The word "registry" always gives me flashbacks. Shared namespaces offer a unique kind of value, but always come with carrying costs, scaling stepwise with popularity.
For example, the statutory process of copyright-based takedown requests, the DMCA, doesn't cover trademark-based claims. There is no special safe harbor from trademark infringement for service providers, just generally applicable rules of secondary liability. How will you handle name disputes? How will you deal with complaints (to SPDX/LF) about the identifiers being used by private parties under their assigned namespaces? Prior art: https://www.npmjs.com/policies/disputes The npm public registry was originally one, flat namespace for packages. `jquery` is a package name. In time, the registry expanded to support scoped packages, with a separate namespace for scopes, and another for each scope, for packages within it. `@blueoak/list` is a scoped package name. Some scopes exist on the public registry, and some exist only in private registries. -- Kyle Mitchell, attorney // Oakland // (510) 712 - 0933 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2567): https://lists.spdx.org/g/Spdx-legal/message/2567 Mute This Topic: https://lists.spdx.org/mt/30299819/21656 Group Owner: spdx-legal+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-