RE: License: spdx-license=IDENTIFIER
Bradley, I will let the legal tam address your concern regarding GPL-2.0 as an identifier. As for the tagging in a file for the license you are correct that nothing has been written down as of yet. There has been some discussion of this by many people and it was even a topic of discussion on the tech team call today. I believe the basic proposal (largely pushed by me I think) was to take what was done by U-boot and start with that as a basis for something that could then be standardized on and expanded later. You can see an example here: http://git.denx.de/?p=u-boot.git;a=blob;f=post/post.c;h=4af5355fa5a20f9c2e763f37b269bea38d43e8ea;hb=6612ab33956ae09c5ba2fde9c1540b519625ba37 (this was random file I picked so I'm not trying to imply anything with the 2.0+ :) ). The idea is that there would be a write up on this and how to apply it. That said, most people think this needs to be vetted a bit more which is fair and I know Windriver presented a talk at I believe the last CollabSummit on using meta tagging of this nature and it was a bit more complete. If I remember from the conversations at Linuxcon we were going to talk to the various foundations (FSF, your conservancy, Apache, Eclipse, etc.) and get their thoughts as well. I know on the tech team call there were discussions as to whether this was enough as well and the legal team on SPDX may have some opinions. At some point we want this to be an official recommendation but it looks like we have more socializing to do on the subject to be sure everyone's concerns are addressed and there is a consensus and that the right approach is taken. By the way, I'm happy to hear that you would something suggested by SPDX in this regard. In summary, I would say stay tuned and feel free to join in the conversation. Jack -Original Message- From: spdx-legal-boun...@lists.spdx.org [mailto:spdx-legal-boun...@lists.spdx.org] On Behalf Of Bradley M. Kuhn Sent: Tuesday, October 01, 2013 12:44 PM To: SPDX-legal Cc: spdx-t...@spdx.org Subject: License: spdx-license=IDENTIFIER I wasn't at the SPDX meetings at LinuxCon last month, but multiple people approached me at the conference to ask my opinion on the issue, with regard to file-by-file license notice inventory, if I felt the text: spdx-license=IDENTIFIER would be adequate. I'm told that dmg suggested that it'd be better to say something like: "License of this file is: spdx-license=IDENTIFIER" and while I agreed with dmg, but I further suggested: "License: spdx-license=IDENTIFIER" would be adequate. However, I don't see anything about this documented in these minutes: Jilayne Lovejoy wrote at 14:37 (EDT) on Thursday: > http://wiki.spdx.org/view/Legal_Team/Minutes/2013-09-25 I am posting about this now because I may be about to make a bombing-run patch to one of Conservancy's member projects to add a license notice to each file, and I'd be happy use that format if it's going to be an official recommendation of the SPDX project. However, I will have to register my complaint again that GPL-2.0 is a *horrible* identifier for GPLv2-only, mainly because of how GPLv2§9 works. Saying "GPL-2.0" to refer to GPLv2-only is misleading and confusing and should be corrected. This wasn't a major issue when the identifiers were only used by SPDX experts, but if you really are proposing that projects use the identifiers *in their code* then the identifiers *need* to stand on their own and be accurate. What is your plan to solve that problem? -- -- bkuhn ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
Re: License: spdx-license=IDENTIFIER
comments inline below On Oct 1, 2013, at 10:44 AM, Bradley M. Kuhn wrote: > I wasn't at the SPDX meetings at LinuxCon last month, but multiple > people approached me at the conference to ask my opinion on the issue, > with regard to file-by-file license notice inventory, if I felt the > text: > spdx-license=IDENTIFIER > > would be adequate. I'm told that dmg suggested that it'd be better to > say something like: > > "License of this file is: spdx-license=IDENTIFIER" > > and while I agreed with dmg, but I further suggested: > > "License: spdx-license=IDENTIFIER" > > would be adequate. > > However, I don't see anything about this documented in these minutes: > > Jilayne Lovejoy wrote at 14:37 (EDT) on Thursday: >> http://wiki.spdx.org/view/Legal_Team/Minutes/2013-09-25 these minutes are for the legal team meeting on 9/25 during which I did a brief recap of the various meetings that occurred (a full day's worth) at LinuxCon. Naturally, there is more focus on the content for the meeting that I led (having to do with the license matching guidelines). I don't believe there are minutes specifically from the other meetings, but am sure it will be also summarized during the monthly general call tomorrow, so I'd encourage people to join that. > > I am posting about this now because I may be about to make a bombing-run > patch to one of Conservancy's member projects to add a license notice to > each file, and I'd be happy use that format if it's going to be an > official recommendation of the SPDX project. That is great news, Bradley! Obviously, there are a few details to sort out, but the support is very much appreciated. > > > However, I will have to register my complaint again that GPL-2.0 is a > *horrible* identifier for GPLv2-only, mainly because of how GPLv2§9 > works. Saying "GPL-2.0" to refer to GPLv2-only is misleading and > confusing and should be corrected. > yes, I actually agree. I have long thought that the short identifiers would be better served as: GPL-2.0+ and GPL-2.0-only And logged this as something to bring up, but we have been busy with trying to finish other tasks and it hasn't risen to the surface. Of course, the worry is that changing the short identifiers will screw up people who are already using the SPDX License List (we endeavored to try to never change them…) There is a good number of companies already using it and probably more than we even know of. In any case, if it is going to help reduce confusion or ambiguity and we can figure out a way to make sure this change is well documented, then we need to consider making the change. I will be sure to bring this up at the General Meeting tomorrow and on the next legal call (next Thursday) Cheers, Jilayne Lovejoy SPDX Legal Team lead lovejoyl...@gmail.com ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
RE: License: spdx-license=IDENTIFIER
Jilayne Lovejoy: >yes, I actually agree. I have long thought that the short identifiers would >be better served as: >GPL-2.0+ >and >GPL-2.0-only >And logged this as something to bring up, but we have been busy with trying to >finish other tasks and it hasn't risen to the surface. Of course, the worry >is that changing the short identifiers will screw up people who are already >using the SPDX License List (we endeavored to try to never change them...) >There is a good number of companies already using it and probably more than we >even know of. In any case, if it is going to help reduce confusion or >ambiguity and we can figure out a way to make sure this change is well >documented, then we need to consider making the change. I will be sure to >bring this up at the General Meeting tomorrow and on the next legal call (next >Thursday) I agree that once an identifier is given a specific meaning, that meaning MUST not change. But I don't see a big harm in creating a new, clearer SPDX identifier for a given license. There should be only one "recommended" identifier for a given license, but you could record older identifiers marking what license they refer to, noting that it's a deprecated identifier and listing the "better" ones instead. The GPL and LGPL are the most widely used OSS licenses, by most measures, and its version distinctions really matter for many people. Having good, clear identifiers for this especially common use case seems like a reasonable thing to do. --- David A. Wheeler Cheers, Jilayne Lovejoy SPDX Legal Team lead lovejoyl...@gmail.com ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
Re: License: spdx-license=IDENTIFIER
David, Wheeler, David A wrote at 09:40 (EDT) on Thursday: > I agree that once an identifier is given a specific meaning, that > meaning MUST not change. But I don't see a big harm in creating a > new, clearer SPDX identifier for a given license. > > There should be only one "recommended" identifier for a given license, > but you could record older identifiers marking what license they refer > to, noting that it's a deprecated identifier and listing the "better" > ones instead. > > The GPL and LGPL are the most widely used OSS licenses, by most > measures, and its version distinctions really matter for many people. > Having good, clear identifiers for this especially common use case > seems like a reasonable thing to do. My worry about your text above, which I otherwise agree fully with, is that you may be confusing two different (valid) uses of the term "license" in your explanation above: one meaning "the literal text of the license", as in the text of GPLv2, vs. a usage of GPLv2 in the wild, which could be GPLv2-only, GPLv2-or-later, GPLv2-or-later-with-some-exception, etc. In fact, as I mentioned elsewhere, if you just slap the text of GPLv2 on something and make no other statement, it's automatically GPLv2-or-later. SPDX license list needs to make these distinctions abundantly clear. It *tries* to now, but does a pretty poor job, IMO. -- -- bkuhn ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
GPLv2-only identifiers (was Re: License: spdx-license=IDENTIFIER)
Jilayne Lovejoy wrote at 01:07 (EDT) on Thursday: > yes, I actually agree. I have long thought that the short identifiers > would be better served as: GPL-2.0+ and GPL-2.0-only I could live with that, although the .0 makes no sense there, IMO, and I really do like the format that FSF standardized long before SPDX started to use "GPLv2" rather than "GPL-2". That said, there is no specific reason other than aesthetics to prefer GPLv2 over GPL-2. I also like -or-later better than +, mainly because + reads like a regular expression shorthand of some sort. But, that too, is probably aesthetics only. -- -- bkuhn ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal