Hi Jilayne, sorry for answering so late. I'll try to be more precise. I have attached the COPYING file of my tar scenario. The file contains for sure the text of the GPL-3.0. But it is _not_ licensed under GPL-3.0, it is licensed under "Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed." (as you can see in line 5 and 6 of the file) Due to this in my opinion this should result in the following information for the file COPYING.txt:
LicenseInfoInFile= GPL-3.0 LicenseInfoInFile: LicenseRef-1 LicenseConcluded: LicenseRef-1 And LicenseRef-1 (since I did not find it in the SPDX License list) "Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed." Is it more clear now? My second example deals with the same problem asking, what kind of information do I have to provide if I have a license text in a file and there is not information on how the text itself is licensed (like the Boost Software License 1.0, see my second example and my second attachement) What has to be provided in SPDX for this file BSL-1.0.txt LicenseInfoInFile= BSL-1.0 LicenseConcluded: ?????? What terms of use for the Boost Software License itself? Is the Boost Software License itself licensed under the Boost Software License 1.0 (this could be assumed because the text says "...accompanying documentation covered by this license (the "Software")..." so one can think that the text of the Boost Software License is available under the terms and conditions of the Boost Software License. But is this really the case)? I hope I was more clear and precise Regards Oliver Von: J Lovejoy [mailto:opensou...@jilayne.com] Gesendet: Dienstag, 29. Juli 2014 17:39 An: Fendt, Oliver Cc: SPDX-legal Betreff: Re: question regarding the information to be provided in case of files containing a license text Hi Oliver, If I understand the scenario you describe below (which I'd agree is quite common), which is: you have a COPYING.txt file at the top-level directory that contains the full text of a license, in this case, GPL-3.0; and then you have a bunch of files in sub-directories that have no actual license info, then the SPDX info at the file level (see Section 6 of the spec), would look something like this: For the COPYING.txt file: 6.5 License Information in File = GPL-3.0 -> use the short identifier because you should have gotten an exact match on GPL-3.0 6.4 Concluded License = GPL-3.0 -> for obvious reason! For the other files in the sub-directory: 6.5 License Information in File = NONE -> assuming there is no license information in the individual files; no header for GPLv3, nothing. 6.4 Concluded License = GPL-3.0 6.6 Comments on License = The concluded license was taken from the package level that the file was included in. This information was found in the COPYING.txt file in the xyz directory. -> this is actually the exact example in the spec itself for this section! Does that make sense? I'm not sure why you come up with "Distribute_No_Modifications" - if the license is GPLv3, then you'd identify it in the SPDX file using the short identifier, GPL-3.0 as per the instructions in the spec and the SPDX License List. Jilayne SPDX Legal Team co-lead opensou...@jilayne.com<mailto:opensou...@jilayne.com> On Jul 29, 2014, at 8:26 AM, Fendt, Oliver <oliver.fe...@siemens.com<mailto:oliver.fe...@siemens.com>> wrote: Hi all, sorry for the cryptic subject, but perhaps you can help me. When doing package analysis with FOSSology or other tools we often find files which contain a license text (e.g. usually the file COPYING contains the text of the GPL) my question is what kind of value has to be provided in the "Concluded License" in the file context? As an example: In the root directory of the package tar version 1.2.7 you find a file COPYING. Content of the file is the text of the GPL-3.0. So the file is obviously licensed under "Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed." Which might end up in a name like (Distribute_No_Modifications) (Btw. Is this license element of the SPDX license list? I think it would be worth to have it since many files are under this license :)). So the "concluded license" element for the file COPYING has the value "Distribute_No_Modifications" in this example and not GPL-3.0, which is quite clear. But what about the following example In the root directory of the package Boost version 1.55 you find a file LICENSE_1_0.txt. Content of the file is the text of the Boost Software License - Version 1.0. But no information is available how the file itself is licensed. So my question is what value to provide in the "concluded license" element for the file? In my opinion it can't be the Boost software license (since there is no hint that the text of the Boost Software License is licensed under the Boost Software license). Do you have an idea? I think it that this is a very common problem and probably was raised already, sorry that I missed the solution. Thanks in advance Oliver
COPYING
Description: COPYING
Boost Software License - Version 1.0 - August 17th, 2003 Permission is hereby granted, free of charge, to any person or organization obtaining a copy of the software and accompanying documentation covered by this license (the "Software") to use, reproduce, display, distribute, execute, and transmit the Software, and to prepare derivative works of the Software, and to permit third-parties to whom the Software is furnished to do so, all subject to the following: The copyright notices in the Software and this entire statement, including the above license grant, this restriction and the following disclaimer, must be included in all copies of the Software, in whole or in part, and all derivative works of the Software, unless such copies or derivative works are solely in the form of machine-executable object code generated by a source language processor. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal