one:

https://bigbluebutton.org/

But the trials are still ongoing so that's by no means the final
answer. It's actually somewhat obvious: bigbluebutton was developed
for teaching remotely in under resourced schools, so of course they
brought it up on a free (as in beer) OS because everything else was
cost prohibitive. No one's heard of it because their advertising
budget matches the available resources ...

James


Re: Chime instead of Zoom, a modest proposal

Alexios Zavras
 

The good folks at FSFE maintain a wiki page with Free Software alternatives:
https://wiki.fsfe.org/Activities/FreeSoftware4RemoteWorking

I should point out that in the SPDX calls we don't actually use video -- it's audio and screen sharing.

-- zvr

-----Original Message-----
From: Spdx-legal@... <Spdx-legal@...> On Behalf Of James Bottomley
Sent: Tuesday, 14 April, 2020 06:35
To: Kyle Mitchell <@kemitchell>
Cc: @MarkAtwood; Kate Stewart <kstewart@...>; Spdx-legal@...; spdx@...
Subject: Re: Chime instead of Zoom, a modest proposal

On Mon, 2020-04-13 at 20:55 -0700, Kyle Mitchell wrote:
Others have more religious affinity for the Linux desktop.
Wow that's a blast from the early part of this millenium. Since Linux now runs over 80% of the world's computing resources, I thought we'd got over stigmatizing people who actually run it on their desktops.

It's not for want of others trying: my workplace keeps sending me windows laptops, but they aren't really useful for my daily activities and it turns out that if you don't switch them on very often, they simply stop working and eventually the capital expense isn't worth it.

But I haven't seen any libre option that stacks up to Zoom's
reliability. Other closed competitors---Hangouts especially---never
met that bar, either.
Well, I'm glad you asked ... so far the most promising fully open trial is this one:

https://bigbluebutton.org/

But the trials are still ongoing so that's by no means the final answer. It's actually somewhat obvious: bigbluebutton was developed for teaching remotely in under resourced schools, so of course they brought it up on a free (as in beer) OS because everything else was cost prohibitive. No one's heard of it because their advertising budget matches the available resources ...

James






Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Gary Kershaw
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: Chime instead of Zoom, a modest proposal

James Bottomley
 

On Mon, 2020-04-13 at 20:31 +0000, Mark Atwood via lists.spdx.org
wrote:
Chime has clients for Win, and for Mac, it runs in Browser on Firefox
and on Chrome on all OSes, it has clients for mobile OSes, and also
has local and tollfree telephone dialin in most countries.
So no app for Linux then? As you can appreciate, a lot of us have now
been evaluating a whole range of video conference technologies and one
of the empirical rules I've been seeing is that solutions that don't
provide a Linux client usually can't provide app equivalent
functionality on the web either ... and actually there are several
solutions (cough, bluejeans, cough) that allegedly provide a linux app
but not with the full range of capability and have similar problems on
the web.

One of the things I will give zoom in the pantheon of proprietary crap
for meetings is that they have a full range of supported linux clients,
for almost every distribution you can think of, with functionality
equivalent to windows and mac.

James


Re: Chime instead of Zoom, a modest proposal

 

Jumping in randomly: would be super interested in exploring this for OpenChain if that’s on the table.

Shane 

On Apr 14, 2020, at 5:31, Mark Atwood via lists.spdx.org <atwoodm=amazon.com@...> wrote:



Hi Kate and other SPDX folk,


We have been using Zoom to provide teleconference for SPDX meetings.  In light of recent events, Zoom has  gotten very popular, and also been failing many security audits, and so many companies and governments have started banning its use.


Amazon has a service very similar to Zoom, called Amazon Chime.  Amazon Chime has 1) it's got much better security, 2) it doesn't give your personal, login, and meeting info to the adtech tracking industry, 3) it is gratis with all professional features to the end of June, and 4) as an Amazonian and this being part of my work, I can provide gratis usage to the SPDX group even after the end of June.


Chime has clients for Win, and for Mac, it runs in Browser on Firefox and on Chrome on all OSes, it has clients for mobile OSes, and also has local and tollfree telephone dialin in most countries.


So, what do you think?  Switch to Chime?  It's especially a win if we are paying for Zoom.


..m


-- 

Mark Atwood <atwoodm@...>

Principal, Open Source, Amazon


Re: Chime instead of Zoom, a modest proposal

Kyle Mitchell
 

I've used the Linux Zoom client nearly every day for a few
weeks now, and less often for several months before that.
It's been seamless for all the core talk-and-watch
functionality.

It does lag a bit behind on lesser features. For example,
some of the call-recording options on Windows and Mac still
haven't made it over to Linux. So it goes.

I don't usually attend SPDX calls, so this is just FYI. If
I do end up joining in again, I can always use a phone.
Which had sprouted six or seven different apps for VoIP,
last I checked.

Others have more religious affinity for the Linux desktop.
But I haven't seen any libre option that stacks up to Zoom's
reliability. Other closed competitors---Hangouts
especially---never met that bar, either.

--
Kyle Mitchell, attorney // Oakland // (510) 712 - 0933


Re: Chime instead of Zoom, a modest proposal

Jeremiah C. Foster
 

One of the benefits of using Zoom is its native Linux client. Does Chime offer a Linux client?

If not, I think it is kinda weird (given the year of the Linux desktop) to use something that isn't available on Linux.

Cheers,

Jeremiah

On Mon, 2020-04-13 at 15:50 -0500, Kate Stewart wrote:
Hi Mark,
     Thanks for the generous offer.  :-)  We're not paying for zoom, however I'm definitely up for doing an experiment during our spdx-tech meeting tomorrow, and if it works for the regular attendees, changing to a system with better security.

Can you send  me the details for the account to use,  and we'll do an experiment during the tech call,  and feedback to the wider group.

Thanks again!
Kate

On Mon, Apr 13, 2020 at 3:31 PM Atwood, Mark <atwoodm@...> wrote:

Hi Kate and other SPDX folk,


We have been using Zoom to provide teleconference for SPDX meetings.  In light of recent events, Zoom has  gotten very popular, and also been failing many security audits, and so many companies and governments have started banning its use.


Amazon has a service very similar to Zoom, called Amazon Chime.  Amazon Chime has 1) it's got much better security, 2) it doesn't give your personal, login, and meeting info to the adtech tracking industry, 3) it is gratis with all professional features to the end of June, and 4) as an Amazonian and this being part of my work, I can provide gratis usage to the SPDX group even after the end of June.


Chime has clients for Win, and for Mac, it runs in Browser on Firefox and on Chrome on all OSes, it has clients for mobile OSes, and also has local and tollfree telephone dialin in most countries.


So, what do you think?  Switch to Chime?  It's especially a win if we are paying for Zoom.


..m


-- 

Mark Atwood <atwoodm@...>

Principal, Open Source, Amazon




This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.


Re: Chime instead of Zoom, a modest proposal

Kate Stewart
 

Hi Mark,
     Thanks for the generous offer.  :-)  We're not paying for zoom, however I'm definitely up for doing an experiment during our spdx-tech meeting tomorrow, and if it works for the regular attendees, changing to a system with better security.

Can you send  me the details for the account to use,  and we'll do an experiment during the tech call,  and feedback to the wider group.

Thanks again!
Kate

On Mon, Apr 13, 2020 at 3:31 PM Atwood, Mark <atwoodm@...> wrote:

Hi Kate and other SPDX folk,


We have been using Zoom to provide teleconference for SPDX meetings.  In light of recent events, Zoom has  gotten very popular, and also been failing many security audits, and so many companies and governments have started banning its use.


Amazon has a service very similar to Zoom, called Amazon Chime.  Amazon Chime has 1) it's got much better security, 2) it doesn't give your personal, login, and meeting info to the adtech tracking industry, 3) it is gratis with all professional features to the end of June, and 4) as an Amazonian and this being part of my work, I can provide gratis usage to the SPDX group even after the end of June.


Chime has clients for Win, and for Mac, it runs in Browser on Firefox and on Chrome on all OSes, it has clients for mobile OSes, and also has local and tollfree telephone dialin in most countries.


So, what do you think?  Switch to Chime?  It's especially a win if we are paying for Zoom.


..m


-- 

Mark Atwood <atwoodm@...>

Principal, Open Source, Amazon


Chime instead of Zoom, a modest proposal

Mark Atwood
 

Hi Kate and other SPDX folk,


We have been using Zoom to provide teleconference for SPDX meetings.  In light of recent events, Zoom has  gotten very popular, and also been failing many security audits, and so many companies and governments have started banning its use.


Amazon has a service very similar to Zoom, called Amazon Chime.  Amazon Chime has 1) it's got much better security, 2) it doesn't give your personal, login, and meeting info to the adtech tracking industry, 3) it is gratis with all professional features to the end of June, and 4) as an Amazonian and this being part of my work, I can provide gratis usage to the SPDX group even after the end of June.


