AW: New license request
Hi Jilayne, hi Tom Thank you for the feedback. I will try to make it to be in the telco. This is a very interesting discussion. From a practical point of view we need a standard to provide license and copyright information of 3rd party software. Further it would be wonderful if there is one place where one can find a complete collection of (OSS) licenses. It would be great if we can use SPDX one day in future for the declaration of 3rd party software no matter whether the 3rd party software is OSS or not. This would really make live a lot easier. Of course I understand that this is part of the open compliance program and not part of a 3rd party software compliance program. But I think that the standard is powerful enough to serve both OSS (which is a special case of third party software) and other 3rd party software . Thanks Oliver Von: Tom Incorvia [mailto:tom.incor...@microfocus.com] Gesendet: Donnerstag, 6. März 2014 13:39 An: J Lovejoy Cc: Fendt, Oliver; SPDX-legal Betreff: RE: New license request Hi Jilayne, Thanks for pointing out the possible flexibility in the license list; Oliver, thanks again for taking the time to submit this license. I'll be on the call today - great if you could join us in the discussion. With regards to the contributions need not be in source code form, I was referring to section G: Binary Code Files - The software may include certain binary code files for which its source code is not included as part of the software, or that are packaged without the source code in an installable or executable package. As to these binary code files, unless applicable law gives you more rights despite this limitation, you must comply with all technical limitations in those files that only allow you to use it in certain ways. You may not modify, work around any technical limitations in, or reverse engineer, decompile or disassemble these binary code files, except and only to the extent that applicable law expressly permits, despite this limitation. Thanks, Tom Tom Incorvia; tom.incor...@microfocus.commailto:tom.incor...@microfocus.com; O: (512) 340-1336; M: (215) 500 8838; Shoretel (Internal): X27015 From: J Lovejoy [mailto:opensou...@jilayne.com] Sent: Wednesday, March 05, 2014 8:17 PM To: Tom Incorvia Cc: Oliver Fendt; SPDX-legal Subject: Re: New license request Hi Oliver, Tom, Just to clarify on Tom's points - the normal process is to review based on the OSD as a starting point, although for a license to be on the SPDX License List, it does not need to strictly adhere to the OSD (see more info here, in particular, the bit under Candidate License Analysis http://spdx.org/spdx-license-list/license-list-overview) So, thanks to Oliver for his submission and to Tom for beginning the process via email (we do need more of that...) and surely the discussion will continue on the next legal call, which is tomorrow (hint hint)! Tom, I'm not entirely clear what you mean by 'contributions need not be in source code form - which section are you referring to? Oliver, I can't remember what time zone you are in, but if you can join the call tomorrow, that would be helpful for the discussion, I'm sure. It's at 1pm ET and the dial-in info is: Call this number: (United States) 1-415-363-0849 Enter this PIN: 336247 Alternative Numbers: http://www.yuuguu.com/audio Cheers, Jilayne SPDX Legal Team co-lead opensou...@jilayne.commailto:opensou...@jilayne.com On Mar 5, 2014, at 2:56 PM, Tom Incorvia tom.incor...@microfocus.commailto:tom.incor...@microfocus.com wrote: Hello Fendt, I have been out of the SPDX mix for a while, but I believe that this license would not be considered an open source license based on theOSI criteriahttp://opensource.org/osd-annotated - this license is used by Microsoft for certain free distributions (for instance, the Microsoft Parallel Computing Platform). However, these distributions have restrictions: - Contributions need not be in source code form - The license grants are limited to Microsoft platforms - Reverse engineering of binary files is prohibited (except where local law expressly permits) I worked with SPDX for several years, and contributions like this are valued. If you are interested in contributing as a team member, please communicate with Philip Odence pode...@blackducksoftware.commailto:pode...@blackducksoftware.com, to determine which team would be the best fit - we are always looking for individuals who are involved in licensing. Thanks, Tom Incorvia Tom Incorvia; tom.incor...@microfocus.commailto:tom.incor...@microfocus.com; O: (512) 340-1336; M: (215) 500 8838; Shoretel (Internal): X27015 From: spdx-legal-boun...@lists.spdx.orgmailto:spdx-legal-boun...@lists.spdx.org [mailto:spdx-legal-boun...@lists.spdx.org] On Behalf Of Fendt, Oliver Sent: Wednesday, March 05, 2014 10:31 AM To: spdx-legal@lists.spdx.orgmailto:spdx-legal@lists.spdx.org Subject: New license request Hi
Re: AW: New license request
Oliver, What you say makes conceptual sense and perhaps we might “go there” some day with the license list. At this point in order to do a good job with the resources we have we have decided to say focused on open source, although we have let that definition go beyond the 67 or so licenses that the OSI has approved. So, your request is a reasonable one. I will point out, just in case you are not aware, that there is a mechanism in the spec for handling licenses that are not on the list. Essentially you can create an addendum to the license list locally to the particular SPDX doc and in that define other licenses (by including the text) and associated short names for use in that SPDX doc. Phil L. Philip Odence Vice President of Corporate and Business Development Black Duck Software, Inc. 8 New England Executive Park, Suite 211, Burlington MA 01803 Phone: 781.810.1819, Mobile: 781.258.9502 Skype: philip.odence pode...@blackducksoftware.commailto:pode...@blackducksoftware.com http://www.blackducksoftware.comhttp://www.blackducksoftware.com/ http://twitter.com/podence http://www.linkedin.com/in/podence http://www.networkworld.com/community/odence (my blog) From: Fendt, Oliver oliver.fe...@siemens.commailto:oliver.fe...@siemens.com Date: Thu, 6 Mar 2014 13:17:33 + To: Tom Incorvia tom.incor...@microfocus.commailto:tom.incor...@microfocus.com, Jilayne Lovejoy opensou...@jilayne.commailto:opensou...@jilayne.com Cc: spdx-legal@lists.spdx.orgmailto:spdx-legal@lists.spdx.org spdx-legal@lists.spdx.orgmailto:spdx-legal@lists.spdx.org Subject: AW: New license request Hi Jilayne, hi Tom Thank you for the feedback. I will try to make it to be in the telco. This is a very interesting discussion. From a practical point of view we need a standard to provide license and copyright information of 3rd party software. Further it would be wonderful if there is one place where one can find a complete collection of (OSS) licenses. It would be great if we can use SPDX one day in future for the declaration of “3rd party software” no matter whether the 3rd party software is OSS or not. This would really make live a lot easier. Of course I understand that this is part of the open compliance program and not part of a “3rd party software compliance program”. But I think that the standard is powerful enough to serve both OSS (which is a special case of third party software) and other 3rd party software . Thanks Oliver Von: Tom Incorvia [mailto:tom.incor...@microfocus.com] Gesendet: Donnerstag, 6. März 2014 13:39 An: J Lovejoy Cc: Fendt, Oliver; SPDX-legal Betreff: RE: New license request Hi Jilayne, Thanks for pointing out the possible flexibility in the license list; Oliver, thanks again for taking the time to submit this license. I’ll be on the call today – great if you could join us in the discussion. With regards to the “contributions need not be in source code form”, I was referring to section G: Binary Code Files - The software may include certain binary code files for which its source code is not included as part of the software, or that are packaged without the source code in an installable or executable package. As to these binary code files, unless applicable law gives you more rights despite this limitation, you must comply with all technical limitations in those files that only allow you to use it in certain ways. You may not modify, work around any technical limitations in, or reverse engineer, decompile or disassemble these binary code files, except and only to the extent that applicable law expressly permits, despite this limitation. Thanks, Tom Tom Incorvia; tom.incor...@microfocus.commailto:tom.incor...@microfocus.com; O: (512) 340-1336; M: (215) 500 8838; Shoretel (Internal): X27015 From: J Lovejoy [mailto:opensou...@jilayne.com] Sent: Wednesday, March 05, 2014 8:17 PM To: Tom Incorvia Cc: Oliver Fendt; SPDX-legal Subject: Re: New license request Hi Oliver, Tom, Just to clarify on Tom’s points - the normal process is to review based on the OSD as a starting point, although for a license to be on the SPDX License List, it does not need to strictly adhere to the OSD (see more info here, in particular, the bit under “Candidate License Analysis” http://spdx.org/spdx-license-list/license-list-overview) So, thanks to Oliver for his submission and to Tom for beginning the process via email (we do need more of that…) and surely the discussion will continue on the next legal call, which is tomorrow (hint hint)! Tom, I’m not entirely clear what you mean by ‘contributions need not be in source code form” - which section are you referring to? Oliver, I can’t remember what time zone you are in, but if you can join the call tomorrow, that would be helpful for the discussion, I’m sure. It’s at 1pm ET and the dial-in info is: Call this number: (United States) 1-415-363-0849 Enter this PIN: 336247 Alternative Numbers: http://www.yuuguu.com/audio Cheers, Jilayne SPDX
AW: AW: New license request
Hi Phil, thank you for the feedback. I understand that you want to focus right now on Open Source although the Creative Commons Attribution Non Commercial 1.0 and following versions as well as Creative Commons Attribution Non Commercial No Derivatives 1.0 and following versions are in the list and which are in my opinion _not_ OSD compliant. But I'm not a lawyer. Regards Oliver Von: Philip Odence [mailto:pode...@blackducksoftware.com] Gesendet: Donnerstag, 6. März 2014 14:39 An: Fendt, Oliver; Tom Incorvia; Jilayne Lovejoy Cc: spdx-legal@lists.spdx.org Betreff: Re: AW: New license request Oliver, What you say makes conceptual sense and perhaps we might go there some day with the license list. At this point in order to do a good job with the resources we have we have decided to say focused on open source, although we have let that definition go beyond the 67 or so licenses that the OSI has approved. So, your request is a reasonable one. I will point out, just in case you are not aware, that there is a mechanism in the spec for handling licenses that are not on the list. Essentially you can create an addendum to the license list locally to the particular SPDX doc and in that define other licenses (by including the text) and associated short names for use in that SPDX doc. Phil L. Philip Odence Vice President of Corporate and Business Development Black Duck Software, Inc. 8 New England Executive Park, Suite 211, Burlington MA 01803 Phone: 781.810.1819, Mobile: 781.258.9502 Skype: philip.odence pode...@blackducksoftware.commailto:pode...@blackducksoftware.com http://www.blackducksoftware.comhttp://www.blackducksoftware.com/ http://twitter.com/podence http://www.linkedin.com/in/podence http://www.networkworld.com/community/odence (my blog) From: Fendt, Oliver oliver.fe...@siemens.commailto:oliver.fe...@siemens.com Date: Thu, 6 Mar 2014 13:17:33 + To: Tom Incorvia tom.incor...@microfocus.commailto:tom.incor...@microfocus.com, Jilayne Lovejoy opensou...@jilayne.commailto:opensou...@jilayne.com Cc: spdx-legal@lists.spdx.orgmailto:spdx-legal@lists.spdx.org spdx-legal@lists.spdx.orgmailto:spdx-legal@lists.spdx.org Subject: AW: New license request Hi Jilayne, hi Tom Thank you for the feedback. I will try to make it to be in the telco. This is a very interesting discussion. From a practical point of view we need a standard to provide license and copyright information of 3rd party software. Further it would be wonderful if there is one place where one can find a complete collection of (OSS) licenses. It would be great if we can use SPDX one day in future for the declaration of 3rd party software no matter whether the 3rd party software is OSS or not. This would really make live a lot easier. Of course I understand that this is part of the open compliance program and not part of a 3rd party software compliance program. But I think that the standard is powerful enough to serve both OSS (which is a special case of third party software) and other 3rd party software . Thanks Oliver Von: Tom Incorvia [mailto:tom.incor...@microfocus.com] Gesendet: Donnerstag, 6. März 2014 13:39 An: J Lovejoy Cc: Fendt, Oliver; SPDX-legal Betreff: RE: New license request Hi Jilayne, Thanks for pointing out the possible flexibility in the license list; Oliver, thanks again for taking the time to submit this license. I'll be on the call today - great if you could join us in the discussion. With regards to the contributions need not be in source code form, I was referring to section G: Binary Code Files - The software may include certain binary code files for which its source code is not included as part of the software, or that are packaged without the source code in an installable or executable package. As to these binary code files, unless applicable law gives you more rights despite this limitation, you must comply with all technical limitations in those files that only allow you to use it in certain ways. You may not modify, work around any technical limitations in, or reverse engineer, decompile or disassemble these binary code files, except and only to the extent that applicable law expressly permits, despite this limitation. Thanks, Tom Tom Incorvia; tom.incor...@microfocus.commailto:tom.incor...@microfocus.com; O: (512) 340-1336; M: (215) 500 8838; Shoretel (Internal): X27015 From: J Lovejoy [mailto:opensou...@jilayne.com] Sent: Wednesday, March 05, 2014 8:17 PM To: Tom Incorvia Cc: Oliver Fendt; SPDX-legal Subject: Re: New license request Hi Oliver, Tom, Just to clarify on Tom's points - the normal process is to review based on the OSD as a starting point, although for a license to be on the SPDX License List, it does not need to strictly adhere to the OSD (see more info here, in particular, the bit under Candidate License Analysis http://spdx.org/spdx-license-list/license-list-overview) So, thanks to Oliver for his submission and to Tom for beginning the process via
Re: AW: AW: New license request
Oliver, As recorded at http://wiki.spdx.org/view/Legal_Team/License_List/Licenses_Under_Consideration#Licenses_Under_Considerationthe SPDX legal working group has decided not to add the MSPPL to the SPDX License List. Your request sparked a great deal of discussion about license inclusion criteria. I have attempted to summarize the main points as follows: The major concern regarding this license text is the lack of a specific Version designation for this text by Microsoft, which could change the text at any time without providing a new unique identifier. This is a common situation with many free proprietary licenses that are specific to a vendor and contain various restrictions that tie the license to that vendor only. It would be better to capture the specific applicable text using the SPDX License Ref option when specifying that this license applies to a software package being used. Thanks for providing the team with a great case to re-examine the current scope of the SPDX license list, and the emphasis continues to be on open source licenses in order to make the best use of available SPDX resources. Regards, Dennis Clark dmcl...@nexb.com On Thu, Mar 6, 2014 at 5:57 AM, Fendt, Oliver oliver.fe...@siemens.comwrote: Thanks Phil, it would be really great *Von:* Philip Odence [mailto:pode...@blackducksoftware.com] *Gesendet:* Donnerstag, 6. März 2014 14:52 *An:* Fendt, Oliver; Tom Incorvia; Jilayne Lovejoy *Cc:* spdx-legal@lists.spdx.org *Betreff:* Re: AW: AW: New license request We have definitely gone beyond the OSI list and even beyond the OSI definition, but have tried, for now, to keep it to open source-like licenses. See http://spdx.org/spdx-license-list/license-list-overview for a complete explanation of how we decide to include a license. In my opinion the MSPPL is a very reasonable request, not to say we will for sure include, but it is worthy of discussion by the legal team. *From: *Fendt, Oliver oliver.fe...@siemens.com *Date: *Thu, 6 Mar 2014 13:45:46 + *To: *Phil Odence pode...@blackducksoftware.com, Tom Incorvia tom.incor...@microfocus.com, Jilayne Lovejoy opensou...@jilayne.com *Cc: *spdx-legal@lists.spdx.org spdx-legal@lists.spdx.org *Subject: *AW: AW: New license request Hi Phil, thank you for the feedback. I understand that you want to focus right now on Open Source although the Creative Commons Attribution Non Commercial 1.0 and following versions as well as Creative Commons Attribution Non Commercial No Derivatives 1.0 and following versions are in the list and which are in my opinion _*not*_ OSD compliant. But I'm not a lawyer. Regards Oliver *Von:* Philip Odence [mailto:pode...@blackducksoftware.compode...@blackducksoftware.com] *Gesendet:* Donnerstag, 6. März 2014 14:39 *An:* Fendt, Oliver; Tom Incorvia; Jilayne Lovejoy *Cc:* spdx-legal@lists.spdx.org *Betreff:* Re: AW: New license request Oliver, What you say makes conceptual sense and perhaps we might go there some day with the license list. At this point in order to do a good job with the resources we have we have decided to say focused on open source, although we have let that definition go beyond the 67 or so licenses that the OSI has approved. So, your request is a reasonable one. I will point out, just in case you are not aware, that there is a mechanism in the spec for handling licenses that are not on the list. Essentially you can create an addendum to the license list locally to the particular SPDX doc and in that define other licenses (by including the text) and associated short names for use in that SPDX doc. Phil *L. Philip Odence* Vice President of Corporate and Business Development Black Duck Software, Inc. 8 New England Executive Park, Suite 211, Burlington MA 01803 Phone: 781.810.1819, Mobile: 781.258.9502 Skype: philip.odence pode...@blackducksoftware.com http://www.blackducksoftware.com http://twitter.com/podence http://www.linkedin.com/in/podence http://www.networkworld.com/community/odence (my blog) *From: *Fendt, Oliver oliver.fe...@siemens.com *Date: *Thu, 6 Mar 2014 13:17:33 + *To: *Tom Incorvia tom.incor...@microfocus.com, Jilayne Lovejoy opensou...@jilayne.com *Cc: *spdx-legal@lists.spdx.org spdx-legal@lists.spdx.org *Subject: *AW: New license request Hi Jilayne, hi Tom Thank you for the feedback. I will try to make it to be in the telco. This is a very interesting discussion. From a practical point of view we need a standard to provide license and copyright information of 3rd party software. Further it would be wonderful if there is one place where one can find a complete collection of (OSS) licenses. It would be great if we can use SPDX one day in future for the declaration of 3rd party software no matter whether the 3rd party software is OSS or not. This would really make live a lot easier. Of course I understand that this is part of the open compliance