Re: explanation for ensuring no duplicate identifiers

OK, so the wording for the Overview page could be something like: • Short identifiers have no spaces in them consist of ASCII letters (A-Za-z), digits (0-9), full stops (.) and hyphen or minus signs (-) -- zvr – From: Kate Stewart Sent: Friday, 15 June, 2018 19:51 To:

Re: Proposal for a generic new exception for OpenSSL

If the wording of openvpn-openssl-exception is acceptable, we could "templatize" its text and replace "OpenVPN" with "" and "OpenVPN Technologies, Inc." with "". For example of a simple templatized license, see the NTP license: https://spdx.org/licenses/NTP.html -- zvr – -Original

Re: GPL Cooperation Commitment variations

Hi Richard, Let me try to answer, since I was the one who did the "unifying" markup. Our goal is obviously to match the three GPLCC variants and (ideally) not match anything else. Unfortunately, the latter part is not 100% achievable, but I feel the stuff we allow on top of the original

Re: [spdx-tech] A proposal for SPDX Private License Identifiers. Example: .com.amazon.-.ASL-2.0

Since these will be "private" (which I understand to simply mean "not in the official list"), why don't we simplify our lives and use URLs for naming as well? SPDX-License-Identifier: The enclosure in "<"/">" takes care of not being an approved SPDX short

Re: Open license from Red Hat

That's ISC: https://spdx.org/licenses/ISC.html -- zvr – -Original Message- From: Spdx-legal@lists.spdx.org On Behalf Of Max Brito Sent: Tuesday, 19 February, 2019 10:40 To: Spdx-legal@lists.spdx.org Subject: Open license from Red Hat Hello, I've found a permissive license published

Re: Dom4J: Which type of license?

I think you should look at "Plexus": https://spdx.org/licenses/Plexus.html We even have a note that covers Dom4j  -- zvr – -Original Message- From: Spdx-legal@lists.spdx.org On Behalf Of Max Brito Sent: Wednesday, 6 February, 2019 13:35 To: Spdx-legal@lists.spdx.org Subject: Dom4J:

Re: meeting minutes from today

I want to point out that with the adoption of license namespaces a large number of such cases would be delegated. So, even if, for example, Intel firmware binaries are “popular” and found in lots of Linux distribution, the creation (and curation) of licenses like

Re: How to send modification request to existing license data

Thank you for getting involved in SPDX. We *love* getting PRs, especially when they are so clear and well-done! So, yes, please, submit a PR with your changes making the “Vim” name alt-matchable with other names. In general, always feel free to raise issues on GitHub or submit PRs to solve

Re: Request for adding Eclipse Distribution License - v 1.0

We should have a “note” on the BSD-3-Clause license. -- zvr From: Spdx-legal@lists.spdx.org On Behalf Of CARLIER Aurelien Sent: Wednesday, 11 December, 2019 08:34 To: spdx-legal@lists.spdx.org Cc: Wayne Beaton ; Philippe Ombredanne Subject: Re: Request for adding Eclipse Distribution License

Re: Chime instead of Zoom, a modest proposal

The good folks at FSFE maintain a wiki page with Free Software alternatives: https://wiki.fsfe.org/Activities/FreeSoftware4RemoteWorking I should point out that in the SPDX calls we don't actually use video -- it's audio and screen sharing. -- zvr -Original Message- From:

Re: License of an open source license text

You might want to consider using something more general, like LicenseRef-FSF-license-text or even LicenseRef-license-text, to use the same for all license files... -- zvr -Original Message- From: Spdx-legal@lists.spdx.org On Behalf Of Richard Purdie Sent: Thursday, 18 June, 2020

Re: Another planned change to the license generation

We should emphasize the matching guidelines even more, because people might get tempted to simply use complete text file matching… Even better, we should promote the use of “standard” implementations of license matching  -- zvr From: Spdx-legal@lists.spdx.org On Behalf Of Gary O'Neall

Re: New License List website features

Ehmmm... someone suggests today (and gets accepted next month) a license of a software written in the '90s, and the license text points to a website that has not existed for years. No current timestamp would be useful. (this is actually a pretty common case) -- zvr -Original Message-

Re: New License List website features

"last checked" may or may not mean "last time checked AND found"  -- zvr -Original Message- From: Spdx-legal@lists.spdx.org On Behalf Of Matija Šuklje Sent: Friday, 13 November, 2020 16:02 To: spdx-legal@lists.spdx.org Subject: Re: New License List website features Die 13. 11. 20 et

