Dear Mark,
In message <01813e194c768044a6486db30b5338ccb711e...@ala-mba.corp.ad.wrs.com>
you wrote:
>
> I understand the need to keep it simple for the sake of adoption.
> However, if it is too simple we run the risk of mega-tagging doing
> more damage than good. If one is concerned about pursuing Strong
> Compliance (where one tries, within reason, to honor the license
> wishes of all applicable copyright holders of a distributed program)
> then:
>
> 1. A simple SPDX License Identifier is not sufficient.
>
> 2. License text is required for a variety of licenses (including but
> not limited to BSD, MIT, Apache, and many custom licenses)
Full agreement here. But then, this is not an issue that influnces
license tags at all. If we only had to deal with the easy cases (all
files of a prject are covered by the very same license terms) then we
would not need any per-file license information at all; instead a
project-global license statement would be sufficient.
But the nature especially of open source projects is to borrow code
from here and there, and to support using code in different
environment,s so any project of non-trivial size will quickly have to
deal with things like dual-licensed files etc.
The approach the U-Boot project has taken here attempts to support
Strong Compliance while at the same time getting rid of redundant
information to the extend possible:
- The file "Licenses/README" contains the project-global license
statement plus explanations how license tags are used in the
individual files.
- A file "Licenses/Exceptions" deals with special exceptions from the
rule.
- Files like
Licenses/bsd-2-clause.txt
Licenses/bsd-3-clause.txt
Licenses/eCos-2.0.txt
Licenses/gpl-2.0.txt
Licenses/ibm-pibs.txt
...
contain copies of the origianl license texts referred to within the
project.
- The individual project files include only the license tags.
We believe this is a useful compromise between providing all the
legally necessary or useful information, making sure this information
is consistent, and making sure that the actual license terms of a file
level can easily be verified with automatic tools.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de
It is better to be silent and thought a fool then to speak and remove
all doubt.
_______________________________________________
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech
