Thanks for the various feedback on this, everyone!
Responding in order... see below
On 5/8/23 10:43 PM, Warner Losh wrote:
On Mon, May 8, 2023, 9:34 PM J Lovejoy <opensou...@jilayne.com> wrote:
Hi SPDX-legal
Some time ago, I raised the issue of the possibility of finding a
proliferation of "public domain "dedication" texts in the course
of Fedora reviewing package license info to adopt SPDX ids. Please
see https://lists.spdx.org/g/Spdx-legal/topic/93048752#3202 for
the background
Fedora has been "collecting" such texts here
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt
and using a specific LicenseRef-Fedora-Public-Domain as a sort of
placeholder SPDX id.
The idea being, no assessment of how many of these types of
dedications exist has been collected in one place in order for the
SPDX-legal community to assess.
I estimate that Fedora has collected about 48 variations of public
domain statements that are not specifically identified on the SPDX
License List. I'm going to assume many of these packages also
show up in other major distros.
I'd like to raise the conversation as to:
1) Should each unique entry be added to the SPDX License List as a
standalone entry (like normal, in that one SPDX license id
represents a specific, identifiable license/set of text)?
2) Should SPDX consider a different approach by defining one SPDX
id to represent any one of a collection of specifically identified
and vetted texts?
I'd love to hear your yes or no answer to these questions and why
you answered as such :)
Also see for background:
https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_updating_existing_packages_callaway_short_name_categories
https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_public_domain
We likely won't have time to discuss this on Thursday's call, but
I wanted to start the discussion here and perhaps we can dedicate
some time at an upcoming meeting.
Some thoughts. Public domain needs no license since there is no
enforceable copyright. If these are truly public domain now, then how
can a license catalog apply? If it doesn't then this catalog could be
viewed as verified ways the public domain provenance of the work is
attested.
well, yeah, having "public domain dedications" which are not technically
licenses on a list that lists licenses is a bit incongruent, but I've
always thought that the value of having such things on the SPDX License
List is to recognize the lack of copyright and therefore, license
obligations.
I think of it this way: if you were auditing code and created an SPDX
document with the licensing info and left it blank or put NONE or
NOASSERTION for something that was under an actual public domain
dedication, then it would leave a question for the downstream recipient.
Being accurate at least takes out the questionn
As such, then the matching guidelines produce not an actual license in
these cases, but confirm no license is needed. Since the text imposes
no obligations, then them all resolving to the same thing seems OK.
But there is a catch for those people who mark their code with spdx
license expression. Would it convey the work to the public domain
just with such a notice? Or would that be legally insufficient?
Hmmm.. I take it you are thinking about the use of an SPDX identifier in
source code to identify a license. If we have one "identifier" that can
refer to a set of different, but similar-in-meaning texts, would it work
to use the SPDX identifier in source files? Probably not... that
requires more thought and maybe we'd have to include some specific
advice on that.
I lean therefore for this to be a special thing. As a special thing,
we could have the registry of texts that match, presumably with
replaceable elements for names as such.
not sure what you mean here?
Would there ever be another thing like this? Where many texts map to
the same thing? That would have the same value in an spdx expression
but whose backing text would be unknown. For public domain, it doesn't
matter because there are no obligations because there is no copyright.
So if it's a special registry, then the matching tooling would need to
know about this special case.
re: tooling - my thinking is that tools would have to match on the
designated texts in order to use/identify with the "public-domain" (or
whatever) id
And how would a putative public-domain label work in spdx expressions?
Would X AND public-donain just be X? would X OR public-domain be just
that or just public-domain?
X AND public-domain would be just that - indicating that that
package/file/snippet includes both license X and a public-domain
dedication that matches to the set captured by SPDX
Finally, how does jurisdiction play into this with varying ability to
even dedicate something completely to the public domain?
Not sure these thoughts dictate a clear path, but these questions
should help frame the discussion.
Warner
Thanks,
Jilayne
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3392): https://lists.spdx.org/g/Spdx-legal/message/3392
Mute This Topic: https://lists.spdx.org/mt/98776908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe:
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-