Re: Options for metadata license identifiers

As a single data point, we (Intel) use the mentioned: # SPDX-License-Identifier: MIT LICENSE = "GPLv2 & bzip2-1.0.4" under the understanding that the comment "SPDX-License-Identifier" applies only to the file the line is in. -- zvr -Original Message- From: Spdx-legal@lists.spdx.org

Re: SPDX License List coverage for a full distro

Since we're all expressing agreement, let me add mine... and remind that we have this wonderful construct that can be used for "list of licenses curated by a single entity but not necessarily on the SPDX License List": namespaces! We can have a couple of hundred "Fedora--" or "Debian--"

Re: [spdx-tech] capitalization rules for SPDX license ids and operators

Hi Jilayne, You can refresh your memory on the discussions (2015-2020) by reading https://github.com/spdx/spdx-spec/issues/63  I still like my example from that thread: Do we really want to be able to understand Mit and gpl-2.0 And Gpl-1.0+ aNd ePl-1.0 aND isc or can we simplify our lives and

Re: SPDX files as templates

Hi Jilayne, The way we have operated for years is that the license-list-XML repo is for internal work of the SPDX Legal Team. These files are automagically processed and everything inside https://github.com/spdx/license-list-data is generated, where people can collect all the information in a

Re: Use of exception to communicate legal ambiguity

From a completely different perspective, ignoring whether the copyrightability of a file is decided by the producer or the consumer, I don't like using the exception syntax from a purely technical point. Yes, you can add a pseudo-exception to GPL-2.0-or-later and produce "GPL-2.0-or-later WITH

Re: [spdx-tech] Combined version of LGPL + GPL 3.0

I think this has nothing to do with spdx-tech and it's probably best addressed by opening a ticket at https://github.com/spdx/license-list-XML/issues. I think we could have the LGPL-3.0* texts be the current ones plus an optional concatenation of the GPL-3.0 text. Max, the new combined text

Re: License text for LGPL-3.0

Thinking about it more generally, I think the issue stems from the assumption that “one license == one file”. I am not sure everyone should rely on this being true in all cases. For the SPDX License List, where we care about license texts and identifying (matching) them, we were OK till now,

SPDX GSoC 2022

Hi everyone! As you might have heard, the SPDX project will again this year try to participate in the Google Summer of Code initiative. For those who have not heard about it, GSoC is a "global, online program focused on bringing new contributors into open source software development". The way

Re: [spdx] SPDX identifiers for "or-later" or "+" mentions

This is definitely a discussion for the SPDX Legal mailing list – adding it and moving the general list to bcc. As everyone can imagine, the SPDX Legal team has spent a lot of time discussing this topic, analyzing a number of license families. If I remember correctly, a couple of the issues

Re: License namespaces

Thanks, Steve, for raising awareness! Unfortunately, I will not be able to join the Legal Team call this week (public holiday here in Germany), but I can participate in asynchronous discussions via email or on GitHub. -- zvr From: Spdx-legal@lists.spdx.org On Behalf Of Steve Winslow Sent:

Re: Automatically responding to accepted additions to the SPDX License List

Nice automation work, Sebastian! I'm probably missing something, but... The review and the labeling as "accepted" is happening on the issue where someone submits a new license. In order to have "the license's information added to the repository", we also need a PR with the license XML, test

SPDX in GSoC 2023!

Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the program in a number of years in the past. The way it works is that we publish project ideas and, if

Re: [spdx-tech] SPDX special meeting on Properties vs Relationships

On Jun 14, 2023, at 4:20 AM, Alexios Zavras wrote: Hi all, During the tech call yesterday, we decided we should have an extra meeting to advance on the topic of modeling the licensing info. The three questions that will drive the discussion are: 1. Do we prefer declaredLicense

GSoC 2024 -- call for ideas and mentors!

Hi all, It's that time of the year again, and Google Summer of Code (GSoC) program for 2024 has been announced. For those who have not heard about it, GSoC is a "global, online program focused on bringing new contributors into open source software development". The way it works is that we

meeting during FOSDEM

Hi all, Since a number of us will be present in Brussels for attending FOSDEM in the first weekend of February, there has been a proposal for organizing a face-to-face meeting, if possible. The days of the conference are pretty full and there are a number of side events happening in the days

Re: XML format is unsatisfactory

Richard, interesting discussion, but I think your reasoning is backwards, from historical perspective. Keep in mind that license-list-XML keeps data and metadata about licenses. The metadata is easy: stuff like short identifier, when it was added, whether it's OSI approved, links for the