We discussed the issue raised here on the call today, so I’ll refer others who are interested in this topic to the meeting minutes, which have been posted here: http://wiki.spdx.org/view/Legal_Team/Minutes/2014-08-07
It would be great if others could comment on their experiences or thoughts on the topic - such discussion is well-suited for the mailing list. Thanks, Jilayne SPDX Legal Team co-lead opensou...@jilayne.com On Aug 5, 2014, at 9:29 AM, Fendt, Oliver <oliver.fe...@siemens.com> wrote: > Hi Jilayne, > > sorry for answering so late. > I’ll try to be more precise. > I have attached the COPYING file of my tar scenario. The file contains for > sure the text of the GPL-3.0. But it is _not_ licensed under GPL-3.0, it is > licensed under “Everyone is permitted to copy and distribute verbatim copies > of this license document, but changing it is not allowed.” (as you can see in > line 5 and 6 of the file) Due to this in my opinion this should result in > the following information for the file COPYING.txt: > > LicenseInfoInFile= GPL-3.0 > LicenseInfoInFile: LicenseRef-1 > > LicenseConcluded: LicenseRef-1 > > > And LicenseRef-1 (since I did not find it in the SPDX License list) > “Everyone is permitted to copy and distribute verbatim copies of this license > document, but changing it is not allowed.” > > Is it more clear now? > > My second example deals with the same problem asking, what kind of > information do I have to provide if I have a license text in a file and there > is not information on how the text itself is licensed (like the Boost > Software License 1.0, see my second example and my second attachement) > What has to be provided in SPDX for this file BSL-1.0.txt > > LicenseInfoInFile= BSL-1.0 > > LicenseConcluded: ?????? > > What terms of use for the Boost Software License itself? Is the Boost > Software License itself licensed under the Boost Software License 1.0 (this > could be assumed because the text says “…accompanying documentation covered by > this license (the "Software")…” so one can think that the text of the Boost > Software License is available under the terms and conditions of the Boost > Software License. But is this really the case)? > > I hope I was more clear and precise > > Regards > Oliver > Von: J Lovejoy [mailto:opensou...@jilayne.com] > Gesendet: Dienstag, 29. Juli 2014 17:39 > An: Fendt, Oliver > Cc: SPDX-legal > Betreff: Re: question regarding the information to be provided in case of > files containing a license text > > Hi Oliver, > > If I understand the scenario you describe below (which I’d agree is quite > common), which is: you have a COPYING.txt file at the top-level directory > that contains the full text of a license, in this case, GPL-3.0; and then you > have a bunch of files in sub-directories that have no actual license info, > then the SPDX info at the file level (see Section 6 of the spec), would look > something like this: > > For the COPYING.txt file: > 6.5 License Information in File = GPL-3.0 —> use the short identifier because > you should have gotten an exact match on GPL-3.0 > 6.4 Concluded License = GPL-3.0 —> for obvious reason! > > For the other files in the sub-directory: > 6.5 License Information in File = NONE —> assuming there is no license > information in the individual files; no header for GPLv3, nothing. > 6.4 Concluded License = GPL-3.0 > 6.6 Comments on License = The concluded license was taken from the package > level that the file was included in. This information was found in the > COPYING.txt file in the xyz directory. —> this is actually the exact example > in the spec itself for this section! > > Does that make sense? > > I’m not sure why you come up with “Distribute_No_Modifications” - if the > license is GPLv3, then you’d identify it in the SPDX file using the short > identifier, GPL-3.0 as per the instructions in the spec and the SPDX License > List. > > Jilayne > > SPDX Legal Team co-lead > opensou...@jilayne.com > > > On Jul 29, 2014, at 8:26 AM, Fendt, Oliver <oliver.fe...@siemens.com> wrote: > > > Hi all, > > sorry for the cryptic subject, but perhaps you can help me. > > When doing package analysis with FOSSology or other tools we often find files > which contain a license text (e.g. usually the file COPYING contains the text > of the GPL) my question is what kind of value has to be provided in the > “Concluded License” in the file context? > As an example: > In the root directory of the package tar version 1.2.7 you find a file > COPYING. Content of the file is the text of the GPL-3.0. So the file is > obviously licensed under “Everyone is permitted to copy and distribute > verbatim copies of this license document, but changing it is not allowed.” > Which might end up in a name like (Distribute_No_Modifications) (Btw. Is this > license element of the SPDX license list? I think it would be worth to have > it since many files are under this license J). > So the “concluded license” element for the file COPYING has the value > “Distribute_No_Modifications” in this example and not GPL-3.0, which is quite > clear. > > But what about the following example > In the root directory of the package Boost version 1.55 you find a file > LICENSE_1_0.txt. Content of the file is the text of the Boost Software > License - Version 1.0. But no information is available how the file itself is > licensed. So my question is what value to provide in the “concluded > license” element for the file? In my opinion it can’t be the Boost software > license (since there is no hint that the text of the Boost Software License > is licensed under the Boost Software license). Do you have an idea? > > I think it that this is a very common problem and probably was raised > already, sorry that I missed the solution. > > Thanks in advance > > Oliver > > <COPYING><BSL-1.0.txt>
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal