On 5/9/23 10:56 AM, Philippe Ombredanne wrote:
Hi Jilayne:
On Tue, May 9, 2023 at 5:34 AM J Lovejoy <opensou...@jilayne.com> wrote:
Some time ago, I raised the issue of the possibility of finding a proliferation of
"public domain "dedication" texts in the course of Fedora reviewing package
license info to adopt SPDX ids. Please see
https://lists.spdx.org/g/Spdx-legal/topic/93048752#3202 for the background
Fedora has been "collecting" such texts here
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt
and using a specific LicenseRef-Fedora-Public-Domain as a sort of placeholder
SPDX id.
This is awesome! I guess that "LicenseRef-Fedora-Public-Domain" is now
the de-facto way to use namespaces for LicenseRef in the same way I
have been using them and advocating for this all along with ScanCode
with "LicenseRef-scancode-xxxx" license keys.
No, we never came to consensus on the "namespace" proposal, as you
probably recall.
Fedora is just using this really as a placeholder potentially until we
could collect some data and then have this discussion (as per my email)!
The idea being, no assessment of how many of these types of dedications exist
has been collected in one place in order for the SPDX-legal community to assess.
I estimate that Fedora has collected about 48 variations of public domain
statements that are not specifically identified on the SPDX License List. I'm
going to assume many of these packages also show up in other major distros.
A couple notes:
- Some of the dedications listed in this Fedora doc
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt
are for bona-fide SPDX licenses such as NIST-PD, SAX-PD,
libselinux-1.0 and some are permissive notice that are not public
domain and are tracked separately in ScanCode.
hmmm... there should not be anything that is already on the SPDX License
List in
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt
I just checked and do not see NIST-PD or SAX-PD
Am I understanding you wrong?
I'd like to raise the conversation as to:
1) Should each unique entry be added to the SPDX License List as a standalone
entry (like normal, in that one SPDX license id represents a specific,
identifiable license/set of text)?
2) Should SPDX consider a different approach by defining one SPDX id to
represent any one of a collection of specifically identified and vetted texts?
Either way is fine, but be ready to create eventually somewhere around
500+ license identifiers if you go with option 1).
I would think these would be added to the SPDX collection with review by
SPDX-legal to ensure they are truly public domain and not a license in
disguise. In the case of the list of items collected by Fedora, they
have already been reviewed by one or two lawyers (Richard or I) so I'd
hope that SPDX-legal wouldn't come to a different conclusion, but in any
case, the advantage would be some amount of vetting by SPDX-legal
community members.
We handle these in ScanCode as in your suggested option 2): we have a
few license identifiers each with many variants of the license text.
And we report the matched license text in scan results (and SPDX
documents) of course, so there is never any ambiguity.
that makes sense. out of curiosity, where do you record the matched
license text in an SPDX document?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3393): https://lists.spdx.org/g/Spdx-legal/message/3393
Mute This Topic: https://lists.spdx.org/mt/98776908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe:
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
