Re: [spdx-tech] SPDX short-form IDs site

[W. Trevor King]

On Thu, Apr 12, 2018 at 08:14:30PM -0700, Bradley M. Kuhn wrote:
> I suggest modifying the tutorial at https://spdx.org/ids to address
> the issue head-on, with perhaps a explanation on why you would carry
> license information in individual files at all.  The *only* reason
> it's useful to do so is in case the file gets separated from its
> larger work.

This point is already addressed in [1] with:

  SPDX IDs make code reuse easier.

  If your project only has license info in a top-level LICENSE.txt
  file, it's harder for others to reuse your code. They may not know
  what license applies once the file leaves your repo.

  An SPDX ID is located within each source code or documentation file,
  and follows that file into downstream projects, making license
  compliance easier.

I think that covers your point fairly clearly.  Perhaps it could be
raised into a more prominent position?

Looking over the landing page again [2], I feel like the
question-words distinctions are not as clear as I initially felt.  For
example, a very similar idea is covered by WHAT's “Needs only one new
comment line per file” and HOW's “In each file in your project, just
add a single line…”.  And WHAT's “Human-readable and machine readable”
also shows up as a section in the why-detail page [1].

Perhaps we should drop the WHAT block, put all the motivation in WHY,
and leave the implementation details to HOW.  The consolidated WHY
could have reasons like:

  WHY use SPDX IDs?

  Easily declare licensing for each source file, even when the file
  appears out of context.  Declarations are compact, precise, and
  machine- and human-readable.

  Read more about why to use SPDX identifiers

The two-sentence paragraph would also fit the pattern used by the
existing HOW and WHERE entries, replacing the list-like current WHAT
and WHY entries.

Cheers,
Trevor

[1]: https://spdx.org/ids-why
[2]: https://spdx.org/ids

-- 
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


signature.asc
Description: OpenPGP digital signature
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

[Bradley M. Kuhn]

My concern about https://spdx.org/ids is that its current drafting helps to
perpetuate the fiction that licenses apply primarily to individual "files", not
works, as if files on a filesystem have some real connection with
copyrightability, boundries in copyright, and/or how licenses apply to works.

While the distinction might not matter in some cases, giving developers
the impression that licensing is primarily a file-based phenomena serves to
exacerbate commonly held confusions about how copyright licensing works.

I suggest modifying the tutorial at https://spdx.org/ids to address the issue
head-on, with perhaps a explanation on why you would carry license
information in individual files at all.  The *only* reason it's useful to do
so is in case the file gets separated from its larger work.  I'd suggest
something like this:

   WHY
put license information in every file?


Ultimately, licenses apply to copyrighted works, and a single work is
usually comprised lots of different files.  However, because it's easy to
bring a file from one work into another -- you don't even have to cut and
paste, you just type "cp file1 /a/new/directory" -- it's really important
to carry the license information in each file of your project as well as
at the top level.  The toplevel is the place for detailed information,
and SPDX identifiers are short and easy to carry the information in every
file, and you assure that your project's licensing decisions are not
easily missed.

--
Bradley M. Kuhn

Pls. support of the charity where I work, Software Freedom Conservancy:
https://sfconservancy.org/supporter/
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech