Hi Michael,
I am an early contributor to SPDX, but have been quiet lately.
I would recommend that we delay moving into rights and obligations until our
foundation in the descriptions is more solid.
I did some looking into this in the early days, and found approximately 70
discrete license obligations / grants / conditions that potentially differed
based on 40 different use cases (e.g., binary / source, modified / unmodified,
stand-alone / combined, in-line/static-link/dynamic-link/command-line,
distributed/hosted, etc.).
There were 2,680 combinations per license.
Despite the large number of combinations, many of the conditions required
interpretation (for instance, many licenses are silent on some of the
conditions; sometimes silence means something (implicit warranties, etc.),
sometimes it means nothing.
In the end, the SPDX team at the time decided to stick with descriptions and
keep away from what could be construed to be interpretations.
Our progress has been slow and tedious even on the description side.
I am thinking that we get the description phase more solid before expanding to
this new (and valuable level).
Thanks,
Tom
Tom Incorvia
tom.incor...@microfocus.com<mailto:tom.incor...@microfocus.com>
Direct: (512) 340-1336
M: (215) 500 8838 [**NEW** as of Oct 2013]
From: spdx-legal-boun...@lists.spdx.org
[mailto:spdx-legal-boun...@lists.spdx.org] On Behalf Of RUFFIN, MICHEL (MICHEL)
Sent: Wednesday, October 23, 2013 9:48 AM
To: Gisi, Mark; SPDX-legal; spdx-t...@lists.spdx.org
Subject: RE: Revisiting the SPDX license representation syntax
Mark,
I think that we should go further (moving from syntax to semantic). We should
decomposed FOSS license in terms of right and obligations (Blackduck call that
attributes in its protex tool).
We have a system in Alcatel-Lucent to do that since years for instance we have
attributes to say that there is need to
- have or not acknowledgement of authors in our documentation
- have run-time acknowledgement
- have source code available or not
- have the obligation of copyright indemnification in case of IP issues
- have the necessity to propagate the licences
- ....
This decomposition is very usefull to explain licenses rights and obligations
to our R&D teams (with our decomposition we cover most of the major OSI
certified licenses) . It is not perfect, and need some more work.
Blackduck is doing a more formal decomposition of licenses for instance there
is attribute is "does the license request that the source code MUST be
available" or "does the license request that the source code MAY be available";
With that system they are allowed to define if two FOSS licenses are compatible
or not. But their decomposition is not perfect because it can create conflict
that do not really exists.
The creative commons licenses are doing such kind of decomposition also so you
do not pick up a license but a set of rights and obligations and create your
license.
I think there is a ground here to raise a standard.
Michel
michel.ruf...@alcatel-lucent.com<mailto:michel.ruf...@alcatel-lucent.com>, PhD
Software Coordination Manager, N&P IS/IT
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France
________________________________
De :
spdx-legal-boun...@lists.spdx.org<mailto:spdx-legal-boun...@lists.spdx.org>
[mailto:spdx-legal-boun...@lists.spdx.org] De la part de Gisi, Mark
Envoyé : mardi 22 octobre 2013 18:02
À : SPDX-legal; spdx-t...@lists.spdx.org<mailto:spdx-t...@lists.spdx.org>
Objet : Revisiting the SPDX license representation syntax
In the last SPDX Legal meeting we discussed whether the current SPDX license
representation syntax is sufficient to represent the licensing terms of most
files (e.g., source, library and binary programs). For example, is the
combination of the SPDX license list + current binary operands (AND and OR)
sufficient to describe the licensing of most programs derived from multiple
source and library files, where each is potentially under a different license.
We decided to hold a break out session dedicated to discussing this topic in
greater depth. Initially special consideration will be given to representing
files that have licenses with special exceptions and programs derived from
files licensed under multiple different licenses. Keep in mind, given the high
degree to which sharing occurs in the community, composite licensing has become
the norm rather than the expectation. This is a good thing - we just need to
make sure SPDX can accommodate it.
I will be organizing the break session. If you are interested in participating
send me i) your email, ii) a brief description of your interest, and iii)
days/times that work best for you. I will try to select a meeting time to
accommodate the most participants.
Best,
- Mark
Mark Gisi | Wind River | Senior Intellectual Property Manager
Tel (510) 749-2016 | Fax (510) 749-455
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
_______________________________________________
Spdx-legal mailing list
Spdx-legal@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-legal