let me start again, I think I made things more complicated they should be... and I made several mistakes below
Let us start with a file that is clearly BSD-3. What do we output? - BSD-3 - spdxBSD-3. Probably spdx-BSD3. the problem is, sometimes a file "looks" to our tools like BSD-3, but it is not according to SPDX. Example: ./drivers/net/wimax/i2400m/usb-tx.c the file includes The sentence that does not match the SPDX version is: ---------------------------------------------------------------------- Neither the name of Intel Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. ---------------------------------------------------------------------- instead of the SPDX approved sentence: ---------------------------------------------------------------------- Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. ---------------------------------------------------------------------- Notice the difference is "the" before <ORGANIZATION>. What should we output? - BSD-3? or unknown? In Ninka I defined a new license set with the prefix: spdxBSD-3 A file can be spdxBSD-3, but not BSD-3. I am not sure that is the best decision. --dmg dmg> If you follow the SPDX discussion you know that I have been looking dmg> into the implementation of SDPX. dmg> one of challenges of new SPDX licenses is that they are subsets of dmg> what we call licenses. dmg> i.e. more strict in their text. dmg> For instance, in Ninka we allow some variability in some "by dmg> inclusion" licenses. Like dmg> British vs American spellings Iin BSD. SPDX does not. dmg> So the challenge I had was to allow the more strict SPDX detection, dmg> while allowing the dmg> usual detection for those licenses. In other words: dmg> I presume something similar would happen to Fossology, where the SPDX licenses dmg> would have to be scanned first, and if not-matched, then the more dmg> traditional licenses dmg> scanned. dmg> So say file contains a British spelling version of a couple of words dmg> in the BSD-3 clauses. dmg> Currently Ninka would output: BSD-3 dmg> With SPDX support, what do we output? dmg> BSD-3 and spdx-BSD-3? dmg> or only BSD-3? dmg> alternatively, our license detection could be configured: dmg> - for default licenses (output BSD-3) dmg> - for spdx support: unknown licence (attach to Appendix) dmg> SPDX is going to gives some headaches :) dmg> --dmg dmg> For a more concrete example: what would this license be: dmg> Here is an example of the BSD3 (non-spdx): dmg> ./drivers/net/wimax/i2400m/usb-tx.c dmg> The sentence that does not match the SPDX version is: dmg> Neither the name of Intel Corporation nor the names of its dmg> contributors may be used to endorse or promote products derived from dmg> this software without specific prior written permission. dmg> instead of: dmg> Neither the name of the <ORGANIZATION> nor the names of its dmg> contributors may be used to endorse or promote products derived from dmg> this software without specific prior written permission. dmg> Here is another example of the BSD3 (non-spdx): dmg> ./fs/nfsd/nfs4recover.c dmg> This is the sentence that does not match: dmg> THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED dmg> WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF dmg> MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. dmg> instead of: dmg> THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS dmg> "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT dmg> LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR dmg> A PARTICULAR PURPOSE ARE DISCLAIMED. dmg> --dmg dmg> On Fri, Jul 22, 2011 at 4:29 PM, Laser, Mary <mary.la...@hp.com> wrote: >> >> >> Greetings FOSSologists! >> >> >> >> As you may (or may not) know, The Linux Foundation’s Open Compliance Program >> has a workgroup dedicated to defining a standardized, adopted format for a >> software Bill of Materials or Software Package Data eXchange (SPDX). SPDX >> enables partners in a software supply chain to: >> >> · Easily exchange information about what’s in packages and it’s >> licensing >> >> · Avoids rework to identify the info >> >> · And, overall, leads to better compliance >> >> >> >> Here is an excellent video introduction to SPDX (~3.5 minutes long): >> >> http://www.linuxfoundation.org/programs/legal/compliance/webinars/introduction-to-spdx >> >> >> >> So, what does this have to do with FOSSology???? Read on! >> >> >> >> The current version of FOSSology identifies over 600 licenses. Many of >> these are registered with SPDX (http://spdx.org/licenses/). However, >> FOSSology is currently missing 54 licenses from the SPDX list (see >> attached). >> >> We have a long standing enhancement to include all SPDX licenses in >> FOSSology (item #10 in the unprioritized list, >> http://fossology.org/task_list#everything_else). This task has previously >> been prioritized lower than other high visibility enhancements, performance >> improvements and underlying architectural changes >> (http://fossology.org/task_list#v_2.0) . >> >> >> >> With the upcoming Launch of SPDX at LinuxCon (August 17), the time seems >> ripe to get this done. We are looking for feedback from the FOSSology >> Community to understand how this should be prioritized against other >> FOSSOlogy requests and enhancements. We also welcome volunteers who want to >> help with this effort. Adding a new license requires some familiarity with >> regular expressions and C programming. There are many examples of current >> licenses in the nomos code (see STRINGS.in and parse.c ). >> >> >> >> Please respond with your comments and level of interest to participate in an >> effort to include all SPDX licenses in FOSSology. >> >> >> >> Thanks, >> >> Mary Laser >> >> The FOSSology Project >> >> http://fossology.org >> >> >> >> _______________________________________________ >> fossology mailing list >> fossology@fossology.org >> http://fossology.org/mailman/listinfo/fossology >> >> dmg> -- dmg> --dmg dmg> --- dmg> Daniel M. German dmg> http://turingmachine.org dmg> _______________________________________________ dmg> fossology mailing list dmg> fossology@fossology.org dmg> http://fossology.org/mailman/listinfo/fossology -- -- Daniel M. German http://turingmachine.org/ http://silvernegative.com/ dmg (at) uvic (dot) ca replace (at) with @ and (dot) with . _______________________________________________ fossology mailing list fossology@fossology.org http://fossology.org/mailman/listinfo/fossology
