Re: SPDX Identifier in licenses/source headers
Dear Mark, In message 01813e194c768044a6486db30b5338ccc312e...@ala-mbb.corp.ad.wrs.com you wrote: As a general rule of thumb, one should *not* modify the licensing terms of another copyright holder. Adding an SPDX Identifier to an existing file is one thing. Removing (or modifying) license notices by a non-copyright holder is another and a bad idea. This is the exact question I'm trying to get an official position for. From the technical point of view the substitution of the (onmodified, standard) GPL license text by a reference pointing to the same text seems harmless. [We could consider this some form of include statement.] But IANANL, so it would be intersting for me what for example the FSF or the SFLC think about such replacement of the GPL text. Especially if you end up with less information (e.g., loss of warrantee disclaimers, copyright notices, important license text, ...). Note that I explicitly talk only about the unmodified body of some standard license text. Any other text like what you list here is obvioulsy a different thing and must never be touched. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de No user-servicable parts inside. Refer to qualified service personnel. ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
Re: SPDX ID for GPL-2.0+ with addendum ?
Hello, I wrote: I ran into a number of source files which include the standard GPL-2.0+ license header, but augmented with the following addendum: For the avoidance of doubt the preferred form of this code is one which is in an open non patent encumbered format. Where cryptographic key signing forms part of the process of creating an executable the information including keys needed to generate an equivalently functional executable are deemed to be part of the source code. I think we will need a new License tag for this, right? Do you have any suggestion for this? I found more augmented versions of GPL-2.0+ ; some libgcc files add this clause: In addition to the permissions in the GNU General Public License, the Free Software Foundation gives you unlimited permission to link the compiled version of this file into combinations with other programs, and to distribute those combinations without any restriction coming from the use of this file. (The General Public License restrictions do apply in other respects; for example, they cover modification of the file, and distribution when not linked into a combined executable.) Others include this above addendum, and additionally this one: As a special exception, if you link this library with files compiled with GCC to produce an executable, this does not cause the resulting executable to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the executable file might be covered by the GNU General Public License. Is it correct to assume that we need special license tags for these two cases, too? Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de G's Third Law: In spite of all evidence to the contra- ry, the entire universe is composed of only two basic substances: magic and bullshit. H's Dictum:There is no magic ... ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
Re: meta-tag page - part II
Dear Gary, In message 002f01cec378$2f2a3470$8d7e9d50$@com you wrote: If there is no conflict in license terms, however, I do not see an issue in using this approach. I run across a large volume of MIT style and BSD style licenses mixed in with GPL code, for example. Using AND'd licenses is a compact way of stating all of the terms from license A and all of the terms for license B apply. But this example doesn't work either. If you mix a license that allows modify and keep the modified code closed with GPL, the only legally possible result is GPLed code. I see little value in constructing such more or less artificial examples. All code that I've seen so far in real life was either simple, i. e. covered by a single license, or it came under two (I'd have to think hard if I had to quote an example with more than two) licenses, which would implement a choice - either you use the code under GPL, or under a BSD license; either you use the commercial license, or GPL. It has always been this or that. Things become more difficult when importing such code into another project - then you usually have to decide which of the available choices you chose, and go with that. At this point, the other option becomes void. I don't think it is critical to use the same syntax in the tagging as we do in the SPDX documents. I do, however, think it is important that we don't lose any embedded licensing information. For example, if there is an MIT notice stuck in the middle of a GPL licensed file, we should retain that information and not just call it a GPL licensed file. True. The clause The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. explicitly requires that. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Beware of programmers carrying screwdrivers. - Chip Salzenberg ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
Re: meta-tag page
Dear Scott, On Oct 3, 2013, at 12:33 PM, Lamons, Scott (Open Source Program Office) scott.lam...@hp.commailto:scott.lam...@hp.com wrote: Thanks for updating this page. In particular for adding the rationale for why tagging is important in the Introduction section. For me, the main impetus of adding the license tag is to automate the production of accurate SPDX data. To the extent that licensing headers are already included in the file I'm not a fan of replacing that with the tag - rather, I think our (the SPDX workgroup that is) recommendation or best practice should be that the tag should supplement the other licensing information. But, in the end, it is the ultimate choice of the copyright holder of the software because they will be the party implementing this should they choose to adopt. First of all I would like to point out that I am not an expert in this field, and even more so, I am not a lawyer... The base of my comment is the practical experience I gathered when introducing license tags to the U-Boot project; as far as I understand this is one of the first (the first?) where this has been doene in a real software project of some size. I disagree with keeping the full license header text when adding license tags; this means duplicating information, which means the risk of divergence. For us in the U-Boot project it has been one of the major goals when introducing license tags to clean up with redundant and all too often inconsistent information, and I think the same should be attempted by other projects, too. Switching from license headers to license tags requires some careful work, but this effrot should be invested only once, and then everybody should be able to rely on the recorded (and easily parsable) information of the license tags. If you keep the full license tags duplicated in the source files, you in each review have to make sure that this is still what it (probably) was then the license tag was added. In the end, you add to the efforts instead of reducing it. I also disagree on the part that such a modification is ultimate choice of the copyright holder. Actually it is only a formal change, not different from other modifications of the code. We are in no way changing the actual license terms that apply to that code. As far as I understand, such per-file license headers or license tags are not even legally needed at all (see statement of Daniel B. Ravicher, Legal Director of SLFC as referenced here [1]) if the project as a whole is licensed under clear terms. In the interest of reducing the efforts for any kind of license clearing audits I strongly vote to drop the then redundant license header text when switching to license tags. Thanks. [1] git.denx.de/?p=u-boot.git;a=commit;h=eca3aeb352c964bdb28b8e191d6326370245e03f Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Computers are not intelligent. They only think they are. ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
Re: meta-tag page
Dear D M German, In message 524e2cda.c22de00a.39d5.8...@mx.google.com you wrote: David From a programmer's perspective I think the cryptic approach is FAR David superior. There are lots of tools that can quickly examine files and David return text with the pattern SPDX-License-Identifier: , and other David tools that can trivially process the stuff after it. The above David alternative is more work to process, and humans don't like unnecessary David work :-). David If you want more boilerplate with the goal of enforceability, you David might try a format that's trivial to process, e.g.: David SPDX-License-Notice: This file is licensed under the following license(s): David SPDX-License-Identifier: MIT David SPDX-License-More-Information: http://wiki.spdx.org/ I like this idea. I dislike this. It just blows up the actual information we need by adding unneeded, redundant stuff. The meaning of a SPDX-License-Identifier tag can (and probably should) be explained in a separate text file (in the U-Boot project we use Licenses/README). There is no need to duplicate this information across all files of a project; I cannot see any benefit in doing so. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de To understand a program you must become both the machine and the program. ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
Re: meta-tag page - part II
Dear Mark, In message 01813e194c768044a6486db30b5338ccb711e...@ala-mba.corp.ad.wrs.com you wrote: Example 1: -- File: ./cairo-1.10.2.tar.gz.txt/cairo-array.c (see attachment 1) NOTICE (simplified): The file is licensed to you under either the LGPL-2.1 or MPL-1.1 at your option. LICENSE EXPRESSION = (LGPL-2.1 OR MPL-1.1) Example 2: -- FILE: busybox-1.20.2/shell/math.c (see attachment 2) NOTICE (simplified): You can redistribute the file and/or modify it under the terms of BSD-3-Clause and the MIT license and GPL-2.0 or (at your option) any later version of the GPL LICENSE EXPRESSION = (BSD-3-Clause AND MIT AND GPL-2.0+) Sorry but I think you get this wrong. The and in the text here does not translate into a logical AND operator. Instead, it is an OR just as in example 1. We have a list of liceses here, where the user can freely chose any one that fits, so it must be an OR. An expression as BSD-3-Clause AND MIT AND GPL-2.0+ makes zero sense; I can't even figure out how this should be interpreted from a legal point of view. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Boykottiert Microsoft - Kauft Eure Fenster bei OBI! ___ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal