Re: [spdx-tech] SPDX VSD

On Tue, Jun 12, 2018 at 09:59:05AM -0700, James Neushul wrote: > 1. What's up with "IsFsfLibre" .. it's in lots of licences but not > in SPDX.rdf The FSF wanted that information in our published license list [1], where we'd have an existing "OSI Approved?" column. There was lots of discussion ab

Re: [spdx-tech] SPDX short-form IDs site

On Thu, Apr 12, 2018 at 08:14:30PM -0700, Bradley M. Kuhn wrote: > I suggest modifying the tutorial at https://spdx.org/ids to address > the issue head-on, with perhaps a explanation on why you would carry > license information in individual files at all. The *only* reason > it's useful to do so i

Re: [spdx-tech] SPDX short-form IDs site

On Wed, Apr 11, 2018 at 09:52:39PM +, Wheeler, David A wrote: > W. Trevor King: > > I think that would be clearer if, instead of scoping this as “SPDX > > IDs”, you scoped it as “SPDX License Expression Comments” or some > > such. > > Agreed. Perhaps call these &quo

Re: [spdx-tech] SPDX short-form IDs site

On Wed, Apr 11, 2018 at 02:59:20PM -0600, Jilayne Lovejoy wrote: > No problem, Steve. I think this all looks great, but we definitely > need to be consistent. The advice we came up with in Appendix V was > pretty well vetted, so I think that’s safe to stay within those > boundaries. > > Along the s

Re: [spdx-tech] SPDX short-form IDs site

On Wed, Apr 11, 2018 at 01:39:03PM -0700, W. Trevor King wrote: > The centered entries in the table from [11] caught me out, and I > initially thought the beginning ong the “Apache-2.0 AND (MIT OR > GPL-2.0-only)” explanation was a later paragraph in the “Apache-2.0 > AND MIT” expla

Re: [spdx-tech] SPDX short-form IDs site

On Wed, Apr 11, 2018 at 02:56:38PM -0400, Steve Winslow wrote: > I've been working on a few pages on the SPDX website on why and how > to use SPDX short-form IDs. This looks good to me :). A few minor nits: > This is intended to be developer-focused, usable by someone who > isn't otherwise famil

Re: [spdx-tech] Reminder: Upcoming SPDX tech call today - topic: License Expressions

On Tue, Apr 10, 2018 at 10:43:28AM -0500, Kate Stewart wrote: > The github issues to review prior to the meeting are at: #49 > … This issue, about moving NONE to license expressions, is very similar to [1], which is about moving NOASSERTION to license

Re: [spdx-tech] Typo fix in Section 4.3.6 of spec

On Sun, Jan 28, 2018 at 11:13:57AM -0500, Steve Winslow wrote: > ) and PR (#76 > ) in spdx-spec for a minor typo > fix, in one of the examples in Section 4.3.6 of the spec… Good catch, and #76 looks good to me.

Re: [spdx-tech] SPDX License List 3.0 is now live!

On Fri, Dec 29, 2017 at 03:26:47PM -0500, Neal Gompa wrote: > Aww man, you've got to be kidding? You got rid of the "+" signifier > and now we have to write out words?! > > I really don't like this change. It makes things more verbose for no > benefit. This issue has seen a a lot of discussion ov

Re: [spdx-tech] standardLicenseHeader for EPL-1.0

On Thu, Dec 28, 2017 at 10:53:02PM +0100, Philippe Ombredanne wrote: > You may want to check out ScanCode [1]. Since I use it with top Linux > maintainers to clarify the kernel licensing and set SPDX ids, it must > not be too shabby as a license detection engine. It detects headers > alright and m

Re: [spdx-tech] standardLicenseHeader for EPL-1.0

On Wed, Dec 27, 2017 at 08:18:32PM -0500, Thanh Ha wrote: > The other options available licenseText and standardLicenseTemplate seems > to have the full license header rather than what's recommended by the > Eclipse project to include a short header message [1] in code files. > … > [1] https://www.

Re: [spdx-tech] Proposed topic for this week's tech call: Extend license expressions to include OR-MAYBE

On Mon, Nov 27, 2017 at 10:17:22PM -0800, Gary O'Neall wrote: > > binary-confidence-expression-operator = "AND" > > confidence-expression = license-expression space "CONFIDENCE" space "0." > > 1*DIGIT > > confidence-list = confidence-expression *(space confidence-expression) > > [space lice

Re: [spdx-tech] Proposed topic for this week's tech call: Extend license expressions to include OR-MAYBE

On Mon, Nov 27, 2017 at 08:49:08PM +, Wheeler, David A wrote: > g...@sourceauditor.com: > > - Do we agree the "OR-MAYBE" should be added? > > I agree… Philippe's recent points about weighted confidence (e.g. [1]) suggests that, even if we decide to support incomplete conclusions, an unweighted

Re: [spdx-tech] OSI vs. FSF

On Tue, Oct 24, 2017 at 01:38:49AM -0700, W. Trevor King wrote: > "Artistic-1.0": { > "osi": { > "id": "Artistic-1.0", > "tags": [ > "osi-approved", > "discour

Re: [spdx-tech] OSI vs. FSF

On Fri, Oct 13, 2017 at 01:46:22PM -0700, W. Trevor King wrote: > It would be nice if the FSF had an API… And with the mock API in [1] moving along, now we can pretend they do :). So here's a more structured comparison between FSF and OSI tags: OSI IDs and tags, keyed by SPDX ID, fall

[spdx-tech] Allow + for license references in SPDX License Expressions

Cross-posting from [1], at Gary's suggestion [2]. I'd like to allowed + for license-ref (it's currently only for license-id [3]). There could be external licenses which offer a choice between only-this-version and or-later grants, and allowing + for license-ref makes it easier to support those li

[spdx-tech] OSI vs. FSF (was: Providing access to FSF license metadata)

On Fri, Oct 13, 2017 at 03:56:55PM -0400, Richard Fontana wrote: > I've been thinking about this because there's been some interest > among the FSF and OSI in seeing where exactly the lists of > FSF-recognized-as-free and OSI-approved licenses disagree. This is definitely something that would be n

Re: [spdx-tech] Providing access to FSF license metadata

e FSF is not > textually identical to the OSI MIT license and also does not match the > SPDX license "MIT", but does match the SPDX license "X11". They also list the Expat license as free and GPL-compatible [5], and it matches the SPDX MIT [6]. So you can say the FSF consi

[spdx-tech] Providing access to FSF license metadata (was: Issues added based on this weeks Legal Call)

On Fri, Oct 13, 2017 at 10:20:33AM -0700, Gary O'Neall wrote: > There is a request by the FSF and approved by the legal team to add > a property to the listed licenses isFsfFree to indicate if a license > is identified by the Free Software Foundation as a Free / Libre > license. This would be a si

Re: [spdx-tech] Proposed license test files directory

On Tue, Oct 03, 2017 at 05:05:24PM +, Manbeck, Jack via Spdx-tech wrote: > 0BSD-id-good.[c|sh|js| whatever] > 0BSD-id-bad.[c|sh|js| whatever] To address your “How will people feel about being a "bad" example” [1] I think we want to use match/no-match instead of good/bad [2]. > licenseid/ > li

Re: [spdx-tech] Short question about downwards and upwards compatibility

On Thu, Sep 14, 2017 at 10:32:37AM +0200, Maximilian Huber wrote: > But since we currently only use features which were already in 2.0 > present, it is still an open question for me. Generating files by > some older (but compatible) specification makes it easier for people > to parse the generated

Re: [spdx-tech] Short question about downwards and upwards compatibility

On Tue, Sep 12, 2017 at 07:54:31AM -0500, Kate Stewart wrote: > Of concern, there are new fields added in 2.1 that are > not present in 2.0 (backwards compatibility), its best > the file is correctly labeled. If you use the new-in-2.1 properties [1], you need to declare 2.1. But if you don't use t

Re: [spdx-tech] minutes, summary, next steps

On Thu, Aug 17, 2017 at 04:22:51PM -0700, Gary wrote: > > > > Will that be: > > > > > > > > a. GPL-2.0-only OR GPL-3.0-only > > > > > > The "ONLY" would be an operator, so I'd expect to see: (GPL-2.0 > > > ONLY OR GPL-3.0 ONLY) > > > > That's certainly possible as well, and it would be easier to pa

Re: [spdx-tech] minutes, summary, next steps

On Thu, Aug 17, 2017 at 06:00:22PM -0400, Wheeler, David A wrote: > W. Trevor King: > > Is this proposal different from [1]? The only think I can see is that the > > old > > “GPL-2.0 by itself is unclear” issue is now being explicitly embraced > > (while [1] > &g

Re: [spdx-tech] minutes, summary, next steps

On Thu, Aug 17, 2017 at 03:03:15PM -0600, J Lovejoy wrote: > As promised, the summary of where we got to is here under Current Proposed > Solution: > https://wiki.spdx.org/view/Legal_Team/or-later-vs-unclear-disambiguation Is this proposal different from [1]? The only think I can see is that the

Re: [spdx-tech] SPDX file naming

On Mon, Aug 14, 2017 at 09:59:27PM +, Gisi, Mark wrote: > We use .spdx (e.g., busybox.1.22.1.spdx) for the > following reasons: > > 1. We typically ship tens (if not hundreds) of SPDX files for a >single product release. We consolidate all the SPDX files in a >single archive. They can't

Re: [spdx-tech] SPDX file naming

On Sat, Aug 12, 2017 at 11:27:51AM -0700, g...@sourceauditor.com wrote: > 3) [packename].spdx where packagename is the name of the package > > Note that #3 is currently in use. My concern with the current SPDXParser.spdx [1] is that it is not immediately obvious that the file applies to the

Re: [spdx-tech] joint call legal/tech team - Tuesday, Aug 8

On Fri, Aug 04, 2017 at 04:54:34PM -0600, J Lovejoy wrote: > There is a summary of the background and issue here: > https://wiki.spdx.org/view/Legal_Team/or-later-vs-unclear-disambiguation I've spend some time today using my new wiki account to shuffle things around there and on [1]. If it's bett

Re: [spdx-tech] Broken link on contact page and how to contribute to spdx.org

On Tue, Feb 21, 2017 at 06:37:45PM +, Manbeck, Jack wrote: > Thanks for the feedback. I will take a look at them. The broken link is still up, and I just found an amusing “supplying SPDX flies” (should be “files”) on [1]. Cheers, Trevor [1]: https://spdx.org/about -- This email may be sign

Re: [spdx-tech] various threads on "only" suffix (for GPL)

On Fri, May 26, 2017 at 01:31:59PM -0700, W. Trevor King wrote: > On Fri, May 26, 2017 at 03:15:44PM -0400, Wheeler, David A wrote: > > * GPL-2.0+. I *know* that GPL version 2.0, or later, is acceptable. > > How could you know this before GPL-4.0 has been written? Maybe I'm

Re: [spdx-tech] various threads on "only" suffix (for GPL)

On Fri, May 26, 2017 at 03:15:44PM -0400, Wheeler, David A wrote: > J Lovejoy: > > Thanks Bradley. Your point re: other licenses building in a de > > facto “or later” clause versus the GPL family of licenses leaving > > the choice to the copyright holders is exactly the thing I wanted > > to confi

Broken link on contact page and how to contribute to spdx.org

Browsing around spdx.org today, I ran across a broken link on [1] pointing at [2], which is currently down: $ curl -sI https://www.linuxfoundation.org/collaborative-projects | head -n1 HTTP/1.1 404 Not Found It seems like the current location is [3]. It looks like there are a handful of elde