Topics

Seen in file license recognition


Peter Williams <peter.williams@...>
 

It was clear from the call this morning that when and spdx producer
sees a standard header in a file that license ends up in the "seen in
file licenses" list. However, for all other licenses/license headers
do we expect those to be listed? Do we want to limit the values in
"seen in file licenses" to just those that match the standard header
set? If we don't then different producers of spdx will not agree on
the values in that list.

Peter
openlogic.com


Bill Schineller
 

No, I don’t think we should limit the values in “seen in file licenses” to just those which “exact” match the standard header set.
Because I don’t think it is reasonable to expect that SPDX will maintain a comprehensive set of all the variants of headers/texts encountered in files which refer to a specific license in the SPDX license list.  Different producers will ‘see’ header variants in files that the SPDX community hasn’t  yet ‘seen’ before (e.g. differing from standard headers by insignificant punctuation, spelling), but which are clearly referencing a specific license known to SPDX.  SPDX producers should still get to record these observations as ‘seen in file licenses’, shouldn’t they?

Different producers of spdx will inevitably disagree on the values in the list, depending on the thoroughness of their analyses.
The CreatedBy and ReviewedBy fields in SPDX documents will let consumers of SPDX documents know who produced them.
The consumers can consider this information when assessing their risk.

Bill Schineller
Black Duck


On 1/14/11 11:00 AM, "Peter Williams" <peter.williams@...> wrote:

It was clear from the call this morning that when and spdx producer
sees a standard header in a file that license ends up in the "seen in
file licenses" list.  However, for all other licenses/license headers
do we expect those to be listed?  Do we want to limit the values in
"seen in file licenses" to just those that match the standard header
set?  If we don't then different producers of spdx will not agree on
the values in that list.

Peter
openlogic.com
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx


Bill Schineller
Knowledge Base Manager
Black Duck Software Inc.
T: +1.781.810.1829
F: +1.781.891.5145
E: bschineller@...
http://www.blackducksoftware.com


Jilayne Lovejoy <Jlovejoy@...>
 

Yes, I would agree with that, Bill.

 

Jilayne

 


From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Bill Schineller
Sent: Friday, January 14, 2011 2:50 PM
To: Peter Williams; spdx@...
Subject: Re: Seen in file license recognition

 

No, I don’t think we should limit the values in “seen in file licenses” to just those which “exact” match the standard header set.
Because I don’t think it is reasonable to expect that SPDX will maintain a comprehensive set of all the variants of headers/texts encountered in files which refer to a specific license in the SPDX license list.  Different producers will ‘see’ header variants in files that the SPDX community hasn’t  yet ‘seen’ before (e.g. differing from standard headers by insignificant punctuation, spelling), but which are clearly referencing a specific license known to SPDX.  SPDX producers should still get to record these observations as ‘seen in file licenses’, shouldn’t they?

Different producers of spdx will inevitably disagree on the values in the list, depending on the thoroughness of their analyses.
The CreatedBy and ReviewedBy fields in SPDX documents will let consumers of SPDX documents know who produced them.
The consumers can consider this information when assessing their risk.

Bill Schineller
Black Duck


On 1/14/11 11:00 AM, "Peter Williams" <peter.williams@...> wrote:

It was clear from the call this morning that when and spdx producer
sees a standard header in a file that license ends up in the "seen in
file licenses" list.  However, for all other licenses/license headers
do we expect those to be listed?  Do we want to limit the values in
"seen in file licenses" to just those that match the standard header
set?  If we don't then different producers of spdx will not agree on
the values in that list.

Peter
openlogic.com
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx


Bill Schineller
Knowledge Base Manager
Black Duck Software Inc.
T: +1.781.810.1829
F: +1.781.891.5145
E: bschineller@...
http://www.blackducksoftware.com