Feels like this should go to spdx-legal@... and the Subject line should change to indicate the change of subject ?

Steve

From: <RUFFIN>, "MICHEL (MICHEL)" <michel.ruffin@...>
Date: Friday, June 22, 2012 6:42 AM
To: "Soeren_Rabenstein@..." <Soeren_Rabenstein@...>, "jilayne.lovejoy@..." <jilayne.lovejoy@...>, "gary@..." <gary@...>, "peter.williams@..." <peter.williams@...>
Cc: "spdx-tech@..." <spdx-tech@...>, "spdx@..." <spdx@...>
Subject: RE: Import and export function of SPDX

Before answering this, we need to determine in which group/mailing list we need to discuss this subject, I do not want to bother people not interested by this. Can we continue with SPDX list should we create a different list? I would prefer this second option. Martin would it be possible to create a “FOSS governance process” mailing list in the framework of FOSSBazaar which I think would be the best solution

 

Now if you look at the ALU definition of FOSS your definition cover only a part of the i) definition, there are a lot of software coming with an open source like license which is not OSI compliant, for instance beerware license How do you cope with theses? The ii) (EULA licenses): Sun/oracle binary license, Oracle OTN licenses, google licenses, adobe licenses, … are a huge set of licenses. In a contractual context they need to be treated the same way. Please note we are not discussing here what is an open source (I know there are two major definitions, the FSF one with 4 freedoms and the OSI one with 10 criteria) but what we should put in contracts.

 

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

---

De : Soeren_Rabenstein@... [mailto:Soeren_Rabenstein@...]
Envoyé : vendredi 22 juin 2012 15:03
À : RUFFIN, MICHEL (MICHEL); jilayne.lovejoy@...; gary@...; peter.williams@...
Cc : spdx-tech@...; spdx@...
Objet : AW: Import and export function of SPDX

 

Hello Michel and others

 

In our standard FOSS contract clauses (which I am willing to share too, once we determined that this (or ftf, or any other network) is the appropriate forum for it) the FOSS-definition is also rather broad, but exemplarily refers to the OSI approved licenses. The definition reads as follows:

 

“Free Open Source Software” or “FOSS” shall mean a copyrighted work that is licensed under any of the licenses listed under www.opensource.org/licenses or any similar open source, free software or community license  (“FOSS License”).

 

Btw: It seems I have been dropped from the list of persons allowed to post here (so not sure if this mail will even make it the mailing list). Can someone help on this?

 

 

Mit freundlichen Grüßen / Kind regards

 

Sören Rabenstein

 

____________________________________________________________

 

ASUS Computer GmbH

 

Sören Rabenstein, LL.M.
Legal Affairs Center
Harkortstr. 21-23, 40880 Ratingen
Tel.: (+49) 2102 5609 317
Fax.: (+49) 2102 5609 309
soeren_rabenstein@...
____________________________________________________________

 

 

 

Von: spdx-bounces@... [mailto:spdx-bounces@...] Im Auftrag von RUFFIN, MICHEL (MICHEL)
Gesendet: Freitag, 22. Juni 2012 13:23
An: Jilayne Lovejoy; Gary O'Neall; Peter Williams
Cc: spdx-tech@...; spdx@...
Betreff: RE: Import and export function of SPDX

 

For the definition of FOSS (free and/or open source software (free is for free of cost here)) that we provide it is of course in the context of a contract negotiation. It is everything that do not go through a procurement department, i.e. coming with an implicit license: a click to accept EULA, an OSI compliant license or similar, + shareware and of course public domain. This definition is now accepted without discussion by most of our suppliers because it is quite clear (we had a lot of revisions before coming to this definition). Note that we use this definition internally in ALU for our FOSS governance process.

 

A comment on licenses, what I find confusing in the SPDX standard is the numbering of BSD licenses for instance the BSD 4 clause is in fact the original BSD license and I would have call it BSD1. But that’s not very important. What is important is to stabilize this taxonomy because we cannot change every year the content of our FOSS database, our internal FOSs governance process documents (around 80 pages), our internal tutorials (170 slides), our requests to suppliers, an update of the knowledge of our FOSs experts, etc.

 

Michel.Ruffin@..., PhD

Software Coordination Manager, Bell Labs, Corporate CTO Dpt

Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94

Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620Nozay, France

 

 

-----Message d'origine-----
De : Jilayne Lovejoy [mailto:jilayne.lovejoy@...]
Envoyé : vendredi 22 juin 2012 01:33
À : RUFFIN, MICHEL (MICHEL); Gary O'Neall; Peter Williams
Cc : spdx-tech@...; spdx@...
Objet : Re: Import and export function of SPDX

 

(Apologies for falling off this exchange - had some other things come up

and am now getting caught up with various responses - lots of great

discussion, though!)

 

On 6/13/12 9:34 AM, "RUFFIN, MICHEL (MICHEL)"

<michel.ruffin@...> wrote:

 

>So far our FOSS clauses are not aligned on the SPDX standard (we are

>already happy when suppliers can comply to our requirements without too

>much discussion so we did not formalize things too much)

 

One thing I noticed immediately about your clauses is the definition of

FOSS - which is quite broad.  While I can understand why it might make

sense to use a broad definition for contracts, it includes some categories

of software (e.g. (ii) and (iii) in your definition) that other

people/parties might not consider "FOSS."  In terms of the SPDX License

List, for example, I believe (if memory serves) that we discussed to what

"kinds" of licenses should be included on the list and an argument against

including, what I would refer to as "freeware" licenses (usually under

some kind of click-through EULA that more resembles a more traditional,

restrictive IP license, than open source) should not be on the list.

I don't know if this definition's breadth would necessarily create a

conflict in practical reality or not, but thought I'd at least point it

out...

 

 

> 

>What we request is the name of FOSS, the name of the license if it is OSI

>compliant, or a copy of the license if it is not, the nature of the FOSS:

>is it a library, a standalone software, an interpreter, ... in order to

>determine if there is some potential contamination as with GPL.

> 

>Now we have already aligned our database on the SPDX taxonomy for naming

>licenses, we will soon ask our suppliers to align on this taxonomy. I

>have already prepared a document (in copy) to distribute to our suppliers

>and partners on SPDX.

 

Thanks for sharing this.  Really great to hear that you have adopted the

SPDX License List already.  I'm not sure if you or anyone from your team

is on the legal work group mailing list, but that may be helpful to stay

on top of issues/updates/discussion there.  (for example, a new version of

the license list was just uploaded this week :)

 

Jilayne

 

Jilayne Lovejoy |  Corporate Counsel

OpenLogic, Inc.

 

jlovejoy@...

<applewebdata://EAA1F861-B11E-4827-976F-55756901A796/jlovejoy@...

>  |  720 240 4545

 

 

 

 

> 

> 

>-----Message d'origine-----

>De : Jilayne Lovejoy [mailto:jilayne.lovejoy@...]

>Envoyé : mercredi 13 juin 2012 16:08

>À : RUFFIN, MICHEL (MICHEL); Gary O'Neall; Peter Williams

>Cc : spdx-tech@...; spdx@...

>Objet : Re: Import and export function of SPDX

> 

>Hi Michel,

> 

>Thanks again for sharing your information.  In regards to your posting (to

>both this group and the FSF legal network) about the legal clauses, I have

>noticed this and apologize as well for not responding sooner (it's still

>in my inbox as a to-do item, sadly).  In any case, a couple thoughts.  It

>is my understanding from your previous email(s), that you'd like to see

>some kind of FOSS-related legal clause resource, is that correct?  At the

>moment, this is not within the scope of SPDX (albeit a great idea

>generally!).  This is probably something that could be discussed further

>in terms of something to consider tackling in the longer-term road map.

> 

>More specifically, your "list of FOSS" clause (a)(ii), you require the

>name of the license, license text, and whether it is OSI certified or not.

> This is all information capture in the SPDX License List.  Do you have an

>internal list as well?  If so, it would be great to discuss aligning any

>licenses on your list for potential inclusion on the SPDX License List, if

>not already included there and otherwise coordinating.

> 

>Cheers,

> 

>Jilayne Lovejoy |  Corporate Counsel

>jlovejoy@...  |  720 240 4545

>Twitter @jilaynelovejoy

> 

>OpenLogic, Inc.

>10910 W 120th Ave, Suite 450

>Broomfield, Colorado 80021

>www.openlogic.com

>Twitter @openlogic @cloudswing

> 

> 

> 

> 

>On 6/13/12 6:45 AM, "RUFFIN, MICHEL (MICHEL)"

><michel.ruffin@...> wrote:

> 

>>Gary, I think in my previous mail I expressed our use case:

>>1) getting information from our suppliers on FOSS included in their

>>products in order to respect license obligations and to provide this to

>>our customers

>>2) automate the work of ALU for accepting this FOSS in our products

>>3) being able to provide the same information to our customers.

>> 

>>I think it is covered by actual use cases, if not I can do a new one.

>> 

>>Now I would like to attract your attention on a document that I sent few

>>months ago to this mailing list and also to the FSF legal network group.

>>Which are the clauses that we put in the contracts with our suppliers and

>>their rationnal. The goal is to standardize these clauses and I receive

>>no feedback from anybody on this.

>> 

>>This should illustrate the use case. And I understand that I should use

>>the FSF legal network to discuss this. But I am very surprised that there

>>is no reaction/interest in this. It has been a huge ALU effort to shape

>>these conditions in order to reach acceptance to these conditions by most

>>companies.

>> 

>>Michel.Ruffin@..., PhD

>>Software Coordination Manager, Bell Labs, Corporate CTO Dpt

>>Distinguished Member of Technical Staff

>>Tel +33 (0) 6 75 25 21 94

>>Alcatel-Lucent International, Centre de Villarceaux

>>Route De Villejust, 91620Nozay, France

>> 

>> 

>>-----Message d'origine-----

>>De : Gary O'Neall [mailto:gary@...]

>>Envoyé : mardi 12 juin 2012 19:29

>>À : 'Peter Williams'; RUFFIN, MICHEL (MICHEL)

>>Cc : spdx-tech@...; spdx@...

>>Objet : RE: Import and export function of SPDX

>> 

>>I believe the current SPDX tools will treat both RDF and Tag/Value in the

>>same manner - the documents will be readable by the tools but it will

>>fail a

>>validation (missing required field).  For the command line tools, the

>>conversions or pretty printing will still work but you will get warning.

>> 

>>In terms of making the fields optional - I can see this as a valuable

>>change

>>for some of the use cases where that information is not available.  There

>>is

>>need to make sure the components described in the SPDX file match the

>>actual

>>file artifacts, but that need can be filled by the per-file information.

>> 

>>Michel - Which use case best describes your use of SPDX

>>(http://spdx.org/wiki/spdx-20-use-cases).  If there isn't a good

>>representation of your use case(s), could you provide a brief

>>description?

>>I want to make sure we cover this when working on SPDX 2.0.

>> 

>>Thanks,

>>Gary

>> 

>>-----Original Message-----

>>From:spdx-tech-bounces@...

>>[mailto:spdx-tech-bounces@...] On Behalf Of Peter Williams

>>Sent: Tuesday, June 12, 2012 9:27 AM

>>To: RUFFIN, MICHEL (MICHEL)

>>Cc: spdx-tech@...; spdx@...

>>Subject: Re: Import and export function of SPDX

>> 

>>On Tue Jun 12 06:02:03 2012, RUFFIN, MICHEL (MICHEL) wrote:

>>> We have an issue with 2 fields that do not exist in our database.: the

>>> name of the archive file and the checksum. In the SPDX standard they

>>> are mandatory and I do not see why would it be possibly to make them

>>> optional?

>> 

>>I think making those fields optional would be advantageous. Would you

>>mind

>>filing a bug[1] so that we don't forget to look into the issue for the

>>next

>>version.

>> 

>>As for your immediate issues of not having data for those fields, if you

>>are

>>using RDF i'd just skip them altogether in the SPDX file. While your file

>>will technically be invalid all reasonable SPDX consumers will not have a

>>problem with that information being absent unless they need it to

>>accomplish

>>their goal. (In which case they cannot use your SPDX files, anyway.) If

>>you

>>are using the tag-value format skipping the fields altogether will, i

>>think,

>>prove problematic due to that format's stricter syntactic constraints.

>>(Kate

>>or Gary, can you confirm this?)

>> 

>>[1]:

>>https://bugs.linuxfoundation.org/enter_bug.cgi?product=SPDX&component=Spe

>>c

>> 

>>Peter

>> 

>>PS: I am cc-ing the technical working group because it's participants are

>>best suited to answer these sorts of issues.

>> 

>>_______________________________________________

>>Spdx-tech mailing list

>>Spdx-tech@...

>>https://lists.spdx.org/mailman/listinfo/spdx-tech

>> 

>> 

> 

> 

 

 

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx

Feels like this should go to spdx-legal@... and the Subject line should change to indicate the change of subject ?

 

Steve

 

From: <RUFFIN>, "MICHEL (MICHEL)" <michel.ruffin@...>
Date: Friday, June 22, 2012 6:42 AM
To: "Soeren_Rabenstein@..." <Soeren_Rabenstein@...>, "jilayne.lovejoy@..." <jilayne.lovejoy@...>, "gary@..." <gary@...>, "peter.williams@..." <peter.williams@...>
Cc: "spdx-tech@..." <spdx-tech@...>, "spdx@..." <spdx@...>
Subject: RE: Import and export function of SPDX

 

Before answering this, we need to determine in which group/mailing list we need to discuss this subject, I do not want to bother people not interested by this. Can we continue with SPDX list should we create a different list? I would prefer this second option. Martin would it be possible to create a “FOSS governance process” mailing list in the framework of FOSSBazaar which I think would be the best solution

 

Now if you look at the ALU definition of FOSS your definition cover only a part of the i) definition, there are a lot of software coming with an open source like license which is not OSI compliant, for instance beerware license How do you cope with theses? The ii) (EULA licenses): Sun/oracle binary license, Oracle OTN licenses, google licenses, adobe licenses, … are a huge set of licenses. In a contractual context they need to be treated the same way. Please note we are not discussing here what is an open source (I know there are two major definitions, the FSF one with 4 freedoms and the OSI one with 10 criteria) but what we should put in contracts.

 

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

---

De : Soeren_Rabenstein@... [mailto:Soeren_Rabenstein@...]
Envoyé : vendredi 22 juin 2012 15:03
À : RUFFIN, MICHEL (MICHEL); jilayne.lovejoy@...; gary@...; peter.williams@...
Cc : spdx-tech@...; spdx@...
Objet : AW: Import and export function of SPDX

 

Hello Michel and others

 

In our standard FOSS contract clauses (which I am willing to share too, once we determined that this (or ftf, or any other network) is the appropriate forum for it) the FOSS-definition is also rather broad, but exemplarily refers to the OSI approved licenses. The definition reads as follows:

 

“Free Open Source Software” or “FOSS” shall mean a copyrighted work that is licensed under any of the licenses listed under www.opensource.org/licenses or any similar open source, free software or community license  (“FOSS License”).

 

Btw: It seems I have been dropped from the list of persons allowed to post here (so not sure if this mail will even make it the mailing list). Can someone help on this?

 

 

Mit freundlichen Grüßen / Kind regards

 

Sören Rabenstein

 

____________________________________________________________

 

ASUS Computer GmbH

 

Sören Rabenstein, LL.M.
Legal Affairs Center
Harkortstr. 21-23, 40880 Ratingen
Tel.: (+49) 2102 5609 317
Fax.: (+49) 2102 5609 309
soeren_rabenstein@...
____________________________________________________________

 

 

 

Von: spdx-bounces@... [mailto:spdx-bounces@...] Im Auftrag von RUFFIN, MICHEL (MICHEL)
Gesendet: Freitag, 22. Juni 2012 13:23
An: Jilayne Lovejoy; Gary O'Neall; Peter Williams
Cc: spdx-tech@...; spdx@...
Betreff: RE: Import and export function of SPDX

 

For the definition of FOSS (free and/or open source software (free is for free of cost here)) that we provide it is of course in the context of a contract negotiation. It is everything that do not go through a procurement department, i.e. coming with an implicit license: a click to accept EULA, an OSI compliant license or similar, + shareware and of course public domain. This definition is now accepted without discussion by most of our suppliers because it is quite clear (we had a lot of revisions before coming to this definition). Note that we use this definition internally in ALU for our FOSS governance process.

 

A comment on licenses, what I find confusing in the SPDX standard is the numbering of BSD licenses for instance the BSD 4 clause is in fact the original BSD license and I would have call it BSD1. But that’s not very important. What is important is to stabilize this taxonomy because we cannot change every year the content of our FOSS database, our internal FOSs governance process documents (around 80 pages), our internal tutorials (170 slides), our requests to suppliers, an update of the knowledge of our FOSs experts, etc.

 

Michel.Ruffin@..., PhD

Software Coordination Manager, Bell Labs, Corporate CTO Dpt

Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94

Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620Nozay, France

 

 

-----Message d'origine-----
De : Jilayne Lovejoy [mailto:jilayne.lovejoy@...]
Envoyé : vendredi 22 juin 2012 01:33
À : RUFFIN, MICHEL (MICHEL); Gary O'Neall; Peter Williams
Cc : spdx-tech@...; spdx@...
Objet : Re: Import and export function of SPDX

 

(Apologies for falling off this exchange - had some other things come up

and am now getting caught up with various responses - lots of great

discussion, though!)

 

On 6/13/12 9:34 AM, "RUFFIN, MICHEL (MICHEL)"

<michel.ruffin@...> wrote:

 

>So far our FOSS clauses are not aligned on the SPDX standard (we are

>already happy when suppliers can comply to our requirements without too

>much discussion so we did not formalize things too much)

 

One thing I noticed immediately about your clauses is the definition of

FOSS - which is quite broad.  While I can understand why it might make

sense to use a broad definition for contracts, it includes some categories

of software (e.g. (ii) and (iii) in your definition) that other

people/parties might not consider "FOSS."  In terms of the SPDX License

List, for example, I believe (if memory serves) that we discussed to what

"kinds" of licenses should be included on the list and an argument against

including, what I would refer to as "freeware" licenses (usually under

some kind of click-through EULA that more resembles a more traditional,

restrictive IP license, than open source) should not be on the list.

I don't know if this definition's breadth would necessarily create a

conflict in practical reality or not, but thought I'd at least point it

out...

 

 

> 

>What we request is the name of FOSS, the name of the license if it is OSI

>compliant, or a copy of the license if it is not, the nature of the FOSS:

>is it a library, a standalone software, an interpreter, ... in order to

>determine if there is some potential contamination as with GPL.

> 

>Now we have already aligned our database on the SPDX taxonomy for naming

>licenses, we will soon ask our suppliers to align on this taxonomy. I

>have already prepared a document (in copy) to distribute to our suppliers

>and partners on SPDX.

 

Thanks for sharing this.  Really great to hear that you have adopted the

SPDX License List already.  I'm not sure if you or anyone from your team

is on the legal work group mailing list, but that may be helpful to stay

on top of issues/updates/discussion there.  (for example, a new version of

the license list was just uploaded this week :)

 

Jilayne

 

Jilayne Lovejoy |  Corporate Counsel

OpenLogic, Inc.

 

jlovejoy@...

<applewebdata://EAA1F861-B11E-4827-976F-55756901A796/jlovejoy@...

>  |  720 240 4545

 

 

 

 

> 

> 

>-----Message d'origine-----

>De : Jilayne Lovejoy [mailto:jilayne.lovejoy@...]

>Envoyé : mercredi 13 juin 2012 16:08

>À : RUFFIN, MICHEL (MICHEL); Gary O'Neall; Peter Williams

>Cc : spdx-tech@...; spdx@...

>Objet : Re: Import and export function of SPDX

> 

>Hi Michel,

> 

>Thanks again for sharing your information.  In regards to your posting (to

>both this group and the FSF legal network) about the legal clauses, I have

>noticed this and apologize as well for not responding sooner (it's still

>in my inbox as a to-do item, sadly).  In any case, a couple thoughts.  It

>is my understanding from your previous email(s), that you'd like to see

>some kind of FOSS-related legal clause resource, is that correct?  At the

>moment, this is not within the scope of SPDX (albeit a great idea

>generally!).  This is probably something that could be discussed further

>in terms of something to consider tackling in the longer-term road map.

> 

>More specifically, your "list of FOSS" clause (a)(ii), you require the

>name of the license, license text, and whether it is OSI certified or not.

> This is all information capture in the SPDX License List.  Do you have an

>internal list as well?  If so, it would be great to discuss aligning any

>licenses on your list for potential inclusion on the SPDX License List, if

>not already included there and otherwise coordinating.

> 

>Cheers,

> 

>Jilayne Lovejoy |  Corporate Counsel

>jlovejoy@...  |  720 240 4545

>Twitter @jilaynelovejoy

> 

>OpenLogic, Inc.

>10910 W 120th Ave, Suite 450

>Broomfield, Colorado 80021

>www.openlogic.com

>Twitter @openlogic @cloudswing

> 

> 

> 

> 

>On 6/13/12 6:45 AM, "RUFFIN, MICHEL (MICHEL)"

><michel.ruffin@...> wrote:

> 

>>Gary, I think in my previous mail I expressed our use case:

>>1) getting information from our suppliers on FOSS included in their

>>products in order to respect license obligations and to provide this to

>>our customers

>>2) automate the work of ALU for accepting this FOSS in our products

>>3) being able to provide the same information to our customers.

>> 

>>I think it is covered by actual use cases, if not I can do a new one.

>> 

>>Now I would like to attract your attention on a document that I sent few

>>months ago to this mailing list and also to the FSF legal network group.

>>Which are the clauses that we put in the contracts with our suppliers and

>>their rationnal. The goal is to standardize these clauses and I receive

>>no feedback from anybody on this.

>> 

>>This should illustrate the use case. And I understand that I should use

>>the FSF legal network to discuss this. But I am very surprised that there

>>is no reaction/interest in this. It has been a huge ALU effort to shape

>>these conditions in order to reach acceptance to these conditions by most

>>companies.

>> 

>>Michel.Ruffin@..., PhD

>>Software Coordination Manager, Bell Labs, Corporate CTO Dpt

>>Distinguished Member of Technical Staff

>>Tel +33 (0) 6 75 25 21 94

>>Alcatel-Lucent International, Centre de Villarceaux

>>Route De Villejust, 91620Nozay, France

>> 

>> 

>>-----Message d'origine-----

>>De : Gary O'Neall [mailto:gary@...]

>>Envoyé : mardi 12 juin 2012 19:29

>>À : 'Peter Williams'; RUFFIN, MICHEL (MICHEL)

>>Cc : spdx-tech@...; spdx@...

>>Objet : RE: Import and export function of SPDX

>> 

>>I believe the current SPDX tools will treat both RDF and Tag/Value in the

>>same manner - the documents will be readable by the tools but it will

>>fail a

>>validation (missing required field).  For the command line tools, the

>>conversions or pretty printing will still work but you will get warning.

>> 

>>In terms of making the fields optional - I can see this as a valuable

>>change

>>for some of the use cases where that information is not available.  There

>>is

>>need to make sure the components described in the SPDX file match the

>>actual

>>file artifacts, but that need can be filled by the per-file information.

>> 

>>Michel - Which use case best describes your use of SPDX

>>(http://spdx.org/wiki/spdx-20-use-cases).  If there isn't a good

>>representation of your use case(s), could you provide a brief

>>description?

>>I want to make sure we cover this when working on SPDX 2.0.

>> 

>>Thanks,

>>Gary

>> 

>>-----Original Message-----

>>From:spdx-tech-bounces@...

>>[mailto:spdx-tech-bounces@...] On Behalf Of Peter Williams

>>Sent: Tuesday, June 12, 2012 9:27 AM

>>To: RUFFIN, MICHEL (MICHEL)

>>Cc: spdx-tech@...; spdx@...

>>Subject: Re: Import and export function of SPDX

>> 

>>On Tue Jun 12 06:02:03 2012, RUFFIN, MICHEL (MICHEL) wrote:

>>> We have an issue with 2 fields that do not exist in our database.: the

>>> name of the archive file and the checksum. In the SPDX standard they

>>> are mandatory and I do not see why would it be possibly to make them

>>> optional?

>> 

>>I think making those fields optional would be advantageous. Would you

>>mind

>>filing a bug[1] so that we don't forget to look into the issue for the

>>next

>>version.

>> 

>>As for your immediate issues of not having data for those fields, if you

>>are

>>using RDF i'd just skip them altogether in the SPDX file. While your file

>>will technically be invalid all reasonable SPDX consumers will not have a

>>problem with that information being absent unless they need it to

>>accomplish

>>their goal. (In which case they cannot use your SPDX files, anyway.) If

>>you

>>are using the tag-value format skipping the fields altogether will, i

>>think,

>>prove problematic due to that format's stricter syntactic constraints.

>>(Kate

>>or Gary, can you confirm this?)

>> 

>>[1]:

>>https://bugs.linuxfoundation.org/enter_bug.cgi?product=SPDX&component=Spe

>>c

>> 

>>Peter

>> 

>>PS: I am cc-ing the technical working group because it's participants are

>>best suited to answer these sorts of issues.

>> 

>>_______________________________________________

>>Spdx-tech mailing list

>>Spdx-tech@...

>>https://lists.spdx.org/mailman/listinfo/spdx-tech

>> 

>> 

> 

> 

 

 

_______________________________________________

Spdx mailing list

Spdx@...

https://lists.spdx.org/mailman/listinfo/spdx

Feels like this should go to spdx-legal@... and the Subject line should change to indicate the change of subject ?

 

Steve

 

From: <RUFFIN>, "MICHEL (MICHEL)" <michel.ruffin@...>
Date: Friday, June 22, 2012 6:42 AM
To: "Soeren_Rabenstein@..." <Soeren_Rabenstein@...>, "jilayne.lovejoy@..." <jilayne.lovejoy@...>, "gary@..." <gary@...>, "peter.williams@..." <peter.williams@...>
Cc: "spdx-tech@..." <spdx-tech@...>, "spdx@..." <spdx@...>
Subject: RE: Import and export function of SPDX

 

Before answering this, we need to determine in which group/mailing list we need to discuss this subject, I do not want to bother people not interested by this. Can we continue with SPDX list should we create a different list? I would prefer this second option. Martin would it be possible to create a “FOSS governance process” mailing list in the framework of FOSSBazaar which I think would be the best solution

 

Now if you look at the ALU definition of FOSS your definition cover only a part of the i) definition, there are a lot of software coming with an open source like license which is not OSI compliant, for instance beerware license How do you cope with theses? The ii) (EULA licenses): Sun/oracle binary license, Oracle OTN licenses, google licenses, adobe licenses, … are a huge set of licenses. In a contractual context they need to be treated the same way. Please note we are not discussing here what is an open source (I know there are two major definitions, the FSF one with 4 freedoms and the OSI one with 10 criteria) but what we should put in contracts.

 

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

---

De : Soeren_Rabenstein@... [mailto:Soeren_Rabenstein@...]
Envoyé : vendredi 22 juin 2012 15:03
À : RUFFIN, MICHEL (MICHEL); jilayne.lovejoy@...; gary@...; peter.williams@...
Cc : spdx-tech@...; spdx@...
Objet : AW: Import and export function of SPDX

 

Hello Michel and others

 

In our standard FOSS contract clauses (which I am willing to share too, once we determined that this (or ftf, or any other network) is the appropriate forum for it) the FOSS-definition is also rather broad, but exemplarily refers to the OSI approved licenses. The definition reads as follows:

 

“Free Open Source Software” or “FOSS” shall mean a copyrighted work that is licensed under any of the licenses listed under www.opensource.org/licenses or any similar open source, free software or community license  (“FOSS License”).

 

Btw: It seems I have been dropped from the list of persons allowed to post here (so not sure if this mail will even make it the mailing list). Can someone help on this?

 

 

Mit freundlichen Grüßen / Kind regards

 

Sören Rabenstein

 

____________________________________________________________

 

ASUS Computer GmbH

 

Sören Rabenstein, LL.M.
Legal Affairs Center
Harkortstr. 21-23, 40880 Ratingen
Tel.: (+49) 2102 5609 317
Fax.: (+49) 2102 5609 309
soeren_rabenstein@...
____________________________________________________________

 

 

 

Von: spdx-bounces@... [mailto:spdx-bounces@...] Im Auftrag von RUFFIN, MICHEL (MICHEL)
Gesendet: Freitag, 22. Juni 2012 13:23
An: Jilayne Lovejoy; Gary O'Neall; Peter Williams
Cc: spdx-tech@...; spdx@...
Betreff: RE: Import and export function of SPDX

 

For the definition of FOSS (free and/or open source software (free is for free of cost here)) that we provide it is of course in the context of a contract negotiation. It is everything that do not go through a procurement department, i.e. coming with an implicit license: a click to accept EULA, an OSI compliant license or similar, + shareware and of course public domain. This definition is now accepted without discussion by most of our suppliers because it is quite clear (we had a lot of revisions before coming to this definition). Note that we use this definition internally in ALU for our FOSS governance process.

 

A comment on licenses, what I find confusing in the SPDX standard is the numbering of BSD licenses for instance the BSD 4 clause is in fact the original BSD license and I would have call it BSD1. But that’s not very important. What is important is to stabilize this taxonomy because we cannot change every year the content of our FOSS database, our internal FOSs governance process documents (around 80 pages), our internal tutorials (170 slides), our requests to suppliers, an update of the knowledge of our FOSs experts, etc.

 

Michel.Ruffin@..., PhD

Software Coordination Manager, Bell Labs, Corporate CTO Dpt

Distinguished Member of Technical Staff

Tel +33 (0) 6 75 25 21 94

Alcatel-Lucent International, Centre de Villarceaux

Route De Villejust, 91620Nozay, France

 

 

-----Message d'origine-----
De : Jilayne Lovejoy [mailto:jilayne.lovejoy@...]
Envoyé : vendredi 22 juin 2012 01:33
À : RUFFIN, MICHEL (MICHEL); Gary O'Neall; Peter Williams
Cc : spdx-tech@...; spdx@...
Objet : Re: Import and export function of SPDX

 

(Apologies for falling off this exchange - had some other things come up

and am now getting caught up with various responses - lots of great

discussion, though!)

 

On 6/13/12 9:34 AM, "RUFFIN, MICHEL (MICHEL)"

<michel.ruffin@...> wrote:

 

>So far our FOSS clauses are not aligned on the SPDX standard (we are

>already happy when suppliers can comply to our requirements without too

>much discussion so we did not formalize things too much)

 

One thing I noticed immediately about your clauses is the definition of

FOSS - which is quite broad.  While I can understand why it might make

sense to use a broad definition for contracts, it includes some categories

of software (e.g. (ii) and (iii) in your definition) that other

people/parties might not consider "FOSS."  In terms of the SPDX License

List, for example, I believe (if memory serves) that we discussed to what

"kinds" of licenses should be included on the list and an argument against

including, what I would refer to as "freeware" licenses (usually under

some kind of click-through EULA that more resembles a more traditional,

restrictive IP license, than open source) should not be on the list.

I don't know if this definition's breadth would necessarily create a

conflict in practical reality or not, but thought I'd at least point it

out...

 

 

> 

>What we request is the name of FOSS, the name of the license if it is OSI

>compliant, or a copy of the license if it is not, the nature of the FOSS:

>is it a library, a standalone software, an interpreter, ... in order to

>determine if there is some potential contamination as with GPL.

> 

>Now we have already aligned our database on the SPDX taxonomy for naming

>licenses, we will soon ask our suppliers to align on this taxonomy. I

>have already prepared a document (in copy) to distribute to our suppliers

>and partners on SPDX.

 

Thanks for sharing this.  Really great to hear that you have adopted the

SPDX License List already.  I'm not sure if you or anyone from your team

is on the legal work group mailing list, but that may be helpful to stay

on top of issues/updates/discussion there.  (for example, a new version of

the license list was just uploaded this week :)

 

Jilayne

 

Jilayne Lovejoy |  Corporate Counsel

OpenLogic, Inc.

 

jlovejoy@...

<applewebdata://EAA1F861-B11E-4827-976F-55756901A796/jlovejoy@...

>  |  720 240 4545

 

 

 

 

> 

> 

>-----Message d'origine-----

>De : Jilayne Lovejoy [mailto:jilayne.lovejoy@...]

>Envoyé : mercredi 13 juin 2012 16:08

>À : RUFFIN, MICHEL (MICHEL); Gary O'Neall; Peter Williams

>Cc : spdx-tech@...; spdx@...

>Objet : Re: Import and export function of SPDX

> 

>Hi Michel,

> 

>Thanks again for sharing your information.  In regards to your posting (to

>both this group and the FSF legal network) about the legal clauses, I have

>noticed this and apologize as well for not responding sooner (it's still

>in my inbox as a to-do item, sadly).  In any case, a couple thoughts.  It

>is my understanding from your previous email(s), that you'd like to see

>some kind of FOSS-related legal clause resource, is that correct?  At the

>moment, this is not within the scope of SPDX (albeit a great idea

>generally!).  This is probably something that could be discussed further

>in terms of something to consider tackling in the longer-term road map.

> 

>More specifically, your "list of FOSS" clause (a)(ii), you require the

>name of the license, license text, and whether it is OSI certified or not.

> This is all information capture in the SPDX License List.  Do you have an

>internal list as well?  If so, it would be great to discuss aligning any

>licenses on your list for potential inclusion on the SPDX License List, if

>not already included there and otherwise coordinating.

> 

>Cheers,

> 

>Jilayne Lovejoy |  Corporate Counsel

>jlovejoy@...  |  720 240 4545

>Twitter @jilaynelovejoy

> 

>OpenLogic, Inc.

>10910 W 120th Ave, Suite 450

>Broomfield, Colorado 80021

>www.openlogic.com

>Twitter @openlogic @cloudswing

> 

> 

> 

> 

>On 6/13/12 6:45 AM, "RUFFIN, MICHEL (MICHEL)"

><michel.ruffin@...> wrote:

> 

>>Gary, I think in my previous mail I expressed our use case:

>>1) getting information from our suppliers on FOSS included in their

>>products in order to respect license obligations and to provide this to

>>our customers

>>2) automate the work of ALU for accepting this FOSS in our products

>>3) being able to provide the same information to our customers.

>> 

>>I think it is covered by actual use cases, if not I can do a new one.

>> 

>>Now I would like to attract your attention on a document that I sent few

>>months ago to this mailing list and also to the FSF legal network group.

>>Which are the clauses that we put in the contracts with our suppliers and

>>their rationnal. The goal is to standardize these clauses and I receive

>>no feedback from anybody on this.

>> 

>>This should illustrate the use case. And I understand that I should use

>>the FSF legal network to discuss this. But I am very surprised that there

>>is no reaction/interest in this. It has been a huge ALU effort to shape

>>these conditions in order to reach acceptance to these conditions by most

>>companies.

>> 

>>Michel.Ruffin@..., PhD

>>Software Coordination Manager, Bell Labs, Corporate CTO Dpt

>>Distinguished Member of Technical Staff

>>Tel +33 (0) 6 75 25 21 94

>>Alcatel-Lucent International, Centre de Villarceaux

>>Route De Villejust, 91620Nozay, France

>> 

>> 

>>-----Message d'origine-----

>>De : Gary O'Neall [mailto:gary@...]

>>Envoyé : mardi 12 juin 2012 19:29

>>À : 'Peter Williams'; RUFFIN, MICHEL (MICHEL)

>>Cc : spdx-tech@...; spdx@...

>>Objet : RE: Import and export function of SPDX

>> 

>>I believe the current SPDX tools will treat both RDF and Tag/Value in the

>>same manner - the documents will be readable by the tools but it will

>>fail a

>>validation (missing required field).  For the command line tools, the

>>conversions or pretty printing will still work but you will get warning.

>> 

>>In terms of making the fields optional - I can see this as a valuable

>>change

>>for some of the use cases where that information is not available.  There

>>is

>>need to make sure the components described in the SPDX file match the

>>actual

>>file artifacts, but that need can be filled by the per-file information.

>> 

>>Michel - Which use case best describes your use of SPDX

>>(http://spdx.org/wiki/spdx-20-use-cases).  If there isn't a good

>>representation of your use case(s), could you provide a brief

>>description?

>>I want to make sure we cover this when working on SPDX 2.0.

>> 

>>Thanks,

>>Gary

>> 

>>-----Original Message-----

>>From:spdx-tech-bounces@...

>>[mailto:spdx-tech-bounces@...] On Behalf Of Peter Williams

>>Sent: Tuesday, June 12, 2012 9:27 AM

>>To: RUFFIN, MICHEL (MICHEL)

>>Cc: spdx-tech@...; spdx@...

>>Subject: Re: Import and export function of SPDX

>> 

>>On Tue Jun 12 06:02:03 2012, RUFFIN, MICHEL (MICHEL) wrote:

>>> We have an issue with 2 fields that do not exist in our database.: the

>>> name of the archive file and the checksum. In the SPDX standard they

>>> are mandatory and I do not see why would it be possibly to make them

>>> optional?

>> 

>>I think making those fields optional would be advantageous. Would you

>>mind

>>filing a bug[1] so that we don't forget to look into the issue for the

>>next

>>version.

>> 

>>As for your immediate issues of not having data for those fields, if you

>>are

>>using RDF i'd just skip them altogether in the SPDX file. While your file

>>will technically be invalid all reasonable SPDX consumers will not have a

>>problem with that information being absent unless they need it to

>>accomplish

>>their goal. (In which case they cannot use your SPDX files, anyway.) If

>>you

>>are using the tag-value format skipping the fields altogether will, i

>>think,

>>prove problematic due to that format's stricter syntactic constraints.

>>(Kate

>>or Gary, can you confirm this?)

>> 

>>[1]:

>>https://bugs.linuxfoundation.org/enter_bug.cgi?product=SPDX&component=Spe

>>c

>> 

>>Peter

>> 

>>PS: I am cc-ing the technical working group because it's participants are

>>best suited to answer these sorts of issues.

>> 

>>_______________________________________________

>>Spdx-tech mailing list

>>Spdx-tech@...

>>https://lists.spdx.org/mailman/listinfo/spdx-tech

>> 

>> 

> 

> 

 

 

_______________________________________________

Spdx mailing list

Spdx@...

https://lists.spdx.org/mailman/listinfo/spdx

We do not discuss or put into question the FSF and OSI definitions of FOSS (I know them by heart, I understand the philosophy behind them and respect them). We try to make a definition of what should be the scope of software subject to the clause that we put in the contracts and it is broader than  open source traditional definition.  So perhaps the term “FOSS” is chocking you for that. But this is why we need to discuss and standardize. For me FOSS is not “Free and Open source Software” it is “Free and/or Open source software”; Now should we select another term in this context? I am totally open minded on this. Call it NPS (non-purchased software) or whatever, but even this wording will not fit with shareware for instance.

Michel

Re: " Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”. "

The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are the two organizations which, in my opinion, define what FOSS is. Any attempt to define FOSS which do not take into account the collective wisdom and process that went into their respective license lists [1][2] would be a big mistake.

FOSS = Free and Open Source Software, which is the union of software which meets the definition of Free Software[3] and Open Source Software[4].

I have seen attempts in the past to expand the definition of FOSS beyond licensing to include other parameters such as open development processes and the like. They've all been spectacularly unsuccessful. There be dragons.

In the interest of full disclosure, in addition to by day job at the Eclipse Foundation, I am also a Director of the OSI.

[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd

Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@...

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov

We do not discuss or put into question the FSF and OSI definitions of FOSS (I know them by heart, I understand the philosophy behind them and respect them). We try to make a definition of what should be the scope of software subject to the clause that we put in the contracts and it is broader than  open source traditional definition.  So perhaps the term “FOSS” is chocking you for that. But this is why we need to discuss and standardize. For me FOSS is not “Free and Open source Software” it is “Free and/or Open source software”; Now should we select another term in this context? I am totally open minded on this. Call it NPS (non-purchased software) or whatever, but even this wording will not fit with shareware for instance.

Michel

Re: " Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”. "

The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are the two organizations which, in my opinion, define what FOSS is. Any attempt to define FOSS which do not take into account the collective wisdom and process that went into their respective license lists [1][2] would be a big mistake.

FOSS = Free and Open Source Software, which is the union of software which meets the definition of Free Software[3] and Open Source Software[4].

I have seen attempts in the past to expand the definition of FOSS beyond licensing to include other parameters such as open development processes and the like. They've all been spectacularly unsuccessful. There be dragons.

In the interest of full disclosure, in addition to by day job at the Eclipse Foundation, I am also a Director of the OSI.

[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd

Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@...

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov

Ok now we have an understanding, any suggestion ?

Re: "“Free and Open source Software” it is “Free and/or Open source software”; "

I understand that. Which is why I said it is the union, rather than the intersection.

In my highly simplified view, the FSF defines what free software is, and the OSI defines what open source software is. If you're going to include a bunch of other stuff that does not meet either of those definitions, then please (pretty please!) do not refer to your definition as FOSS or FLOSS. Find some other name, because that one's taken.

Ok now we have an understanding, any suggestion ?

 

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

---

De : Mike Milinkovich [mailto:mike.milinkovich@...]
Envoyé : vendredi 22 juin 2012 20:43
À : RUFFIN, MICHEL (MICHEL); Soeren_Rabenstein@...; mjherzog@...; spdx@...
Objet : RE: "Scope" of licenses to be covered by SPDX

 

Re: "“Free and Open source Software” it is “Free and/or Open source software”; "

 

I understand that. Which is why I said it is the union, rather than the intersection.