Chime has clients for Win, and for Mac, it runs in Browser on Firefox and on Chrome on all OSes, it has clients for mobile OSes, and also has local and tollfree telephone dialin in most countries.


So, what do you think?  Switch to Chime?  It's especially a win if we are paying for Zoom.


..m


-- 

Mark Atwood <atwoodm@...>

Principal, Open Source, Amazon


April General SPDX Meeting Minutes

Phil Odence
 

A great meeting with great attendance.

Please volunteer or suggest a guest speaker for next time. Anything SPDX related is fair game.

 

https://wiki.spdx.org/view/General_Meeting/Minutes/2020-04-02

 

General Meeting/Minutes/2020-04-02

General Meeting‎ | Minutes

·         Attendance: 19

·         Lead by Phil Odence

·         Minutes of April meeting

Contents

 [hide

·         1 Guest Speaker- Allan Friedman, NTIA

·         2 Tech Team Report - Kate

·         3 Legal Team Report - Steve

·         4 Outreach Team Report - Jack

·         5 Cross Functional -

·         6 Attendees

Guest Speaker- Allan Friedman, NTIA[edit]

·         NTIA’s Multistakeholder SBOM Process

·         Concerns about software supply chain risks have garnered more attention and energy in the OSS community, industry, and governments around the world. One natural starting point is a greater expectation of transparency of software components and dependencies. Any solution must scale up and down the software supply chain, and across the incredibly diverse software ecosystem, from modern CI/CD application development to critical infrastructure and embedded systems. Over the past two years, NTIA has helped a diverse set of stakeholders find a common vision for a "software bill of materials" (SBOM) that has the potential to scale as needed, and serve as a foundation for even more innovation around software supply chain security and quality. The SPDX community has played a key role in this discussion, and emerged as a key standard. This presentation will give an overview of the policy landscape, the progress made, and the work yet to be done around SBOM. 

·         Allan’s slides  https://drive.google.com/open?id=1KOsm6grnSZ5FsSnzTI9ybYT9m84F8Zfe

Tech Team Report - Kate[edit]

·         Spec

·         Wrapping up 2.2 spec

·         Known unknowns made it in

·         3.0 Visions

·         William Bartholomew’s talk about profiles was great (and recorded)

·         Tools

·         Gary’s been working on 2.2 tooling

·         Requiring a complete rewrite to the java tools

·         Not API compatible

·         Google SoC

·         15 different submissions

·         Google is looking for additional mentors on each project

·         So, we need more mentors; contact Gary

Legal Team Report - Steve[edit]

·         Finalized updates to license inclusion principles

·         Mostly clarifications

·         But also to broaden a bit for non-OSS source available licenses

·         https://github.com/spdx/license-list-XML/blob/master/DOCS/license-inclusion-principles.md

·         3.9 list release has been pushed out a bit

·         Were waiting for above

·         https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+milestone%3A%223.9+release%22

·         In anticipation of 3.0 working on a licensing profile

·         With Tech Team, updating back end of SPDX website to manage move from Drupal to Wordpress

·         Maintaining license URLs

·         Static pages moving do a different domain.

 

Outreach Team Report - Jack[edit]

·         Will be looking for help to update content for Website as per above

·         Documenting comprehensive list of SPDX-related tooling

Cross Functional -[edit]

·         None

Attendees[edit]

·         Phil Odence, Black Duck/Synopsys

·         Alan Friedman, NTIA

·         Rose Judge, VMware

·         Steve Winslow, LF

·         Kate Stewart, Linux Foundation

·         Alexios Zavras, Intel

·         Jack Manbeck, TI

·         Jim Hutchison, Qualcomm

·         William Bartholomew, GitHub

·         Dave McLoughlin, Flexera

·         Michael Herzog- nexB

·         Alex Rybak, Flexera

·         Gary O’Neall, SourceAuditor

·         Paul Madick

·         Brad Goldring, GTC Law

·         David Wheeler, Linux Foundation

·         Mike Dolan, Linux Foundation

·         Bob Campbell, DXC

·         Mark Atwood, Amazon

 


Thursday's SPDX General Meeting Reminder - Including Special Guest Star

Phil Odence
 

We’ll be pleased to welcome “professor-turned-technocrat” Allan Friedman, the Director of Cybersecurity at NTIA. He is at the center of NTIA’s effort to standard a software BOM and an SPDX fan. This is a great opportunity to understand this important work and where we fit. (Details on Allan and his talk below the agenda.)

 

GENERAL MEETING

 

Meeting Time: Thurs, April 2, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html


Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

 

Administrative Agenda

Attendance

Minutes Approval:   

 

Guest Presentation – Allan Friedman

 

Technical Team Report – Kate/Gary

 

Legal Team Report – Jilayne/Paul/Steve

 

Outreach Team Report – Jack

 

Any Cross Functional Issues –All

 

 Concerns about software supply chain risks have garnered more attention and energy in the OSS community, industry, and governments around the world. One natural starting point is a greater expectation of transparency of software components and dependencies. Any solution must scale up and down the software supply chain, and across the incredibly diverse software ecosystem, from modern CI/CD application development to critical infrastructure and embedded systems. Over the past two years, NTIA has helped a diverse set of stakeholders find a common vision for a "software bill of materials" (SBOM) that has the potential to scale as needed, and serve as a foundation for even more innovation around software supply chain security and quality. The SPDX community has played a key role in this discussion, and emerged as a key standard. This presentation will give an overview of the policy landscape, the progress made, and the work yet to be done around SBOM. 

 

Allan Friedman is Director of Cybersecurity at National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA's multistakeholder processes on cybersecurity, focusing on addressing vulnerabilities in IoT and across the software world. Prior to joining the Federal Government, Friedman spent over 15 years as a noted InfoSec and tech policy scholar at Harvard's Computer Science Department, the Brookings Institution and George Washington University's Engineering School. He is the co-author of the popular text 'Cybersecurity and Cyberwar: What Everyone Needs to Know,' has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University, and is quite friendly for a failed professor-turned-technocrat.

 


SPDX License List inclusion principles and 3.9 release

Steve Winslow
 

Hello all,

Following from Jilayne's email earlier this month, the legal team has now finalized and posted the update to the license inclusion principles for the SPDX License List. The updated principles can be found at:


As a result of the update, we will be shifting the date for the next release of the License List (version 3.9) from the end of March to the end of April. This will provide a window for recent submissions -- as well as the backlog of older submissions that relate to this update -- to be considered for inclusion under the new guidelines for the next release.

I would encourage folks to review the open issues that are listed for consideration in 3.9, and to weigh in with comments on whether they should be added under the updated guidelines. You can see the issues tagged for 3.9 at:


Even if you aren't familiar enough with the License List's XML format to create XML files for actually adding licenses, input is welcome on the baseline question of whether or not the submitted licenses are appropriate to add to the list.

Hope everyone is staying safe and healthy. Best,
Steve

--
Steve Winslow
Director of Strategic Programs
The Linux Foundation


SPDX legal team call tomorrow

J Lovejoy
 

Hi all,

The SPDX legal team has its regular bi-weekly call tomorrow, Thursday at noon, Eastern Daylight Savings time (note: The US moved our clocks forward, but I believe the UK and Europe has yet to do that, so time diff may still be an hour different from usual).

As noted in the email below - we will be finalizing the new license inclusion guidelines! https://github.com/spdx/license-list-XML/pull/990

Dial-in info below, in case you don’t have the invite on your calendar.

Thanks,
Jilayne
SPDX legal team co-lead

Join Zoom Meeting: https://zoom.us/j/611416785
Meeting ID: 611 416 785

One tap mobile:
+16465588656,,611416785# US (New York)
+16699006833,,611416785# US (San Jose)

Dial by your location:
+1 646 558 8656 US (New York)
+1 669 900 6833 US (San Jose
877 369 0926 US Toll-free
855 880 1246 US Toll-free
+1 647 558 0588 Canada
855 703 8985 Canada Toll-free

Meeting ID: 611 416 785

Find your local number: https://zoom.us/u/aceZFvRyln

On Mar 12, 2020, at 1:59 PM, J Lovejoy <opensource@...> wrote:

Hi all,

I’m sending this to both the legal and general mailing lists to ensure greatest visibility. The legal team has come up with a final draft of the license inclusion guidelines based on various conversations and feedback over the past 8 months of intermittent discussion.

The pull request representing this draft is located here: https://github.com/spdx/license-list-XML/pull/990

We are looking to provide another two weeks for review and comment and then finalize and publish this. Please do comment either on the PR, the issue below or the legal team mailing list. (including +1 if you think it’s all good!)

The issue where some of the discussion has taken place is here: https://github.com/spdx/license-list-XML/issues/925

Thanks!

Jilayne
SPDX legal team co-lead


Re: SPDX License List license inclusion guidelines

J Lovejoy
 

Hi Kyle,

Thanks for having a look.

As to your question: we had a discussion on one of the many calls we discussed this topic and ran the hypothetical of what if there were no “rules” or the rules were very relaxed. One extreme might look like this: anyone can add a license, any time and the SPDX License List becomes bloated and so long that nothing is reliable any more - we’d end up with duplicate licenses (b/c no one was minding the Matching Guidelines), duplicate ids (the horror!) etc. It would certainly lose it’s value.

If there is something we can amend on the current proposal, then there has been plenty of opportunity to say so, and there is still (a little) time. The proposed revision substantially relaxes the previous guidelines - as you well know. there are a number of licenses in the queue that we’ve put on hold knowing that if we changed the guidelines, they would be easy submissions. We also made some obvious things explicit like not adding a license that would match an existing license - we probably all assumed that one, but it wasn’t actually written down!

I’m still unclear as to what the actual issue and suggestion is out of this thread.

Thanks,
Jilayne

On Mar 13, 2020, at 4:25 PM, Kyle Mitchell <@kemitchell> wrote:

All,

I am both impressed by the work Jilayne and others have put
into the guidelines, and in strong sympathy with the general
thrust Philippe reports from the conference. I didn't go to
FOSDEM, but judging from Philippe's notes, I wouldn't have
had much else to add.

I keep returning to the _why_ behind rules and proposed
rules. Is the overbearing issue, from the SPDX-side point
of view, still too many license submissions, too fast to
handle?

--
Kyle Mitchell, attorney // Oakland // (510) 712 - 0933


Re: SPDX License List license inclusion guidelines

Kyle Mitchell
 

All,

I am both impressed by the work Jilayne and others have put
into the guidelines, and in strong sympathy with the general
thrust Philippe reports from the conference. I didn't go to
FOSDEM, but judging from Philippe's notes, I wouldn't have
had much else to add.

I keep returning to the _why_ behind rules and proposed
rules. Is the overbearing issue, from the SPDX-side point
of view, still too many license submissions, too fast to
handle?

--
Kyle Mitchell, attorney // Oakland // (510) 712 - 0933


Re: Is an UNCOPYRIGHTABLE License (or keyword) needed? #poll

Jeremiah C. Foster
 

> +1 from me on everything David said (quoted below for convenience)

+1


Re: Is an UNCOPYRIGHTABLE License (or keyword) needed? #poll

Matija Šuklje
 

+1 from me on everything David said (quoted below for convenience)

cheers,
Matija

On četrtek, 12. marec 2020 22:19:38 CET, David A. Wheeler wrote:
I would prefer another option NOT in the poll (and thus have not voted): Treat it as just another license statement. There are multiple ways this kind of “uncopyrightable” assertion is made, and I think that specific form should be captured as a license statement.

New entries should be created for at least the “CC Public Domain Mark” and the situation where someone in the US government does it as part of official duties & doesn’t claim a copyright. There’s a discussion going on here:
https://github.com/spdx/license-list-XML/issues/988

Treating it like “everything else” means there are no special cases for SPDX, *and* you get finer-grained information.

For those who object & say that “there is no license”, well, “license” is just synonym for “permission”, and in this case the permission is granted by the way the legal systems work. So it’s a permission granted by the underlying mechanisms of law ☺. I think the *users* of SPDX will appreciate the simplicity of *not* needing another special case.
--
gsm: tel:+386.41.849.552
www: https://matija.suklje.name
xmpp: matija.suklje@...
sip: matija_suklje@...


Re: SPDX License List license inclusion guidelines

Philippe Ombredanne
 

Hi Jilayne:

On Thu, Mar 12, 2020 at 12:59 PM J Lovejoy <opensource@...> wrote:
I’m sending this to both the legal and general mailing lists to ensure
greatest visibility. The legal team has come up with a final draft of the
license inclusion guidelines based on various conversations and feedback
over the past 8 months of intermittent discussion.
The pull request representing this draft is located here:
https://github.com/spdx/license-list-XML/pull/990
On January 31st a compliance tooling meeting and hackathon took place
in Brussels before FOSDEM [1]. One of the session topics was SPDX.
Everyone there agreed that SPDX license inclusion criteria should be
relaxed.

Adding more restrictions and filters is IMHO counterproductive in several ways:
- it requires more work to apply these restrictions and filters
- more work means fewer licenses are added
- as a shared "vocabulary" the utility function of the license list is
directly related to the number of "words" we can use.

Restricting the number of words in the license vocabulary only means
that these words cannot be used in shared conversation about licenses.

But these licenses still exist, so the restrictions impact mostly the
usefulness and expressiveness of SPDX, especially in the more common
cases where license expressions are used without an SPDX document.

This could increasingly make the SPDX License list irrelevant if it is
missing important license vocabulary. The existing and proposed license
inclusion criteria seem counterproductive and likely to subtract value from
SPDX.

The community does not need SPDX to police or enforce OSS license
"purity" via the license list. Instead there should be fewer barriers
to adding new licenses to the list in order to optimize the utility of
the SPDX license list and the number of common licenses SPDX
expressions can deal with.

Since SPDX does not interpret license conditions, the inclusion
guidelines should be loosened to include commonly-used and public
licenses without an OSS litmus test (e.g. free proprietary licenses).
This will become more important for SPDX as more organizations become
more focused on compliance and are looking for a way to account for
all licenses detected from scans or other analysis.

[1] https://docs.google.com/document/d/1UphruKKAlsoUEidPCwTF2LCcHFnQkvQCQ9luTXfDupw/edit#
--
Cordially
Philippe Ombredanne


Re: Is an UNCOPYRIGHTABLE License (or keyword) needed? #poll

David A. Wheeler
 

> A new poll has been created…

I would prefer another option NOT in the poll (and thus have not voted): Treat it as just another license statement. There are multiple ways this kind of “uncopyrightable” assertion is made, and I think that specific form should be captured as a license statement.

 

New entries should be created for at least the “CC Public Domain Mark” and the situation where someone in the US government does it as part of official duties & doesn’t claim a copyright. There’s a discussion going on here:

https://github.com/spdx/license-list-XML/issues/988

 

Treating it like “everything else” means there are no special cases for SPDX, *and* you get finer-grained information.

 

For those who object & say that “there is no license”, well, “license” is just synonym for “permission”, and in this case the permission is granted by the way the legal systems work. So it’s a permission granted by the underlying mechanisms of law J.  I think the *users* of SPDX will appreciate the simplicity of *not* needing another special case.

 

 

From: spdx@... <spdx@...> On Behalf Of michael.kaelbling@...
Sent: Friday, March 6, 2020 5:51 AM
To: spdx@...
Subject: [spdx] Is an UNCOPYRIGHTABLE License (or keyword) needed? #poll

 

The U.S. Copyright Office considers some works uncopyrightable "because they contain an insufficient amount of authorship", e.g. "words and short phrases ... titles ... names", "mere listing of ... contents, or a simple set of directions...", and  blank forms  (https://www.copyright.gov/circs/circ33.pdf). 

SPDX-License-Identifier: NONE and SPDX-CopyrightText: NONE state that there is no license or copyright statement, but do not say that none is needed or possible.

SPDX-License-Identifer: NOASSERTION and SPDX-CopyrightText: NOASSERTION is similarly inappropriate.

A REUSE.software scan will produce false-positives if it has no way to distinguish the case of uncopyrightable material.  This issue came up because my group has empty files (placeholders) and blank forms (templates) in OSS.  Since we require a clean scan on each build, we have to maintain a workaround to eliminate the false positives.
-----
My apologies if you find this poll inappropriate: I thought I had submitted this concern weeks ago as a message, but I am now unable to find it -- nor have I got any response. Therefore I am taking this route to get my question addressed.

1. Yes - an UNCOPYRIGHTABLE License is needed
2. Yes - an UNCOPYRIGHTABLE keyword is needed
3. No
4. No - simply claim an unenforceable copyright and license

Vote Now


SPDX License List license inclusion guidelines

J Lovejoy
 

Hi all,

I’m sending this to both the legal and general mailing lists to ensure greatest visibility. The legal team has come up with a final draft of the license inclusion guidelines based on various conversations and feedback over the past 8 months of intermittent discussion.

The pull request representing this draft is located here: https://github.com/spdx/license-list-XML/pull/990

We are looking to provide another two weeks for review and comment and then finalize and publish this. Please do comment either on the PR, the issue below or the legal team mailing list. (including +1 if you think it’s all good!)

The issue where some of the discussion has taken place is here: https://github.com/spdx/license-list-XML/issues/925

Thanks!

Jilayne
SPDX legal team co-lead