Brad Edmondson <brad.edmond...@gmail.com> writes:
> Thanks Mark,
>
> FWIW I believe that Mark Baushke looked at the current version of the
> net-SNMP package during our call today and found that its constituent parts
> all pointed to a single top-level license file that contained the license
> stack at issue. So while your point is well-taken that the stack is not a
> license but a license file, it may be that it's used in the wild as an
> actual license.
>
> Mark Baushke, is this a fair characterization of what you saw today?
There are 2153 files in the net-snmp-5.7.3 file.
Of these:
* 1866 of these files have no copyright or license information.
* 127 of these files have a pointer to the COPYING file at the top-level.
* 13 of these files are copyright by 'Alex Rozin'
* 2 of these files are copyright by 'Tali Rozon'
* 1 directory (disman/expression) seems to be proprietary.
Some number of files in net-snmp-5.7.3/apps/ are only under the CMU
copyright and license.
Some number of files in net-snmp-5.7.3/apps/snmpnetstat are under a
BSD-3-Clause license.
-- Mark
> Thanks,
> Brad
>
>
>
> --
> Brad Edmondson, *Esq.*
> 512-673-8782 | brad.edmond...@gmail.com
>
> On Thu, Dec 22, 2016 at 3:25 PM, Gisi, Mark <mark.g...@windriver.com> wrote:
>
> >
> >
> > http://net-snmp.sourceforge.net/about/license.html is *not* a license but
> > a license notice file. License expressions were initially designed to
> > represent the licensing of a single file whether it be a source file or a
> > binary library or program. They each represent a complete atomic integrated
> > (derived) work. Packages are collections or aggregates hence very different
> > beasts. For example, they could potentially hold a collect of independent
> > works where one is a GPL-2.0 file and the other is a proprietary file
> > (which is perfectly legitimate. Currently package level licensing is an
> > ill-defined concept. Furthermore license expressions as they are defined
> > today at a package level do not make sense unless the package contain a
> > single file – e.g., binary (or a collection of binaries for which a single
> > license express applies to all). Even in this case the expression really
> > represents the express of the file. I been waiting to have the package
> > level license discussion so we could move forward to augment the license
> > expression language to better accommodate packages. I recommended that
> > topic for the SPDX 2017 roadmap. The Net-SNMP package presents another
> > reason to have that discussion.
> >
> >
> >
> > - Mark
> >
> >
> >
> > *Mark Gisi | Wind River | Director, Open Source & Software Assurance*
> >
> > *Tel (510) 749-2016 | Fax (510) 749-4552*
> >
> >
> >
> >
> >
> > *From:* spdx-legal-boun...@lists.spdx.org [mailto:spdx-legal-bounces@
> > lists.spdx.org] *On Behalf Of *J Lovejoy
> > *Sent:* Thursday, December 22, 2016 11:30 AM
> > *To:* spdx-t...@lists.spdx.org
> > *Cc:* SPDX-legal
> > *Subject:* Net-SNMP license stack v. using license expressions
> >
> >
> >
> > Hi Tech team,
> >
> >
> >
> > We had a request to add the Net-SNMP license, which is actually a stack of
> > 6 licenses: http://net-snmp.sourceforge.net/about/license.html
> >
> >
> >
> > We’d like to get some input from the tooling and automation on this -
> > notes from today’s discussion are pasted below (with links to other
> > relevant input). Can you please provide input regarding the questions at
> > the end in red?
> >
> >
> >
> > Thanks!
> >
> > Jilayne
> >
> >
> >
> > 1) Review licenses still "under review" on list: https://docs.google.com/
> > spreadsheets/d/11AKxLBoN_VXM32OmDTk2hKeYExKzsnPjAVM7rLs
> > tQ8s/edit?pli=1#gid=695212681
> >
> > • see notes for LPG-Bolivia-1.0 and Unicode licenses in
> > spreadsheet (to add)
> >
> > • Discussed Net-SNMP and corresponding question as to
> > BSD-3-Clause with additional Sun clauses:
> >
> > • This is a stack of licenses with 6 parts, that
> > includes repetition of BSD-3-Clause, MIT_CMU, and a variation of
> > BSD-3-Clause with additional info at the top (Sun variation). Should we add
> > this as a license stack or rely on license expressions to identify?
> >
> > • As to adding as full stack: People do reproduce
> > this as is, project includes file-level references to full stack in a
> > copying file for recent versions, easier to identify for very common
> > project. This would require matching as a whole. But also have tried to
> > avoid adding license "stacks" unless necessary, as can be messy and also
> > doesn't seem to reflect file-level licensing. If added as a whole, would we
> > want to add a note that license expressions could also be used?
> >
> > • If the latter, then we'd need to either add
> > BSD-3-Clause-Sun variation or use LicenseRef for that part.
> > BSD-3-Clause-Sun only seems to appear by itself (to be able to use on its
> > own) in old version of Net-SNMP, otherwise, appears only as part of license
> > stack.
> >
> > • see previous discussion on this at Aug 4
> > meeting: http://wiki.spdx.org/view/Legal_Team/Minutes/2016-08-04 and
> > email archive: https://lists.spdx.org/pipermail/spdx-legal/
> > 2016-August/thread.html
> >
> > --> Decided to get input from tech team on this: what is tooling
> > perspective on adding this license stack versus not? Does adding as a whole
> > undercut automation and use of license expressions? does this cut against
> > or complicate automation for license detection, use of license expression,
> > and otherwise introduce duplication? Which approach as described above is
> > better from a tooling/automation perspective?
> >
> > • (hope to resolve via email by end of year and add license
> > accordingly, but will otherwise follow-up in early Jan)
> >
> >
> >
> > _______________________________________________
> > Spdx-legal mailing list
> > Spdx-legal@lists.spdx.org
> > https://lists.spdx.org/mailman/listinfo/spdx-legal
> >
> >
_______________________________________________
Spdx-legal mailing list
Spdx-legal@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-legal