 

In my highly simplified view, the FSF defines what free software is, and the OSI defines what open source software is. If you're going to include a bunch of other stuff that does not meet either of those definitions, then please (pretty please!) do not refer to your definition as FOSS or FLOSS. Find some other name, because that one's taken.

 

 

From: RUFFIN, MICHEL (MICHEL) [mailto:michel.ruffin@...]
Sent: June-22-12 1:55 PM
To: mike.milinkovich@...; Soeren_Rabenstein@...; mjherzog@...; spdx@...
Subject: RE: "Scope" of licenses to be covered by SPDX

 

We do not discuss or put into question the FSF and OSI definitions of FOSS (I know them by heart, I understand the philosophy behind them and respect them). We try to make a definition of what should be the scope of software subject to the clause that we put in the contracts and it is broader than  open source traditional definition.  So perhaps the term “FOSS” is chocking you for that. But this is why we need to discuss and standardize. For me FOSS is not “Free and Open source Software” it is “Free and/or Open source software”; Now should we select another term in this context? I am totally open minded on this. Call it NPS (non-purchased software) or whatever, but even this wording will not fit with shareware for instance.

 

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

---

De : Mike Milinkovich [mailto:mike.milinkovich@...]
Envoyé : vendredi 22 juin 2012 19:25
À : Soeren_Rabenstein@...; RUFFIN, MICHEL (MICHEL); mjherzog@...; spdx@...
Objet : RE: "Scope" of licenses to be covered by SPDX

 

Re: " Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”."

 

The Free Software Foundation (FSF) and the Open Source Initiative (OSI) are the two organizations which, in my opinion, define what FOSS is. Any attempt to define FOSS which do not take into account the collective wisdom and process that went into their respective license lists [1][2] would be a big mistake.

 

FOSS = Free and Open Source Software, which is the union of software which meets the definition of Free Software[3] and Open Source Software[4].

 

I have seen attempts in the past to expand the definition of FOSS beyond licensing to include other parameters such as open development processes and the like. They've all been spectacularly unsuccessful. There be dragons.

 

In the interest of full disclosure, in addition to by day job at the Eclipse Foundation, I am also a Director of the OSI.

 

[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd

 

 

Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@...

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov

 

 

 

Out of this topic we just discussed (in my understanding) what could be a proper definition of “FOSS”.

 

With respect to the license list, an issue I happened to notice this
morning is that items on it appear to reflect a very flat concept of a
license when there are options, e.g. GPL-2.0-with-GCC-exception and
GPL-2.0+. The problem is that this approach limits the succinct
representation of licenses. For example, if a package (e.g., libgcc)
is GPL 2.0 or later version with runtime exception, there is no
GPL-2.0+-with-GCC-exception. If a package also incorporates the GPL
classpath exception, that isn't listed either. It's not obvious that
this can be fixed by disjunction or conjunction of the listed licenses
(wouldn't GPL-2.0+ AND GPL-2.0-with-GCC-exception be simple GPL-2.0?)

In a future revision, perhaps the concept of a base license with a set
of options (GPL-2.0, option for later revision, exception for runtime
library, exception for classpath) would be more expressive. It could
also cut down on the size of the list.

Peter

On Fri, Jun 22, 2012 at 12:48 PM, Philip Odence
<podence@...> wrote:

I sometimes skirt the issue by broadly referring "software that is
freely
available on the web."

When one is talking about new projects, picking licenses, and the like,
it
makes sense to steer/limit to OSI approved licenses. When, on the other
hand, the use case is documenting all the "junk" that may be found in a
package and associated licenses (as with SPDX), it makes sense to be
expansive in order to be able to represent software under licenses
outside
the OSI definition.

So, the SPDX license list goes beyond the OSI list. Our goal has been to
handle the bulk of license one might run into in a software package.
And,
the spec provides a mechanism for handling licenses not on the list, by
essentially including the text of the license. One of the benefits of
the
License List is that it keeps the size of the SPDX file down by not
requiring the text to be included.

I don¹t think we've come to grips with where we draw the line on the
size of
the license list. With the 150 or so license on there now, we certainly
handle the vast majority of components, but for user convenience, more
is
better. I think when we get comfortable with our understanding of the
effort
involved in maintaining the list and adding new licenses, we'll be in a
better position to say how big we want the list to be.

From: Mike Milinkovich <mike.milinkovich@...>
Organization: Eclipse Foundation
Reply-To: Mike Milinkovich <mike.milinkovich@...>
Date: Fri, 22 Jun 2012 13:24:42 -0400
To: <Soeren_Rabenstein@...>, Michel Ruffin
<Michel.Ruffin@...>, Michael Herzog <mjherzog@...>,
<spdx@...>
Subject: RE: "Scope" of licenses to be covered by SPDX

Re: " Out of this topic we just discussed (in my understanding) what
could
be a proper definition of ³FOSS². "



The Free Software Foundation (FSF) and the Open Source Initiative (OSI)
are
the two organizations which, in my opinion, define what FOSS is. Any
attempt
to define FOSS which do not take into account the collective wisdom and
process that went into their respective license lists [1][2] would be a
big
mistake.



FOSS = Free and Open Source Software, which is the union of software
which
meets the definition of Free Software[3] and Open Source Software[4].



I have seen attempts in the past to expand the definition of FOSS beyond
licensing to include other parameters such as open development
processes and
the like. They've all been spectacularly unsuccessful. There be dragons.



In the interest of full disclosure, in addition to by day job at the
Eclipse
Foundation, I am also a Director of the OSI.



[1] http://www.gnu.org/licenses/license-list.html#SoftwareLicenses

[2] http://opensource.org/licenses/alphabetical

[3] http://www.gnu.org/philosophy/free-sw.html

[4] http://opensource.org/docs/osd





Mike Milinkovich

Executive Director

Eclipse Foundation, Inc.

Office: +1.613.224.9461 x228

Mobile: +1.613.220.3223

mike.milinkovich@...

blog: http://dev.eclipse.org/blogs/mike/

twitter: @mmilinkov







Out of this topic we just discussed (in my understanding) what could be
a
proper definition of ³FOSS².



_______________________________________________ Spdx mailing list
Spdx@... https://lists.spdx.org/mailman/listinfo/spdx

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx

_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx