issues that need attention and 3.24 release

[J Lovejoy]

Hi all,

Meant to get this out Friday, but hopefully folks can contribute to 
getting some of these "low hanging fruit" ripe for the 3.24 which we are 
aiming to push this coming weekend:


Listing in order of priority:

 * rrdtool FLOSS exception:
   https://github.com/spdx/license-list-XML/issues/2333 - another
   person to review and agree to add
 * HPND-export variant -
   https://github.com/spdx/license-list-XML/issues/2350 - new license
   or markup? need thoughts from lawyers on this one in particular
 * dumpasn1 https://github.com/spdx/license-list-XML/issues/2397 - need
   input on name and id
 * Groessler/Code Sourcery HPND variant
   https://github.com/spdx/license-list-XML/issues/2409 - need input on
   name and id
 * Intel HPND/MIT like
   https://github.com/spdx/license-list-XML/issues/2410 - need another
   +1 to add and input on name/id

There may be a few more, but wanted to get this out sooner than later, 
so people can get to helping out here!


Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3556): https://lists.spdx.org/g/Spdx-legal/message/3556
Mute This Topic: https://lists.spdx.org/mt/106101681/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [spdx] "-only" and "-or-later" identifiers for EUPL licenses?

[J Lovejoy]

Thanks Patrice - this was a good reminder that I should write up a longer 
explanation (rather than just pointing to the blog posts) as it is a question 
that comes up often enough to warrant recording a longer explanation. I thought 
I had put something in the FAQ, but don’t see it there. Will make a point to 
work on that.

In any case, I think the addition of an operator for “only this version” could 
be helpful, particularly for the EUPL.  I believe there was another license 
that this might be useful for. I made an issue here to capture this: 
https://github.com/spdx/license-list-XML/issues/2472

Thanks,
Jilayne

> On May 2, 2024, at 8:25 AM, Patrice-Emmanuel SCHMITZ via lists.spdx.org 
>  wrote:
> 
> Dear Jilayne,
> 
> My post was nothing personal; I can imagine how difficult it is to manage a 
> community made up of many individuals and interests. All of us should be 
> grateful for that and the decision to create these "-or-Later" identifiers 
> was undoubtedly a collective one at the time, but as multiple and unconcerted 
> reactions prove, it risks remaining a stone in SPDX's shoe for a long time. 
> Regarding the EUPL, we do not require the creation of an "-or-later" 
> identifier unless this was the rule for all licenses.
> 
> Kind regards,
> 
> 
> Le mer. 1 mai 2024 à 18:56, J Lovejoy via lists.spdx.org 
> <http://lists.spdx.org/>  <mailto:jilayne@lists.spdx.org>> a écrit :
>> I'm moving the SPDX general list to bcc, as this is really a topic for 
>> spdx-legal. 
>> 
>> In case anyone didn't see it and for context, my response to Christian that 
>> Patrice-Emmanuel references is on the spdx-legal thread and can be seen 
>> here: https://lists.spdx.org/g/Spdx-legal/message/3548
>> 
>> Some additional responses below:
>> 
>> On 5/1/24 2:49 AM, Patrice-Emmanuel SCHMITZ via lists.spdx.org 
>> <http://lists.spdx.org/> wrote:
>>> Hello Christian,
>>> It is a frequent practice from license stewards to encourage the coverage 
>>> of later versions of "their" license.
>>> At the very beginning of the EUPL, licensors are invited to specify 
>>> "licensed under the EUPL", which, according to the copyleft clause 5, 
>>> clearly refers to the latest version.
>>> This preserves the possibility for a licensor of specifying a precise 
>>> version, like "1.2-only" (or  the legally similar "1.2").
>>> The wording of the EUPL probably leaves less uncertainty than saying, for 
>>> example, that "licensing under the EUPL" leaves the licensee with the 
>>> choice of the version (like it is, apparently, the case for the GNU/GPL).
>> At some point, we did some research on licenses that have language relating 
>> to later versions or the like. It was a bit surprising to see how many 
>> variations there are as to the default position, e.g., if no other 
>> indication means one can apply any later version or if no other indication 
>> means this version only. In all cases, to indicate something other than the 
>> default requires additional notation of some form (more on that below). 
>> 
>>> But the real question for SPDX is: are those "-or-later" or even "+", 
>>> applied to ANY license, justifying specific SPDX identifiers?
>> That is a question that has and has had a definitive answer since version 
>> 2.0 of the SPDX License List: 
>> "+" can be applied to any license. 
>> And as of 3.0 - the GNU licenses ids changed, but 
>> "-or-later" and "-only" cannot be used with any license as they are not part 
>> of the license expression syntax identified in 
>> https://spdx.github.io/spdx-spec/v3.0/annexes/SPDX-license-expressions/ 
>> 
>>> Like Jilayne wrote, this was most probably a mistake in accepting to do so 
>>> for the GNU licenses only (for political reasons).
>> I would not characterize the changes to the GNU license ids in version 3.0 
>> as mistake. That implies a decision make on lack of awareness or knowledge. 
>> We had a various proposals at the time, which were discussed at length over 
>> many months. I do think we made the best decision that we could for that 
>> time and given the options we had. Looking back and judging that decision 
>> with the benefit of 20/20 hindsight and current knowledge isn't entirely 
>> helpful. (and if I sound a bit defensive, it is because, on a personal note, 
>> it was one of the most stressful things to navigate as a community leader. 
>> Yet as far as I can tell, the complaints or criticism of this change tend to 
>> come t

Re: [spdx] "-only" and "-or-later" identifiers for EUPL licenses?

[J Lovejoy]

I'm moving the SPDX general list to bcc, as this is really a topic for 
spdx-legal.


In case anyone didn't see it and for context, my response to Christian 
that Patrice-Emmanuel references is on the spdx-legal thread and can be 
seen here: https://lists.spdx.org/g/Spdx-legal/message/3548


Some additional responses below:

On 5/1/24 2:49 AM, Patrice-Emmanuel SCHMITZ via lists.spdx.org wrote:

Hello Christian,
It is a frequent practice from license stewards to encourage the 
coverage of later versions of "their" license.
At the very beginning of the EUPL, licensors are invited to specify 
"licensed under the EUPL", which, according to the copyleft clause 5, 
clearly refers to the latest version.
This preserves the possibility for a licensor of specifying a precise 
version, like "1.2-only" (or  the legally similar "1.2").
The wording of the EUPL probably leaves less uncertainty than saying, 
for example, that "licensing under the EUPL" leaves the licensee with 
the choice of the version (like it is, apparently, the case for the 
GNU/GPL).
At some point, we did some research on licenses that have language 
relating to later versions or the like. It was a bit surprising to see 
how many variations there are as to the default position, e.g., if no 
other indication means one can apply any later version or if no other 
indication means this version only. In all cases, to indicate something 
other than the default requires additional notation of some form (more 
on that below).


But the real question for SPDX is: are those "-or-later" or even "+", 
applied to ANY license, justifying specific SPDX identifiers?
That is a question that has and has had a definitive answer since 
version 2.0 of the SPDX License List:

"+" can be applied to any license.
And as of 3.0 - the GNU licenses ids changed, but
"-or-later" and "-only" cannot be used with any license as they are not 
part of the license expression syntax identified in 
https://spdx.github.io/spdx-spec/v3.0/annexes/SPDX-license-expressions/


Like Jilayne wrote, this was most probably a mistake in 
accepting to do so for the GNU licenses only (for political reasons).
I would not characterize the changes to the GNU license ids in version 
3.0 as mistake. That implies a decision make on lack of awareness or 
knowledge. We had a various proposals at the time, which were discussed 
at length over many months. I do think we made the best decision that we 
could for that time and given the options we had. Looking back and 
judging that decision with the benefit of 20/20 hindsight and current 
knowledge isn't entirely helpful. (and if I sound a bit defensive, it is 
because, on a personal note, it was one of the most stressful things to 
navigate as a community leader. Yet as far as I can tell, the complaints 
or criticism of this change tend to come to SPDX/me, instead of to the 
FSF or both orgs.)


It would most probably be another mistake to do it for all 
other licenses, including the EUPL.
If you mean to change existing license ids to mimic the  specific 
entries that the GNU licenses have instead of using the license syntax 
like "+" - I would not see this as an optimal path, unless there are 
extenuating circumstances to justify it, which I don't think there are.
It would be more consistent for the SPDX Standard to stick to a strict 
and transparent rule: "*a unique SPDX identifier must correspond to a 
unique license text*".
That is the case and always has been. The caveat is that some licenses 
use the same exact license text for variants about if you can apply a 
later version of that license. E.g., the license text of the GPL is the 
same, it is in the license notice that one indicates if you intend that 
version only or any later version. Similarly, EUPL also requires some 
other communication to indicate the intention for only a specific 
version to apply. Of course, this can be done by using an SPDX 
identifier in the source code.
According to this rule, no "-or-later" SPDX identifier should exist, 
simply because no precise unique and definitive license text can 
correspond to it.
This would not restrict the frequent practice to license under the 
"LicenseX-or later" (or "+"), but simply doesn't deserve any new SPDX 
identifier.
I'm not sure I'm following you here, but I think you are saying that we 
should not have separate license "line items" on the SPDX License List 
for the GNU licenses (e.g., GPL-2.0-only and GPL-2.0-or-later) b/c they 
use the same license test. But should, instead use the "+" operator 
added to the base id?
The current SPDX exception introduces confusion and even (IMHO) 
compromises SPDX as a standard.

Again, I'm not sure what is confusing.

It's never too late to right a mistake...
Kind regards,
P-E Schmitz (EUPL support in the Interoperable Europe Portal)


Le jeu. 25 avr. 2024 à 17:09, Christian Meeßen via lists.spdx.org 
 
 a écrit :


Hello SPDX LegalTeam,

I am an RSE working at the 

meeting at top of the hour

[J Lovejoy]

Hi all,

We have our regular SPDX-legal meeting at the top of the hour.  Please have a 
look at the following two issues marked for discussion:
https://github.com/spdx/license-list-XML/issues/2390
https://github.com/spdx/license-list-XML/issues/2424

We currently have about 50 open issues for the 3.24 release. Due to some 
schedule conflicts, Steve and I will likely push the release back from April 
30th to a week or so later.  Many of these open issues should be easy to 
resolve via Github and don’t need discussion. Please help review!!

Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3549): https://lists.spdx.org/g/Spdx-legal/message/3549
Mute This Topic: https://lists.spdx.org/mt/105732284/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: "-only" and "-or-later" identifiers for EUPL licenses?

[J Lovejoy]

Hello Christian and welcome!

There is a long story behind the change to the GNU licenses that you see today 
that I won’t bore you with, but you can get a summary here: 
https://spdx.dev/license-list-3-0-released/ (which has links to other related 
articles). 

The license expression syntax still have the + operator which can be applied to 
any license, e.g., EUPL-1.2+

I think what you have identified is a situation where the license (EUPL) text 
defaults to having the option of “any later version” but if someone wants to 
override that, they must specify somehow explicitly. We do not have a “only” 
operator in the same way as the existing + operator. Somewhat ironically, this 
was the favored recommendation from SPDX-legal back in 2017 to solve the more 
explicit identifier concerns for the GNU licenses, but was rejected by the FSF 
as an acceptable solution. From my perspective, I’m not excited to do what we 
did for the GNU licenses for another license, but I may be biased by that prior 
experience. ;)

Perhaps we should revisit the idea of adding a corresponding operator that, 
like +, can be used with any license?

Thanks,
Jilayne



> On Apr 25, 2024, at 2:44 AM, Group Notification  
> wrote:
> Subject: "-only" and "-or-later" identifiers for EUPL licenses?
> 
> Hello SPDX LegalTeam,
> 
> I am an RSE working at the German Research Centre for Geosciences (GFZ) 
> in Potsdam, Germany. I am involved in working groups in Helmholtz that 
> deal with Research Software Engineering aspects, and am also the 
> maintainer of the Helmholtz Research Software Directory 
> (https://helmholtz.software ). We generally 
> encourage the usage of SPDX 
> identifiers for software.
> 
> I noticed that there exists one identifier for EUPL-1.1 [1] and EUPL-1.2 
> [2] respectively, although the licenses specify that code can be 
> redistributed also under later versions of that license unless it is 
> explicitly stated otherwise. Here is an example from EUPL-1.2 (clause 5, 
> "Copyleft clause”):
>  
> > If the Licensee distributes or communicates copies of the Original 
> Works or Derivative Works, this Distribution or Communication will be 
> done under the terms of this Licence or of a later version of this 
> Licence unless the Original Work is expressly distributed only under 
> this version of the Licence — for example by communicating 'EUPL v. 1.2 
> only'.
> 
> The GPL licenses are separated into "-only" and "-or-later" identifiers. 
> Is there a specific reason why this was not applied to the EUPL 
> identifiers? Would it be possible to replace the existing identifiers 
> with EUPL-1.x-only and EUPL-1.x-or-later identifiers?
> 
> The EUPL-1.0 is not affected.
> 
> Kind regards,
> 
> Christian Meeßen
> 
> [1] EUPL-1.1: https://spdx.org/licenses/EUPL-1.1.html
> [2] EUPL-1.2: https://spdx.org/licenses/EUPL-1.2.html
> 
> -- 
> Dr. Christian Meeßen
> eScience Center
> Tel: +49 (0)331 6264-1983
> Email: christian.mees...@gfz-potsdam.de
> _
> Helmholtz-Zentrum Potsdam
> Deutsches GeoForschungsZentrum GFZ
> Stiftung des öff. Rechts Land Brandenburg
> Telegrafenberg A70/320, 14473 Potsdam
> 
> A complete copy of this message has been attached for your convenience.
> 
> To approve this using email, reply to this message. You do not need to attach 
> the original message, just reply and send.
> 
> Reject this message and notify the sender 
> .
> 
> Delete this message and do not notify the sender 
> .
> 
> NOTE: The pending message will expire after 14 days. If you do not take 
> action within that time, the pending message will be automatically rejected.
> 
> Change your notification settings 
> 
> From: christian.mees...@gfz-potsdam.de
> Subject: "-only" and "-or-later" identifiers for EUPL licenses?
> Date: April 25, 2024 at 2:43:46 AM MDT
> To: s...@lists.spdx.org
> 
> 
> Hello SPDX LegalTeam,
> 
> I am an RSE working at the German Research Centre for Geosciences (GFZ) in 
> Potsdam, Germany. I am involved in working groups in Helmholtz that deal with 
> Research Software Engineering aspects, and am also the maintainer of the 
> Helmholtz Research Software Directory (https://helmholtz.software). We 
> generally encourage the usage of SPDX identifiers for software.
> 
> I noticed that there exists one identifier for EUPL-1.1 [1] and EUPL-1.2 [2] 
> respectively, although the licenses specify that code can be redistributed 
> also under later versions of that license unless it is explicitly stated 
> otherwise. Here is an example from EUPL-1.2 (clause 5, "Copyleft clause"):
> 
> > If the Licensee distributes or communicates copies of the Original Works or 
> > Derivative Works, this Distribution or Communication will be done under the 
> > terms of this Licence or of a 

meeting tomorrow and some issues to review

[J Lovejoy]

Hi all,

I meant to send an updated list of issues but it sat in my draft box for 
too long...


Let's look at the following issue during our call tomorrow:
https://github.com/spdx/license-list-XML/issues/2343
https://github.com/spdx/license-list-XML/issues/2390
https://github.com/spdx/license-list-XML/issues/2424
https://github.com/spdx/license-list-XML/issues/2442

I think a bunch of the items below can be dealt with in the issue/don't 
need discussion, but we'll work through as much as we can!


Thanks,
Jilayne


Here's a revised list!

Need help on naming mostly:


  * https://github.com/spdx/license-list-XML/issues/2397 - dumpasn1 -
need further input on license text itself and naming
  * https://github.com/spdx/license-list-XML/issues/2409 - one more
person to confirm and agree on naming
  * https://github.com/spdx/license-list-XML/issues/2410 - one more
person to confirm and input on naming
  * https://github.com/spdx/license-list-XML/issues/2427



Markup questions:

 * https://github.com/spdx/license-list-XML/issues/2429 - see my
   comment and suggestion


Need license review

  * https://github.com/spdx/license-list-XML/issues/2213 - 3DSlicer
  * https://github.com/spdx/license-list-XML/issues/2333 - FLOSS
exception - this is very familiar but I don't see it on the SPDX
License List already - needs review
  * https://github.com/spdx/license-list-XML/issues/2410 - Intel license
  * https://github.com/spdx/license-list-XML/issues/2349 - HPND
variant to add - need one more person to review and input on naming
  * https://github.com/spdx/license-list-XML/issues/2350 - HPND
variant - new license or could be accommodated with markup?
  * https://github.com/spdx/license-list-XML/issues/2428





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3542): https://lists.spdx.org/g/Spdx-legal/message/3542
Mute This Topic: https://lists.spdx.org/mt/105456913/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

legal call in an hour

[J Lovejoy]

Hi all,

Hopefully you all are getting the automatic reminders for the calls now!

In any case, we have a call in an hour. I have not had time to get an 
updated list of issues out, but have seen some activity (yeah!) so we 
will have a look at what needs addressing.  I believe Miroslav, who had 
been a great contributor as of the last year or so, will be joining the 
call today as well.


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3539): https://lists.spdx.org/g/Spdx-legal/message/3539
Mute This Topic: https://lists.spdx.org/mt/105198222/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: SPDX license for Public Domain works?

[J Lovejoy]

Hi all,

Just to take a step back for a minute: requesting some kind of generic 
public domain dedication be added to the SPDX License List has come up a 
few times. We wrote up this explanation to address this (so we didn't 
have to repeat it!). See 
https://github.com/spdx/old-wiki/blob/main/Pages/Legal%20Team/Decisions/Dealing%20with%20Public%20Domain%20within%20SPDX%20Files.md


More recently, as mentioned below, Fedora in its adoption of SPDX ids, 
has come up with a way to capture various public domain text and use the 
same LicenseRef- is for all of those texts. See: 
https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_public_domain 


and
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt?ref_type=heads

Note that this deviates from an SPDX id representing a single (license) 
text, but accommodates the concept of having something to match to by 
capturing the text otherwise. Some time ago, I had raised the idea of 
SPDX adopting this approach in some form, but didn't pursue it as I had 
my own mixed feelings about such a change for SPDX.


Not sure that is what David was trying to suggest here, but thought that 
would at least provide some context of various conversations that we've 
had on this subject!


Thanks,
Jilayne

On 3/28/24 2:05 AM, Warner Losh wrote:



On Thu, Mar 28, 2024, 8:26 AM Miroslav Suchý  wrote:

Dne 27. 03. 24 v 5:32 odp. David Foster napsal(a):

Since the US copyright term limits encompass those of most other
countries (which some exceptions below†). I could also see
advertising a work as in the Public Domain for *all known
countries*, which is what the deed for CC Public Domain Mark 1.0
Universal
 covers,
which is the deed I have been trying to reference with SPDX:


Hmm, can we have variations of PD "license"? E.g. PD-100 for works
that has 100+ years from death of author, PD-70, PD-50... This
will allow user define what "they" mean by PD. And end-user
clearly analyze if it PD in their country. With only small cons
that the maintainer of package or SBOM may need to change the
license every 5-10 years. But with no impact on SPDX list. Which
is better than having tons of licenses for each year. I.e.
PD-1885, PD-1886 for works where author died at 1885, 1886.


I think it is worse than that...  there are several cases i can think of:
(1) created for the us gov. These are born public domain. But only in 
the US and it appears (IAMAL) that the year matters for rest of world 
status.
(2) Author donates the work to the public domain. This would need a 
year created, a country and a year that dedication was created if 
different. No clue what would be needed to track non copying rights 
though like moral rights.
(3) The author dies or the copyright has otherwise expired. Would need 
the year(s) and country(s) of publication. Since all that matters for 
the rest of the world due to changing copyright regulations around 
notice, registration, renual, etc.
And I guess (4) copyright lost due to legal action: copyright abuse or 
failure to follow the old regulations (see 32V Unix for an example of 
that). Here you'd need some case citation.


So do we capture all this complexity so that the legal requirements 
are properly communicated to users as SPDX was designed to do (so if i 
distribute peter pan from the US, the folks in the UK know they can't 
copy it) or is there a substantially weaker form of "belived to be in 
the public domain, for me, you are on your own to know if that is for 
you" which is kinda inline with the SPDX expressions: as a user, i 
have to puzzle it out. Given the text matching issues too... I'm not 
sure what is best since a weaker thing would be the only license our 
tools couldn't match. ...


Warner

-- 
Miroslav Suchy, RHCA

Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3538): https://lists.spdx.org/g/Spdx-legal/message/3538
Mute This Topic: https://lists.spdx.org/mt/105158733/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: issues to review - March 18th

[J Lovejoy]

Thanks to Karsten, Mary, Warner, and Steve for weighing on some of these 
and helping move things along!


Here's a revised list!

Need help on naming mostly:

 * https://github.com/spdx/license-list-XML/issues/2326 - Sun - need
   help on naming
 * https://github.com/spdx/license-list-XML/issues/2370 - MIT variant -
   need further input on naming
 * https://github.com/spdx/license-list-XML/issues/2386 - fftpack/UCAR
   - need further input on naming
 * https://github.com/spdx/license-list-XML/issues/2397 - dumpasn1 -
   need further input on license text itself and naming
 * https://github.com/spdx/license-list-XML/issues/2409 - one more
   person to confirm and agree on naming

Need license review

 * https://github.com/spdx/license-list-XML/issues/2213 - 3DSlicer
 * https://github.com/spdx/license-list-XML/issues/2333 - FLOSS
   exception - this is very familiar but I don't see it on the SPDX
   License List already - needs review
 * https://github.com/spdx/license-list-XML/issues/2343 - OpenSSL
   exception variant - need input on markup
 * https://github.com/spdx/license-list-XML/issues/2349 - HPND variant
   to add - need one more person to review and input on naming
 * https://github.com/spdx/license-list-XML/issues/2350 - HPND variant
   - new license or could be accommodated with markup?

Thanks,

Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3527): https://lists.spdx.org/g/Spdx-legal/message/3527
Mute This Topic: https://lists.spdx.org/mt/105018908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: issues to review - March 14th

[J Lovejoy]

Hi folks, 

The issues are piling up! Please review - these are mostly pretty easy ones!

revised list below:

"used in major distro" licenses - Need one more person to review (and possibly 
input on id):
https://github.com/spdx/license-list-XML/issues/2283 - one more person to 
confirm and agree on naming
https://github.com/spdx/license-list-XML/issues/2326 - one more person to 
confirm and agree on naming
https://github.com/spdx/license-list-XML/issues/2356 - need input on naming
https://github.com/spdx/license-list-XML/issues/2370 - need further input on 
naming
https://github.com/spdx/license-list-XML/issues/2386 - need further input on 
naming
https://github.com/spdx/license-list-XML/issues/2397 - need further input on 
naming
https://github.com/spdx/license-list-XML/issues/2408 - one more person to 
confirm and agree on naming
https://github.com/spdx/license-list-XML/issues/2409 - one more person to 
confirm and agree on naming

thoughts on markup:
https://github.com/spdx/license-list-XML/issues/2343

license review template has been done, need further input:
https://github.com/spdx/license-list-XML/issues/2213 - does anyone have 
knowledge about medical software who might be familiar with this?

Thanks!
Jilayne

> On Mar 1, 2024, at 5:18 PM, J Lovejoy  wrote:
> 
> Hi All,
> 
> I've updated the list below - still needs attention to close out, but thanks 
> to Karsten for adding some info regarding naming and other background to some 
> of those issues.
> 
> Also note: I've made updates to various DOCS:
> - few updates and added corresponding XML tag (where applicable) to 
> https://github.com/spdx/license-list-XML/blob/main/DOCS/license-fields.md
> - added links to fields (cross-links) 
> https://github.com/spdx/license-list-XML/blob/main/DOCS/xml-fields.md
> - updated and added link to Google doc I had mentioned (which I also updated) 
> for tips on how to find a license match: 
> https://github.com/spdx/license-list-XML/blob/main/DOCS/license-match.md
> - PR pending for updates to 
> https://github.com/spdx/license-list-XML/pull/2416/files
> 
> Please help out with the issues listed below!
> 
> Thanks,
> Jilayne
> 
> 
> 
> On 2/15/24 3:22 PM, J Lovejoy wrote:
>> Hi all,
>> 
>> Here is a list of issues to review: I've just put links, but tried to group 
>> them by what kind of review is needed, hoping that's helpful for people!
>> 
>> "used in major distro" licenses - Need one more person to review (and 
>> possibly input on id):
>> https://github.com/spdx/license-list-XML/issues/2283 - one more person to 
>> confirm and agree on naming
>> https://github.com/spdx/license-list-XML/issues/2326 - one more person to 
>> confirm and agree on naming
>> https://github.com/spdx/license-list-XML/issues/2356 - need input on naming
>> https://github.com/spdx/license-list-XML/issues/2365 - need tie-breaker 
>> opinion on id
>> https://github.com/spdx/license-list-XML/issues/2370 - need further input on 
>> naming
>> https://github.com/spdx/license-list-XML/issues/2386 - need further input on 
>> naming
>> 
>> thoughts on markup:
>> https://github.com/spdx/license-list-XML/issues/2343
>> 
>> 
>> license review template has been done, need further input:
>> https://github.com/spdx/license-list-XML/issues/2213 - does anyone have 
>> knowledge about medical software who might be familiar with this?
>> 
>> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3526): https://lists.spdx.org/g/Spdx-legal/message/3526
Mute This Topic: https://lists.spdx.org/mt/104941497/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

meeting in half hour

[J Lovejoy]

Hi All,

Just a quick reminder that we have our normal SPDX-legal call in about 
half an hour. For those of you outside of the US, this may be a 
different time than usual due to the US "springing" our clocks forward 
already.


I've been a bit behind myself, but we will focus on working through 
issues/review of licenses. Any feedback on some of the updates to 
documentation I emailed about previously would also be great.


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3524): https://lists.spdx.org/g/Spdx-legal/message/3524
Mute This Topic: https://lists.spdx.org/mt/104928804/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: issues to review - March 1st

[J Lovejoy]

Hi All,

I've updated the list below - still needs attention to close out, but 
thanks to Karsten for adding some info regarding naming and other 
background to some of those issues.


Also note: I've made updates to various DOCS:
- few updates and added corresponding XML tag (where applicable) to 
https://github.com/spdx/license-list-XML/blob/main/DOCS/license-fields.md
- added links to fields (cross-links) 
https://github.com/spdx/license-list-XML/blob/main/DOCS/xml-fields.md
- updated and added link to Google doc I had mentioned (which I also 
updated) for tips on how to find a license match: 
https://github.com/spdx/license-list-XML/blob/main/DOCS/license-match.md
- PR pending for updates to 
https://github.com/spdx/license-list-XML/pull/2416/files


Please help out with the issues listed below!

Thanks,
Jilayne



On 2/15/24 3:22 PM, J Lovejoy wrote:

Hi all,

Here is a list of issues to review: I've just put links, but tried to 
group them by what kind of review is needed, hoping that's helpful for 
people!


*"used in major distro" licenses - Need one more person to review (and 
possibly input on id):*
https://github.com/spdx/license-list-XML/issues/2283 - one more person 
to confirm and agree on naming
https://github.com/spdx/license-list-XML/issues/2326 - one more person 
to confirm and agree on naming
https://github.com/spdx/license-list-XML/issues/2356 - need input on 
naming
https://github.com/spdx/license-list-XML/issues/2365 - need 
tie-breaker opinion on id
https://github.com/spdx/license-list-XML/issues/2370 - need further 
input on naming
https://github.com/spdx/license-list-XML/issues/2386 - need further 
input on naming


*thoughts on markup:*
https://github.com/spdx/license-list-XML/issues/2343


*license review template has been done, need further input:*
https://github.com/spdx/license-list-XML/issues/2213 - */does anyone 
have knowledge about medical software who might be familiar with this?/*







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3520): https://lists.spdx.org/g/Spdx-legal/message/3520
Mute This Topic: https://lists.spdx.org/mt/104678002/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: XML format is unsatisfactory

[J Lovejoy]

Hi all,

I'm a bit late to this thread, but wanted to add a few bits to what 
others have said.


First of all, Gary's brief history of the SPDX License List format 
reminded me that we ought to document this, as it does provide some 
context on how we got here. Turns out the timing was mostly documented 
in https://github.com/spdx/license-list-XML/blob/main/DOCS/history.md - 
but I made a few updates to add a bit of color and some links - see 
https://github.com/spdx/license-list-XML/commit/028424f7567ce9010692c7891905671e5c2e5278 
if you want to check out the diff.


Suffice to say, the conversion from a spreadsheet and text files to the 
XML format was a very long process with much discussion. I'm obviously 
not going to recap that here, but if you are interested in getting a 
general idea, there are some links in the history to the old wiki that 
captures some of the working discussions. For that reason alone, I'm not 
much in favor of changing the format again, unless someone has a really 
compelling reason and a complete plan, along with the commitment to lead 
the work and any necessary tooling.


That being said, I understand what Richard is talking about in terms of 
the need to look at the XML to fully determine variations for a match or 
if further markup might be warranted. Given how the license list has 
grown, it's not surprising that we are getting more submissions that are 
"close matches" to something already on the list. Simply determining a 
match or if it's close enough to something existing, but is ripe for 
additional markup becomes a very detailed task.


For the vast majority of licenses, this isn't too hard. But for a few, 
namely the HPND variants and BSD-3-Clause in particular, parsing the 
allowed variants by looking at the XML files (especially now the regex 
space character) is really difficult. As a result of my own 
investigations into the HPND variants, I created this Google doc as a 
way to see them all in one place with only needing to scroll and used 
the blue/red text for easier human readability when comparing to a new 
submission. 
https://docs.google.com/document/d/1xqSwTfJJ7btkhbblrIAZxOxv0iZPmAMGar9rU7DLKC8/edit


I have also update our documentation with a link to this Google doc 
here: 
https://github.com/spdx/license-list-XML/blob/main/DOCS/license-match.md


Suffice to say - me maintaining this Google doc (unless someone wants to 
help...) is not optimal. If there was a way to use some kind of 
XML/regex viewing tool to help with the visualization for these 
challenging licenses, that would be great. But I'm neither the person to 
know what that would be, how it works, or how it might be implemented.


In the meantime, I hope this helps a bit!

Jilayne


On 1/15/24 12:16 PM, Gary O'Neall wrote:

Just adding a bit of historical context and personal experience to Alexios 
description below - which I largely agree with.

The XML format is actually the 3rd iteration of formats the legal team has used 
to capture license information.

Iteration 1: spreadsheets (open office format)
Iteration 2: spreadsheets with separate text files with a very proprietary 
format for denoting how to format the files in HTML (e.g. if a line starts with 
3 spaces, it is a bullet and should be indented).
Iteration 3: XML

Iteration 2 came out of limitations in the spreadsheet (length of text in a 
cell) and the inability to format the text for good HTML readability.

Iteration 3 came out of frustration trying to maintain iteration 2.  I wasn't 
the driver of the change, but from my own personal experience in iteration 2, 
we found ourselves re-inventing HTML and HTML in the proprietary text formats - 
moving to XML solved that problem.  Having a single spreadsheet with all the 
metadata didn't lend itself well to multiple collaborators - separate files for 
each license metadata made collaboration much easier.  It was a large and 
painful move involving a lot of effort to XML but in IMO resulted in a much 
easier to maintain text format and worth the effort overall.

There are several text formatting alternatives (full HTML, LaTeX, SGML, 
markdown among just a few).  Based on my past experience, I would not want to 
go back to a proprietary text format for the text portion of the license data.

For the metadata, there are several alternatives, but we would need to somehow 
link them to the text format.  Since moving to a different metadata format 
would involve some effort, I would like to see a strong enough benefit to 
justify the effort AND volunteers to help with necessary changes to the tooling.

So far, I have not seen an alternative to XML with enough benefit to go through 
the significant effort of changing - but I'm willing to listen and discuss.

Gary


-Original Message-
From:Spdx-legal@lists.spdx.orgOn Behalf Of
Alexios Zavras
Sent: Monday, January 15, 2024 7:07 AM
To: Jonas Smedegaard; Richard Fontana

Cc: SPDX-legal
Subject: Re: XML format is unsatisfactory

Re: Event: SPDX-legal call (4th Thurs of month) - Thursday, February 22, 2024 #cal-reminder

[J Lovejoy]

Agenda:

1) As per our discussion last call re: improving documentation and tips 
for contributing, I've started to make some revisions. Notably, I began 
a document on tips for reviewing licenses here: 
https://github.com/spdx/license-list-XML/blob/main/DOCS/review.md
It's a work-in-progress, but it'd be great if people could review before 
the call and be prepared with comments/suggestions.


Then we can walk through a review example

2) You hopefully will have seen Phil's email to the general mailing list 
regarding team-lead positions. Anyone can nominate themselves and the 
legal-team is open to new leads! Let's take a few moments to answer any 
questions about the process, etc.


Thanks
Jilayne

On 2/21/24 10:00 AM, Group Notification wrote:


*Reminder: SPDX-legal call (4th Thurs of month)*

*When:*
Thursday, February 22, 2024
12:00pm to 1:00pm
(UTC-05:00) America/New York

*Where:*
https://meet.jit.si/SPDXLegalMeeting

*Organizer:* SPDX-legal opensou...@jilayne.com 
 



View Event 

*Description:*
regular SPDX-legal call on 4th Thursday of month





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3518): https://lists.spdx.org/g/Spdx-legal/message/3518
Mute This Topic: https://lists.spdx.org/mt/104492063/21656
Mute #cal-reminder:https://lists.spdx.org/g/Spdx-legal/mutehashtag/cal-reminder
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

issues to review - Feb 15th edition

[J Lovejoy]

Hi all,

Here is a list of issues to review: I've just put links, but tried to 
group them by what kind of review is needed, hoping that's helpful for 
people!


*"used in major distro" licenses - Need one more person to review (and 
possibly input on id):*

https://github.com/spdx/license-list-XML/issues/2283
https://github.com/spdx/license-list-XML/issues/2348
https://github.com/spdx/license-list-XML/issues/2326
https://github.com/spdx/license-list-XML/issues/2356
https://github.com/spdx/license-list-XML/issues/2365
https://github.com/spdx/license-list-XML/issues/2370
https://github.com/spdx/license-list-XML/issues/2386

*Help on naming:*
https://github.com/spdx/license-list-XML/issues/2348

*thoughts on markup:*
https://github.com/spdx/license-list-XML/issues/2343

seems like not a exception, but explanatory/we already have exception on 
list:

https://github.com/spdx/license-list-XML/issues/2390

*license review template has been done, need further input:*
https://github.com/spdx/license-list-XML/issues/2213 - does anyone have 
knowledge about medical software who might be familiar with this?


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3516): https://lists.spdx.org/g/Spdx-legal/message/3516
Mute This Topic: https://lists.spdx.org/mt/104382910/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Issues to review / Call on Jan 25th

[J Lovejoy]

Hi all,

We have a call Thursday at noon eastern US time.

It'd be great if people could review the issues in this top list prior 
to the call and provide input so we can close those out without 
discussion on the call.


And review the lower list for discussion on the call.

Please note, there are a bunch more issue that are open, but these are 
for the most part the ones at least one person (most often me) has 
looked at. Please feel free to also review ANY open issue!


To review and resolve via Github issue

 * Openwall crypt -
   https://github.com/spdx/license-list-XML/issues/2262 - needs
   additional person to review
 * R74n - https://github.com/spdx/license-list-XML/issues/2288 - need
   one more person to weigh in (3 total)
 * GMSH exception -
   https://github.com/spdx/license-list-XML/issues/2289 - needs
   additional person to review
 * example-usage exception -
   https://github.com/spdx/license-list-XML/issues/2318 - additional
   person to review
 * other-permissive-2 -
   https://github.com/spdx/license-list-XML/issues/2319 - additional
   person to review and input on id
 * other-permissive-1 -
   https://github.com/spdx/license-list-XML/issues/2320 - additional
   person to review and input on id
 * carnegie mellon -
   https://github.com/spdx/license-list-XML/issues/2321 - additional
   person to review
 * paul-mackerras (no clause 2) -
   https://github.com/spdx/license-list-XML/issues/2324 - additional
   person to review and input on id
 * paul-mackerras-new (no clause 4) -
   https://github.com/spdx/license-list-XML/issues/2325 - - additional
   person to review and input on id

To discuss on the call:

 * bzip variant -
   https://github.com/spdx/license-list-XML/issues/2271 - add markup or
   maybe nothing at all?
 *   paul-mackerras-binary -
   https://github.com/spdx/license-list-XML/issues/2323 - add markup,
   see comments in issue

Thanks,
Jilayne

On 1/18/24 10:51 AM, J Lovejoy wrote:

Hi SPDX-legal,

Here is a list of issues that could use review. Please remember, this 
is not exhaustive! Any issue that does not have PR associated with it, 
is fair game for review and comments!


Openwall crypt - 
https://github.com/spdx/license-list-XML/issues/2262 - needs 
additional person to review
GMSH exception - 
https://github.com/spdx/license-list-XML/issues/2289 - needs 
additional person to review
example-usage exception - 
https://github.com/spdx/license-list-XML/issues/2318 - additional 
person to review


bzip variant - https://github.com/spdx/license-list-XML/issues/2271 - 
add markup or maybe nothing at all?


R74n - https://github.com/spdx/license-list-XML/issues/2288 - need 
further thoughts on my initial analysis
ANCAP - https://github.com/spdx/license-list-XML/issues/2313 - need 
further thoughts on my initial analysis



thanks,
Jilayne




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3503): https://lists.spdx.org/g/Spdx-legal/message/3503
Mute This Topic: https://lists.spdx.org/mt/103949472/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Issues to review

[J Lovejoy]

Hi SPDX-legal,

Here is a list of issues that could use review. Please remember, this is not 
exhaustive! Any issue that does not have PR associated with it, is fair game 
for review and comments!

Openwall crypt - https://github.com/spdx/license-list-XML/issues/2262 - needs 
additional person to review
GMSH exception - https://github.com/spdx/license-list-XML/issues/2289 - needs 
additional person to review
example-usage exception - https://github.com/spdx/license-list-XML/issues/2318 
- additional person to review

bzip variant - https://github.com/spdx/license-list-XML/issues/2271 - add 
markup or maybe nothing at all?

R74n - https://github.com/spdx/license-list-XML/issues/2288 - need further 
thoughts on my initial analysis
ANCAP - https://github.com/spdx/license-list-XML/issues/2313 - need further 
thoughts on my initial analysis


thanks,
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3500): https://lists.spdx.org/g/Spdx-legal/message/3500
Mute This Topic: https://lists.spdx.org/mt/103814925/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: call Thurs, Jan 11th and other updates

[J Lovejoy]

yeah yeah, Thursday is the 11th!

On 1/10/24 10:11 PM, J Lovejoy wrote:

Hi all,

You should have gotten meeting invites for the 2nd and 4th Thursday of 
each month for 2024 (starting tomorrow!). I sent it via the mailing 
list and it should also send an automatic reminder - yeah!  Note, you 
can always access the calendar in the mailing list interface at 
https://lists.spdx.org/g/Spdx-legal/calendar


Thanks to those of you who weighed in on the last round of issues in 
my email.


For our call tomorrow, Iet's have a look at:

https://github.com/spdx/license-list-XML/issues/2223 and 
https://github.com/spdx/license-list-XML/issues/2224 - these have been 
hanging around for a bit, let's have a look and resolve


I have an update on https://github.com/spdx/license-list-XML/issues/2017

https://github.com/spdx/license-list-XML/issues/2262 - is anyone 
familiar with this license or projects mentioned?


https://github.com/spdx/license-list-XML/issues/2275 - order of 
license stack issue


I was hoping to run some numbers for and a summary of our 
accomplishments for 2023 and maybe have a discussion as to goals for 
2024, but let's push that to the later call this month, so we can 
focus on 3.23 issues now.


Thanks,
Jilayne




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3484): https://lists.spdx.org/g/Spdx-legal/message/3484
Mute This Topic: https://lists.spdx.org/mt/103657292/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

call Thurs, Jan 10th and other updates

[J Lovejoy]

Hi all,

You should have gotten meeting invites for the 2nd and 4th Thursday of 
each month for 2024 (starting tomorrow!). I sent it via the mailing list 
and it should also send an automatic reminder - yeah!  Note, you can 
always access the calendar in the mailing list interface at 
https://lists.spdx.org/g/Spdx-legal/calendar


Thanks to those of you who weighed in on the last round of issues in my 
email.


For our call tomorrow, Iet's have a look at:

https://github.com/spdx/license-list-XML/issues/2223 and 
https://github.com/spdx/license-list-XML/issues/2224 - these have been 
hanging around for a bit, let's have a look and resolve


I have an update on https://github.com/spdx/license-list-XML/issues/2017

https://github.com/spdx/license-list-XML/issues/2262 - is anyone 
familiar with this license or projects mentioned?


https://github.com/spdx/license-list-XML/issues/2275 - order of license 
stack issue


I was hoping to run some numbers for and a summary of our 
accomplishments for 2023 and maybe have a discussion as to goals for 
2024, but let's push that to the later call this month, so we can focus 
on 3.23 issues now.


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3483): https://lists.spdx.org/g/Spdx-legal/message/3483
Mute This Topic: https://lists.spdx.org/mt/103657234/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

HNY and priority issues to review

[J Lovejoy]

Happy New Year SPDX-legal community!

Well, didn't quite get to clearing out issues the last couple weeks of 
December, but really hoping we can hit the ground running for the 
upcoming release at the end of this month! Please see the list of 
priority issues below for review.


Also, our next SPDX-legal call will be next Thursday, Jan 11th in 
keeping with our every 2nd and 4th Thursday of the month at noon US 
eastern time. I think we need new invites sent, so keep a lookout for 
that and mark your calendar in the meantime.


A few to review in the meantime, please:

GNU-compiler-exception variant - 
https://github.com/spdx/license-list-XML/issues/2152 - see my notes on 
differences and PR for potential markup. Need a couple people to weigh 
in on analysis as to matching guidelines and substantive differences


MIT exception for attribution of binary distributions - 
https://github.com/spdx/license-list-XML/issues/2282


Bison-1.24-exception - 
https://github.com/spdx/license-list-XML/issues/2276 - need one more 
person to review


HPND variant - https://github.com/spdx/license-list-XML/issues/2228 - 
need one more person to review


GMSH-exception - https://github.com/spdx/license-list-XML/issues/2289 - 
need one more person to review


TPPL - https://github.com/spdx/license-list-XML/issues/2263 - one more 
person to review and agree to add


Please do not wait until the next meeting to review!!!

Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3476): https://lists.spdx.org/g/Spdx-legal/message/3476
Mute This Topic: https://lists.spdx.org/mt/103496391/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

licenses to review

[J Lovejoy]

Hi all,

As promised during our call last week, here is a list of licenses to 
review. The first set just need one more person to confirm acceptance 
and thoughts on naming:


HPND with MIT disclaimer - 
https://github.com/spdx/license-list-XML/issues/2228

Veillard - https://github.com/spdx/license-list-XML/issues/2260
TPPL - https://github.com/spdx/license-list-XML/issues/2263
Tony Sanders (mailprio) - 
https://github.com/spdx/license-list-XML/issues/2272

Bison 1.24 - https://github.com/spdx/license-list-XML/issues/2276

BSD-Source-Code variant - 
https://github.com/spdx/license-list-XML/issues/2233 - has acceptance, 
need input on name


Valgrind/bzip-1.0.6 - 
https://github.com/spdx/license-list-XML/issues/2271 --> see issue for 
discussion


LPD-document - https://github.com/spdx/license-list-XML/issues/2224 - 
needs one more review, matching and name input, which may also solve 2223


Openwall Crypt - https://github.com/spdx/license-list-XML/issues/2262 - 
could use some research on if this is like anything already on SPDX 
License List (doesn't seem like it) or other instances of use


We also have a bunch of issues related to matching guidelines and markup 
- I'll send that list in a separate email shortly.


If everyone looks at a couple issues, we can start the New Year with a 
(somewhat) tidy repo!!


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3474): https://lists.spdx.org/g/Spdx-legal/message/3474
Mute This Topic: https://lists.spdx.org/mt/103276898/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

call today at noon ET

[J Lovejoy]

Hi all,

Sorry for the last minute reminder, but we will have our last call of 
2023 today!! I know everyone is busy, but I still would like to make it 
a goal to close out most of the current issues in the next week. If 
everyone commits to look at 3 issues each, I think we can get there!


We'll use the time to assess the list, checking it twice (of course).

Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3473): https://lists.spdx.org/g/Spdx-legal/message/3473
Mute This Topic: https://lists.spdx.org/mt/103172462/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

issues to review

[J Lovejoy]

HI all,

I know we didn’t have a call last week due to the holiday, but we need to keep 
up some momentum before we get to the end of the year!!

The list below still needs input:

> On Nov 9, 2023, at 9:52 PM, J Lovejoy  wrote:

> 3d-slicer - https://github.com/spdx/license-list-XML/issues/2213 - can 
> someone do a full write-up using the template on this one?
> Kevlin Henney - https://github.com/spdx/license-list-XML/issues/2206 - 
> another HPND-ish variant, see my write-up, need another person to input
> https://github.com/spdx/license-list-XML/issues/2224 and 
> https://github.com/spdx/license-list-XML/issues/2223 and the same text but 
> 2224 adds an additional sentence - does this make it substantively different 
> from 2223?
> another HPND variant - https://github.com/spdx/license-list-XML/issues/2228 
> BSD-3-Clause-Intel - https://github.com/spdx/license-list-XML/issues/2232 - 
> need another person to +1
> SMLNJ variant - https://github.com/spdx/license-list-XML/issues/2238



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3472): https://lists.spdx.org/g/Spdx-legal/message/3472
Mute This Topic: https://lists.spdx.org/mt/102845944/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: issues to review, meeting Thursday

[J Lovejoy]

Here's an updated list of issues to look at after today's legal call!

 * 3d-slicer - https://github.com/spdx/license-list-XML/issues/2213 -
   can someone do a full write-up using the template on this one?


  * Kevlin Henney -
https://github.com/spdx/license-list-XML/issues/2206 - another
HPND-ish variant, see my write-up, need another person to input

  * FSFULLRWD markup -
https://github.com/spdx/license-list-XML/issues/2208 - seems like
this can be dealt with via markup - need confirmation
  * https://github.com/spdx/license-list-XML/issues/2224 and
https://github.com/spdx/license-list-XML/issues/2223 and the same
text but 2224 adds an additional sentence - does this make it
substantively different from 2223?
  * another HPND variant -
https://github.com/spdx/license-list-XML/issues/2228
  * BSD-3-Clause-Intel -
https://github.com/spdx/license-list-XML/issues/2232 - need
another person to +1


 * SMLNJ variant - https://github.com/spdx/license-list-XML/issues/2238



Links:

You receive all messages sent to this group.

View/Reply Online (#3469) 
 | Reply To Sender 
 
| Reply To Group 
 
| Mute This Topic  | New 
Topic 
Your Subscription 
 | Contact Group 
Owner  | Unsubscribe 
 
[opensou...@jilayne.com]


_._,_._,_



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3470): https://lists.spdx.org/g/Spdx-legal/message/3470
Mute This Topic: https://lists.spdx.org/mt/102479817/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

issues to review, meeting Thursday

[J Lovejoy]

Hi all,


Sorry I’ve been MIA - had some travel, been busy, etc. But the licenses keep 
coming in, so we have lots of work to do before the end of November!

We have our regular meeting tomorrow/Thursday at noon US eastern time - 
reminder: the US set its clocks back, so if you are outside the US, the time 
may be off an hour as usual. 

If you have a chance, have a look at the open issues below!

Here are some issue that only need quick review and can be resolved outside of 
meeting (ideally):
https://github.com/spdx/license-list-XML/issues/2177 - need help on id!
https://github.com/spdx/license-list-XML/issues/2214 - name/id question
ravdvd - https://github.com/spdx/license-list-XML/issues/2201 - can someone on 
the last meeting confirm that I have understood what you discussed correctly, 
see my last comment
Kevlin Henney - https://github.com/spdx/license-list-XML/issues/2206 - another 
HPND-ish variant, see my write-up, need another person to input
FSFULLRWD markup - https://github.com/spdx/license-list-XML/issues/2208 - seems 
like this can be dealt with via markup - need confirmation
GCR - https://github.com/spdx/license-list-XML/issues/2209 - decide on name
FSFAP with no warranty disclaimer - 
https://github.com/spdx/license-list-XML/issues/2214 - decide on name
https://github.com/spdx/license-list-XML/issues/2224 and 
https://github.com/spdx/license-list-XML/issues/2223 and the same text but 2224 
adds an additional sentence - does this make it substantively different from 
2223?
another HPND variant - https://github.com/spdx/license-list-XML/issues/2228 
BSD-3-Clause-Intel - https://github.com/spdx/license-list-XML/issues/2232 - 
need another person to +1

And here’s a couple that we might want to discuss, have a look in advance if 
you can:
SAX-PD https://github.com/spdx/license-list-XML/issues/2211 - to discuss 
breaking apart the license, see comments
BSD-Source-Code with additional text - 
https://github.com/spdx/license-list-XML/issues/2233 - see notes
3d-slicer - https://github.com/spdx/license-list-XML/issues/2213 - can someone 
do a full write-up using the template on this one?
Thanks,
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3469): https://lists.spdx.org/g/Spdx-legal/message/3469
Mute This Topic: https://lists.spdx.org/mt/102479817/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: new documentation and licenses that need review

[J Lovejoy]

sorry, our next meeting is next week, Oct 26th!

> On Oct 17, 2023, at 12:39 PM, J Lovejoy  wrote:
> 
> Hi all,
> 
> As discussed on our last call, I updated (and merged) a new document to help 
> with determining if a license matches something already on the SPDX License 
> List. Have a look at 
> https://github.com/spdx/license-list-XML/blob/main/DOCS/license-match.md and 
> add comments to the related issue here: 
> https://github.com/spdx/license-list-XML/issues/2212
> 
> Here are some license submissions that need review:
> https://github.com/spdx/license-list-XML/issues/2167
> https://github.com/spdx/license-list-XML/issues/2168
> https://github.com/spdx/license-list-XML/issues/2169
> https://github.com/spdx/license-list-XML/issues/2183
> https://github.com/spdx/license-list-XML/issues/2173
> 
> We have a meeting Thursday. It'd be great to get these licenses reviewed and 
> decided upon via Github and use the meeting time for other items.
> 
> Thanks,
> Jilayne
> 



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3467): https://lists.spdx.org/g/Spdx-legal/message/3467
Mute This Topic: https://lists.spdx.org/mt/102024277/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

new documentation and licenses that need review

[J Lovejoy]

Hi all,

As discussed on our last call, I updated (and merged) a new document to 
help with determining if a license matches something already on the SPDX 
License List. Have a look at 
https://github.com/spdx/license-list-XML/blob/main/DOCS/license-match.md 
and add comments to the related issue here: 
https://github.com/spdx/license-list-XML/issues/2212


Here are some license submissions that need review:
https://github.com/spdx/license-list-XML/issues/2167
https://github.com/spdx/license-list-XML/issues/2168
https://github.com/spdx/license-list-XML/issues/2169
https://github.com/spdx/license-list-XML/issues/2183
https://github.com/spdx/license-list-XML/issues/2173

We have a meeting Thursday. It'd be great to get these licenses reviewed 
and decided upon via Github and use the meeting time for other items.


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3466): https://lists.spdx.org/g/Spdx-legal/message/3466
Mute This Topic: https://lists.spdx.org/mt/102024277/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

meeting today

[J Lovejoy]

Sorry this is last minute, but we have our regular meeting at the top of 
the hour.


Since we just got a release out, I was thinking we could talk for a bit 
about some better documentation to help with reviewing licenses - have a 
look at https://github.com/spdx/license-list-XML/pull/2118 which is 
still a work in progress.


There are also some priority issues that need to be addressed.

Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3465): https://lists.spdx.org/g/Spdx-legal/message/3465
Mute This Topic: https://lists.spdx.org/mt/101920854/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

open issues - call Thursday

[J Lovejoy]

Hi all,

In preparation for our call tomorrow/this morning, please have a look at the 
following.  Call is at noon Eastern US time, at 
https://meet.jit.si/SPDXLegalMeeting

A few of these may just need another set of eyeballs and comment and do not 
need to be discussed. We will use the time on the call to discuss any that are 
not resolved or need discussing and anything else still open and marked for 3.22

Need confirmation and clarification on 2 related issues: I think the decision / 
best outcome was for
https://github.com/spdx/license-list-XML/issues/2055 - to add markup to 
GCC-exception-2.0
and https://github.com/spdx/license-list-XML/issues/2128 which is the longer 
version with the Note paragraph added and I think we were going to add that as 
a new exception, which means it needs a name

https://github.com/spdx/license-list-XML/issues/2100 - not sure if the 
consensus was add as new license or add markup to Spencer-94?

needs input on markup v. new exception - 
https://github.com/spdx/license-list-XML/issues/2152

confirm markup appropriate for 
https://github.com/spdx/license-list-XML/issues/2142 (I already made a PR)

what to do about https://github.com/spdx/license-list-XML/issues/2105  (discuss 
on call)

more exception variants: https://github.com/spdx/license-list-XML/issues/2152

various BSD-3-Clause variants - check against recent PR:
https://github.com/spdx/license-list-XML/issues/1773
https://github.com/spdx/license-list-XML/issues/2020

any other open issues for 3.22

if we can get to them for this release, we have a handful of new submissions in 
the last week or less!

Thanks,
Jialyne



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3463): https://lists.spdx.org/g/Spdx-legal/message/3463
Mute This Topic: https://lists.spdx.org/mt/101632153/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Licenses to review (9/20)

[J Lovejoy]

Here is an updated list of issues that need review. We are making 
progress! Let's keep it up!


Also, I had a (late) epiphany regarding the use of labels. We have the 
"new license/exception request" label and then the labels for the 
decision, such as "new license/exception: accepted" - for some reason, 
I've always kept the former and just added the latter, but that does 
make it harder to search the ones that still need review and is kind of 
redundant... so, from now forward, I'll use one or the other, depending 
on the status, unless anyone has a compelling reason to keep using both :)

- HPND-doc -https://github.com/spdx/license-list-XML/issues/2124
- HPND-doc-sell -https://github.com/spdx/license-list-XML/issues/2125
- HPND-export-US-modifications 
-https://github.com/spdx/license-list-XML/issues/2138
- glib exception -https://github.com/spdx/license-list-XML/issues/2128
- PADL -https://github.com/spdx/license-list-XML/issues/2141
- Adobe-typeface -https://github.com/spdx/license-list-XML/issues/2121
- DRL-1.1 - https://github.com/spdx/license-list-XML/issues/1992 
(additional info has been added, so needs additional review)


- https://github.com/spdx/license-list-XML/issues/2152 - possible XML 
markup?

- https://github.com/spdx/license-list-XML/issues/2142 - additional markup?




Thanks!
Jilayne




On Sep 13, 2023, at 9:30 PM, J Lovejoy  wrote:

Hi all,

In preparation for our call on Thursday, 9/14 at noon Eastern US time, I’m 
including a list of the issues I’d like for us to tackle by the end of the 
call.  Yes, you read that right and yes, it is a long list!

However, the first section of the list has already been reviewed and checked 
against current licenses and are all accepted for use and present in Fedora 
(with Fedora package maintainers waiting on us!) - in other words, these should 
be easy ones to have a quick review and add your confirmation. It’d be great if 
at least some of these could be resolved prior to the call, so we can focus on 
any points of discussion (naming in some cases or markup, etc.)

Note, we will have a meeting on the 28th and then the 3.22 release will be 
published shortly thereafter. So, we need to be super productive on the call 
and then please contribute to any follow-ups.

Need 1 more person to review and +1 (do via Github issue, preferably, and not 
on call):
- texlive-slideshow -https://github.com/spdx/license-list-XML/issues/2071
- texlive-kastrup -https://github.com/spdx/license-list-XML/issues/2069
- regexpr -https://github.com/spdx/license-list-XML/issues/2085
- HPND-DEC -https://github.com/spdx/license-list-XML/issues/2119
- HPND-doc -https://github.com/spdx/license-list-XML/issues/2124
- HPND-doc-sell -https://github.com/spdx/license-list-XML/issues/2125
- HPND-sgi -https://github.com/spdx/license-list-XML/issues/2132
- HPND-export-US-modifications 
-https://github.com/spdx/license-list-XML/issues/2138
- glib exception -https://github.com/spdx/license-list-XML/issues/2128

other HPND variants that need input re: how much we can match (or not):
- Pbmplus -https://github.com/spdx/license-list-XML/issues/2065
- NTP like -https://github.com/spdx/license-list-XML/issues/2075

other input needed:
- texlive variant -https://github.com/spdx/license-list-XML/issues/2087
- hPLIP -https://github.com/spdx/license-list-XML/issues/2056

licenses that need review to start:
-https://github.com/spdx/license-list-XML/issues/2120
-https://github.com/spdx/license-list-XML/issues/2121
-https://github.com/spdx/license-list-XML/issues/2104
-https://github.com/spdx/license-list-XML/issues/2100

Something to consider going forward: where we have variants on an existing 
“theme” - like all the HPND variants (of a license stem that is already 
accepted) - might we consider a lighter weight review, for example, a close 
look in terms of matching and then call it accepted?  Something to ponder and 
discuss later.


Thanks,
Jilayne

















-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3462): https://lists.spdx.org/g/Spdx-legal/message/3462
Mute This Topic: https://lists.spdx.org/mt/101490979/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Licenses to review:

[J Lovejoy]

Hi all,

Here is an updated list of licenses that need input review by 1 more person to 
accept:

- texlive-slideshow - https://github.com/spdx/license-list-XML/issues/2071
- texlive-kastrup - https://github.com/spdx/license-list-XML/issues/2069
- regexpr - https://github.com/spdx/license-list-XML/issues/2085
- losf -  https://github.com/spdx/license-list-XML/issues/2100
- flex - https://github.com/spdx/license-list-XML/issues/2104
- HPND-DEC - https://github.com/spdx/license-list-XML/issues/2119
- HPND-doc - https://github.com/spdx/license-list-XML/issues/2124
- HPND-doc-sell - https://github.com/spdx/license-list-XML/issues/2125
- HPND-sgi - https://github.com/spdx/license-list-XML/issues/2132
- HPND-export-US-modifications - 
https://github.com/spdx/license-list-XML/issues/2138
- glib exception - https://github.com/spdx/license-list-XML/issues/2128
- PADL - https://github.com/spdx/license-list-XML/issues/2141
- Furuseth - https://github.com/spdx/license-list-XML/issues/2140
- Adobe-typeface -  https://github.com/spdx/license-list-XML/issues/2121


Thanks!
Jilayne



> On Sep 13, 2023, at 9:30 PM, J Lovejoy  wrote:
> 
> Hi all,
> 
> In preparation for our call on Thursday, 9/14 at noon Eastern US time, I’m 
> including a list of the issues I’d like for us to tackle by the end of the 
> call.  Yes, you read that right and yes, it is a long list!  
> 
> However, the first section of the list has already been reviewed and checked 
> against current licenses and are all accepted for use and present in Fedora 
> (with Fedora package maintainers waiting on us!) - in other words, these 
> should be easy ones to have a quick review and add your confirmation. It’d be 
> great if at least some of these could be resolved prior to the call, so we 
> can focus on any points of discussion (naming in some cases or markup, etc.)
> 
> Note, we will have a meeting on the 28th and then the 3.22 release will be 
> published shortly thereafter. So, we need to be super productive on the call 
> and then please contribute to any follow-ups. 
> 
> Need 1 more person to review and +1 (do via Github issue, preferably, and not 
> on call):
> - texlive-slideshow - https://github.com/spdx/license-list-XML/issues/2071
> - texlive-kastrup - https://github.com/spdx/license-list-XML/issues/2069
> - regexpr - https://github.com/spdx/license-list-XML/issues/2085
> - HPND-DEC - https://github.com/spdx/license-list-XML/issues/2119
> - HPND-doc - https://github.com/spdx/license-list-XML/issues/2124
> - HPND-doc-sell - https://github.com/spdx/license-list-XML/issues/2125
> - HPND-sgi - https://github.com/spdx/license-list-XML/issues/2132
> - HPND-export-US-modifications - 
> https://github.com/spdx/license-list-XML/issues/2138
> - glib exception - https://github.com/spdx/license-list-XML/issues/2128
> 
> other HPND variants that need input re: how much we can match (or not):
> - Pbmplus -  https://github.com/spdx/license-list-XML/issues/2065
> - NTP like - https://github.com/spdx/license-list-XML/issues/2075
> 
> other input needed:
> - texlive variant - https://github.com/spdx/license-list-XML/issues/2087
> - hPLIP - https://github.com/spdx/license-list-XML/issues/2056
> 
> licenses that need review to start:
> - https://github.com/spdx/license-list-XML/issues/2120
> - https://github.com/spdx/license-list-XML/issues/2121
> - https://github.com/spdx/license-list-XML/issues/2104
> - https://github.com/spdx/license-list-XML/issues/2100
> 
> Something to consider going forward: where we have variants on an existing 
> “theme” - like all the HPND variants (of a license stem that is already 
> accepted) - might we consider a lighter weight review, for example, a close 
> look in terms of matching and then call it accepted?  Something to ponder and 
> discuss later. 
> 
> 
> Thanks,
> Jilayne
> 
> 
> 
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3461): https://lists.spdx.org/g/Spdx-legal/message/3461
Mute This Topic: https://lists.spdx.org/mt/101427855/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

call Thursday, issues to resolve!

[J Lovejoy]

Hi all,

In preparation for our call on Thursday, 9/14 at noon Eastern US time, I’m 
including a list of the issues I’d like for us to tackle by the end of the 
call.  Yes, you read that right and yes, it is a long list!  

However, the first section of the list has already been reviewed and checked 
against current licenses and are all accepted for use and present in Fedora 
(with Fedora package maintainers waiting on us!) - in other words, these should 
be easy ones to have a quick review and add your confirmation. It’d be great if 
at least some of these could be resolved prior to the call, so we can focus on 
any points of discussion (naming in some cases or markup, etc.)

Note, we will have a meeting on the 28th and then the 3.22 release will be 
published shortly thereafter. So, we need to be super productive on the call 
and then please contribute to any follow-ups. 

Need 1 more person to review and +1 (do via Github issue, preferably, and not 
on call):
- texlive-slideshow - https://github.com/spdx/license-list-XML/issues/2071
- texlive-kastrup - https://github.com/spdx/license-list-XML/issues/2069
- regexpr - https://github.com/spdx/license-list-XML/issues/2085
- HPND-DEC - https://github.com/spdx/license-list-XML/issues/2119
- HPND-doc - https://github.com/spdx/license-list-XML/issues/2124
- HPND-doc-sell - https://github.com/spdx/license-list-XML/issues/2125
- HPND-sgi - https://github.com/spdx/license-list-XML/issues/2132
- HPND-export-US-modifications - 
https://github.com/spdx/license-list-XML/issues/2138
- glib exception - https://github.com/spdx/license-list-XML/issues/2128

other HPND variants that need input re: how much we can match (or not):
- Pbmplus -  https://github.com/spdx/license-list-XML/issues/2065
- NTP like - https://github.com/spdx/license-list-XML/issues/2075

other input needed:
- texlive variant - https://github.com/spdx/license-list-XML/issues/2087
- hPLIP - https://github.com/spdx/license-list-XML/issues/2056

licenses that need review to start:
- https://github.com/spdx/license-list-XML/issues/2120
- https://github.com/spdx/license-list-XML/issues/2121
- https://github.com/spdx/license-list-XML/issues/2104
- https://github.com/spdx/license-list-XML/issues/2100

Something to consider going forward: where we have variants on an existing 
“theme” - like all the HPND variants (of a license stem that is already 
accepted) - might we consider a lighter weight review, for example, a close 
look in terms of matching and then call it accepted?  Something to ponder and 
discuss later. 


Thanks,
Jilayne





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3460): https://lists.spdx.org/g/Spdx-legal/message/3460
Mute This Topic: https://lists.spdx.org/mt/101352069/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

issues to review 9/8 edition

[J Lovejoy]

Thanks to Steve, Madhuri, and Shalini for joining the working session. It is 
great to have new people taking the time to understand how the process works, 
so they can contribute!  Talking to Madhuri and Shalini also made me realize 
that we probably need some form of “annotated” inclusion guidelines… will try 
to work on that after this release!

Please help keep moving the ball forward! Here is tonight’s installment of 
issues that need review! 

flex 2.6.4 - https://github.com/spdx/license-list-XML/issues/2104
lost - https://github.com/spdx/license-list-XML/issues/2100

As promised, I did a “bulk” review of the tex-live licenses. I created a Google 
doc in order to be able to view all the text in one place and put notes as to 
how I searched. You can see the Google doc here: 
https://docs.google.com/document/d/1xqSwTfJJ7btkhbblrIAZxOxv0iZPmAMGar9rU7DLKC8/edit

These 3 are unique enough, I think they needed to be added separately. Need one 
more person to agree :)

https://github.com/spdx/license-list-XML/issues/2068
https://github.com/spdx/license-list-XML/issues/2069
https://github.com/spdx/license-list-XML/issues/2071 

There are 3 variations  on “texlive-Arseneau” - I’m inclined to try to use 
markup to accommodate 2 of them assuming that is not too confusing, although 
one has a bit of a concern to me in doing so. Could use some input on that idea:
https://github.com/spdx/license-list-XML/issues/2088 and 
https://github.com/spdx/license-list-XML/issues/2088 (it’s easier to see the 
differences in the Google doc)

As mentioned in my previous email, I’ll have an update on the “HPND” variants 
(of which we now have 8!) after I do an initial review of them in bulk.

Thanks!
Jilayne

> On Sep 7, 2023, at 10:27 PM, J Lovejoy  wrote:
> 
> Thanks to Ria for making some headway!
> 
> In preparation for tomorrow (Friday’s) working session at 2:30pm Eastern 
> time, here is a list of issues to review:
> 
> 
> Need initial review:
> 
> 
> Unicode-3 - https://github.com/spdx/license-list-XML/issues/2105
> flex 2.6.4 - https://github.com/spdx/license-list-XML/issues/2104
> lost - https://github.com/spdx/license-list-XML/issues/2100
> 
> I also am trying to look at the bunch of tex-live licenses in bulk - update 
> on that tomorrow.
> 
> I have also noticed that there are a number of HPND variants. The 
> license-diff and License Check tools have a hard time spotting these because 
> the HPND license itself has so much potential variation. I made a new label 
> (for the time being) to try and group anything that resembles HPND and will 
> look at those in bulk. I’m hoping out of that will come some guidance on this 
> particular flavor, as we have been seeing a lot of these.
> 
> Thanks and look forward to a productive session tomorrow!!
> 
> Jilayne
> 
>> On Sep 6, 2023, at 9:41 PM, J Lovejoy  wrote:
>> 
>> Revised list below. Please  have a look and comment as to acceptance or not 
>> to the SPDX License List on as many as possible 
>> prior to our (new!) quarterly working session on Friday :)
>> 
>> There are more issues than these, but this is a start!
>> 
>> Note: Fedora has 31 issues that are “blocked” on SPDX - meaning, Fedora 
>> package maintainers are waiting on SPDX-legal to determine acceptance for 
>> the SPDX License List. Please contribute to the SPDX License List, by 
>> helping make it representative of much software that exists and that we all 
>> use!
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3459): https://lists.spdx.org/g/Spdx-legal/message/3459
Mute This Topic: https://lists.spdx.org/mt/101251538/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

issues to review 9/7

[J Lovejoy]

Thanks to Ria for making some headway!

In preparation for tomorrow (Friday’s) working session at 2:30pm Eastern time, 
here is a list of issues to review:

ssh-keyscan - https://github.com/spdx/license-list-XML/issues/2077 (needs one 
more review)
if it breaks - https://github.com/spdx/license-list-XML/issues/2057 (match 
input) 
glibc startup code exception - 
https://github.com/spdx/license-list-XML/issues/2055 (updated info on matching, 
needs further input)
BSD advert varia nt- https://github.com/spdx/license-list-XML/issues/2066 
(accepted, need input on naming)
INBL - https://github.com/spdx/license-list-XML/issues/2098 (needs one more 
review and input on naming)
iPXE-UBDL-exception - https://github.com/spdx/license-list-XML/issues/2043 
(license or exception - need another opinion)
sea file-openssl-exception - 
https://github.com/spdx/license-list-XML/issues/2080 (markup question)

Need initial review:
Ferguson-Twofish - https://github.com/spdx/license-list-XML/issues/2117
x11 fonts - https://github.com/spdx/license-list-XML/issues/2115
Unicode-3 - https://github.com/spdx/license-list-XML/issues/2105
flex 2.6.4 - https://github.com/spdx/license-list-XML/issues/2104
lost - https://github.com/spdx/license-list-XML/issues/2100

I also am trying to look at the bunch of tex-live licenses in bulk - update on 
that tomorrow.

I have also noticed that there are a number of HPND variants. The license-diff 
and License Check tools have a hard time spotting these because the HPND 
license itself has so much potential variation. I made a new label (for the 
time being) to try and group anything that resembles HPND and will look at 
those in bulk. I’m hoping out of that will come some guidance on this 
particular flavor, as we have been seeing a lot of these.

Thanks and look forward to a productive session tomorrow!!

Jilayne

> On Sep 6, 2023, at 9:41 PM, J Lovejoy  wrote:
> 
> Revised list below. Please  have a look and comment as to acceptance or not 
> to the SPDX License List on as many as possible 
> prior to our (new!) quarterly working session on Friday :)
> 
> There are more issues than these, but this is a start!
> 
> Note: Fedora has 31 issues that are “blocked” on SPDX - meaning, Fedora 
> package maintainers are waiting on SPDX-legal to determine acceptance for the 
> SPDX License List. Please contribute to the SPDX License List, by helping 
> make it representative of much software that exists and that we all use!
> 



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3457): https://lists.spdx.org/g/Spdx-legal/message/3457
Mute This Topic: https://lists.spdx.org/mt/101231184/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

issues to review 9/6

[J Lovejoy]

Revised list below. Please  have a look and comment as to acceptance or not to 
the SPDX License List on as many as possible 
prior to our (new!) quarterly working session on Friday :)

There are more issues than these, but this is a start!

Note: Fedora has 31 issues that are “blocked” on SPDX - meaning, Fedora package 
maintainers are waiting on SPDX-legal to determine acceptance for the SPDX 
License List. Please contribute to the SPDX License List, by helping make it 
representative of much software that exists and that we all use!

pnmstitch - https://github.com/spdx/license-list-XML/issues/2046
glibc startup code exception - 
https://github.com/spdx/license-list-XML/issues/2055
HPLIP - https://github.com/spdx/license-list-XML/issues/2056
BSD advert varia nt- https://github.com/spdx/license-list-XML/issues/2066
FBM - https://github.com/spdx/license-list-XML/issues/2067
ssh-keyscan - https://github.com/spdx/license-list-XML/issues/2077
INBL - https://github.com/spdx/license-list-XML/issues/2098
if it breaks - https://github.com/spdx/license-list-XML/issues/2057




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3456): https://lists.spdx.org/g/Spdx-legal/message/3456
Mute This Topic: https://lists.spdx.org/mt/101208590/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

issues to review 8/27

[J Lovejoy]

Hi all,

Here is a list of issues that need review:

 * MPEG - https://github.com/spdx/license-list-XML/issues/2049
 * pnmstitch - https://github.com/spdx/license-list-XML/issues/2046
 * glibc startup code exception -
   https://github.com/spdx/license-list-XML/issues/2055
 * HPLIP - https://github.com/spdx/license-list-XML/issues/2056
 * Pbmplus - https://github.com/spdx/license-list-XML/issues/2065
 * BSD advert varia nt-
   https://github.com/spdx/license-list-XML/issues/2066
 * FBM - https://github.com/spdx/license-list-XML/issues/2067
 * PPL - https://github.com/spdx/license-list-XML/issues/1047 (we
   discussed and I think Steve was going to do a full right-up, but
   would be great if someone else wanted to use the template to do so)
 * Adeia - https://github.com/spdx/license-list-XML/issues/2095


link to license decision template: 
https://github.com/spdx/license-list-XML/blob/main/DOCS/template-license-review-checklist.md


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3454): https://lists.spdx.org/g/Spdx-legal/message/3454
Mute This Topic: https://lists.spdx.org/mt/101003731/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

call Thursday, topics

[J Lovejoy]

Hi all,

I was hoping to get a new list of issues to review out prior to this, 
but time slipped away from me!


For Thursday's meeting, I'd like to focus on the issues labeled "XML 
markup change" - please have a look at the following

https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label%3A%22XML+markup+change%22

We also are aiming for the next release for the end of September and 
doing a hackfest session a couple weeks prior, maybe Friday Sept 8th. 
The hackfest or working session idea was something that was brought up 
some time ago, but we never implemented. It'd be good to have a quick 
discussion on that and nail down a date/time, so we can send out an invite.


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3453): https://lists.spdx.org/g/Spdx-legal/message/3453
Mute This Topic: https://lists.spdx.org/mt/100930519/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

SPDX-legal meeting invites

[J Lovejoy]

No worries James! These weird things happen!

This is a good opportunity to remind people that we have the meeting details 
here  https://github.com/spdx/meetings#legal-team-meetings — including a link 
to the .ics files for each set of meetings -  one for the second Thursday of 
the month and one for the fourth Thursday of  month. Direct link to  the .ics 
files at https://github.com/spdx/meetings/tree/main/invites

If anyone missed the calendar-year invites that Steve sent out in January or 
had calendar updating issues - you can always just download the .ics files 
there and add them to your calendar yourself!


> On Aug 22, 2023, at 12:41 PM, JC Roberts III  wrote:
> 
> PLEASE NOTE: this invitation is in error.  Apparently, our IT person was 
> upgrading/updating various apps.  As far as I understand, it appears that my 
> acceptance years back of the invitation to join the group was through some 
> software that was no longer compatible, which was actually blocking 
> invitations from appearing across devices.  
> 
> I do not know who the organizer for these events is these days, but if you 
> know, then please send me the email address so I can stop this craziness that 
> I seemed to have started.
> 
> One again, I apologize.
>  
> GlobalCapital  |  Innovate.  Disrupt.  Repeat.  |  James C. Roberts III
> 
> For downloadable documents go to globalcaplaw.com/resources 
> 
> 
> EU:  +39.366.431.1090  |  US:   +1 (415) 937-7987  |  Skype:   globalcapjames 
>  |  LinkedIn:   Global Capital
> 
> The contents of this email may be confidential or proprietary and not 
> intended for you.  If that is the case, first, we apologize for the 
> inconvenience caused by our error.  Second, please keep the email’s content 
> confidential and do not use it, then return the email to the sender as soon 
> as possible and delete your copy.  Please also note that this email does not 
> contain any explicit or implicit tax advice for any jurisdiction.
> 
> 
> On Tue, Aug 22, 2023 at 5:36 PM spdx-legal@lists.spdx.org 
>  (Google Calendar) 
> mailto:calendar-notificat...@google.com>> 
> wrote:
>> 
>>  
>> spdx-legal@lists.spdx.org  has declined 
>> this invitation.
>>  
>> Join the call: https://www.uberconference.com/spdxteam 
>> 
>> Optional dial in number: 857-216-2871
>> PIN: 38633
>> When
>> Every 2 weeks from 7pm to 8pm on Thursday (Central European Time - Zurich)
>> Guests
>> James C. Roberts III  - organizer
>> James C. Roberts III 
>> Jilayne Lovejoy 
>> SPDX-legal View all guest info 
>> 
>> Invitation from Google Calendar 
>> You are receiving this email because you are subscribed to calendar 
>> notifications. To stop receiving these emails, go to Calendar settings 
>> , select this calendar, and 
>> change "Other notifications".
>> 
>> Forwarding this invitation could allow any recipient to send a response to 
>> the organizer, be added to the guest list, invite others regardless of their 
>> own invitation status, or modify your RSVP. Learn more 
>> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3447): https://lists.spdx.org/g/Spdx-legal/message/3447
Mute This Topic: https://lists.spdx.org/mt/100906763/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: SUSE Open Source project for the SPDX tool list

[J Lovejoy]

Hi Sebastian,

Thanks for the update! I'm copying the SPDX-legal team as well, as I 
think many people there might be interested in this.


I had actually tried to learn more about Cavil a year or so ago - both 
from the perspective on my role with SPDX and to see how the license ids 
were being used by various project and from the perspective of Fedora's 
adoption of SPDX ids.  It'd be great to learn more directly! Would you 
be willing to do some kind of demo or overview for the SPDX-legal team?


Thanks,
Jilayne

On 8/16/23 8:21 AM, Sebastian Riedel wrote:

Hello,

Just wanted to let you know about Cavil 
(https://github.com/openSUSE/cavil),
our Open Source legal review system. It has recently gained SPDX 2.2 
support,

and is probably worth adding to the Open Source Tools list.

Regards,
Sebastian Riedel








-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3442): https://lists.spdx.org/g/Spdx-legal/message/3442
Mute This Topic: https://lists.spdx.org/mt/100782074/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

meeting today and Re: issues that need input

[J Lovejoy]

Hi all,

We have our regular call in about half hour at 
https://meet.jit.si/SPDXLegalMeeting


Please review the following issues to cover during the call:

https://github.com/spdx/license-list-XML/issues/1992
https://github.com/spdx/license-list-XML/issues/1944
https://github.com/spdx/license-list-XML/issues/2043
https://github.com/spdx/license-list-XML/issues/2055

The following need review, but I don't think they need discussion - please take 
time to contribute by reviewing as to whether they should be added to the SPDX 
License List

https://github.com/spdx/license-list-XML/issues/2026  (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2048  (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2049
https://github.com/spdx/license-list-XML/issues/2050
https://github.com/spdx/license-list-XML/issues/2056

Thanks,
Jilayne

On 8/4/23 12:59 PM, J Lovejoy wrote:

Hi SPDX-legal,

We currently have 24 license requests that need review. Links below, please 
contribute your valuable input! It’d be preferable if to all decisions were 
just Steve and I.

Reminder - for those license request issues with the label “used in major 
distro” - this means that the license has been determined to meet the free 
software license guidelines of either Debian or Fedora (or both) and is used in 
one of those distros, which also generally means the license meets two of the 
more important SPDX License inclusion guidelines. In this case, we 2 SPDX-legal 
members to review and approve for the license to be accepted.


https://github.com/spdx/license-list-XML/issues/1992
https://github.com/spdx/license-list-XML/issues/1944
https://github.com/spdx/license-list-XML/issues/2026  (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2039
https://github.com/spdx/license-list-XML/issues/2042  (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2043  (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2048  (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2049
https://github.com/spdx/license-list-XML/issues/2050
https://github.com/spdx/license-list-XML/issues/2055
https://github.com/spdx/license-list-XML/issues/2056

Other issues that may implicate decisions about matching markup can be found at
https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label%3A%22XML+markup+change%22

Thanks,
Jilayne











-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3441): https://lists.spdx.org/g/Spdx-legal/message/3441
Mute This Topic: https://lists.spdx.org/mt/100665621/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: issues that need input

[J Lovejoy]

Hi Ria,

The challenge of trying to contact the copyright holder re: changing the 
license is that often this is old code and being able to identify, let 
alone find the copyright holder could be difficult. Even if they were 
found and they did change the license, that would only be for new 
versions of the code, so the old versions would exist out there for some 
time, so the old license would still need to be addressed.


I wish it were easy, but I'm afraid not!

Jilayne

On 8/4/23 1:55 PM, Ria Schalnat (HPE) wrote:


Jilayne,

I wonder if rather than adding all these licenses to SPDX just because 
they happen to have some use in either Fedora/Debian if we could 
consider an extra external contact to the copyright holder on the 
chance they would be willing to relicense the code under something 
more standard (e.g., MIT/BSD/Apache/LGPL/GPL/etc.).  It just seems 
like a lot of extra work to review dozens of licenses that are 
variations on already existing ones and then set up the appropriate 
files for detection & etc.


If we are talking about a single copyright holder, this shouldn't be 
much more difficult than tracking down a license steward to confirm 
the language is stable (which we already do ... and for these bespoke 
licenses, they may be one and the same) - if there are multiple 
contributors then I can see it being a bottomless pit but it seems 
like this could be a way to "corral" the sprawl of licenses that might 
serve the community better than having a bunch of random licenses in 
SPDX.


Please let me know if I’m retreading old ground here – I may not have 
been around for past conversations on this topic!


Best regards,

/Ria Farrell Schalnat/(she/her)**

Text Description automatically generated with low confidence

-Original Message-
From: Spdx-legal@lists.spdx.org  On Behalf 
Of J Lovejoy

Sent: Friday, August 4, 2023 12:00 PM
To: SPDX-legal 
Subject: issues that need input

Hi SPDX-legal,

We currently have 24 license requests that need review. Links below, 
please contribute your valuable input! It’d be preferable if to all 
decisions were just Steve and I.


Reminder - for those license request issues with the label “used in 
major distro” - this means that the license has been determined to 
meet the free software license guidelines of either Debian or Fedora 
(or both) and is used in one of those distros, which also generally 
means the license meets two of the more important SPDX License 
inclusion guidelines. In this case, we 2 SPDX-legal members to review 
and approve for the license to be accepted.


https://github.com/spdx/license-list-XML/issues/1992 
<https://github.com/spdx/license-list-XML/issues/1992>


https://github.com/spdx/license-list-XML/issues/1944 
<https://github.com/spdx/license-list-XML/issues/1944>


https://github.com/spdx/license-list-XML/issues/2026 
<https://github.com/spdx/license-list-XML/issues/2026> (needs one more 
person to review)


https://github.com/spdx/license-list-XML/issues/2039 
<https://github.com/spdx/license-list-XML/issues/2039>


https://github.com/spdx/license-list-XML/issues/2042 
<https://github.com/spdx/license-list-XML/issues/2042> (needs one more 
person to review)


https://github.com/spdx/license-list-XML/issues/2043 
<https://github.com/spdx/license-list-XML/issues/2043> (needs one more 
person to review)


https://github.com/spdx/license-list-XML/issues/2048 
<https://github.com/spdx/license-list-XML/issues/2048> (needs one more 
person to review)


https://github.com/spdx/license-list-XML/issues/2049 
<https://github.com/spdx/license-list-XML/issues/2049>


https://github.com/spdx/license-list-XML/issues/2050 
<https://github.com/spdx/license-list-XML/issues/2050>


https://github.com/spdx/license-list-XML/issues/2055 
<https://github.com/spdx/license-list-XML/issues/2055>


https://github.com/spdx/license-list-XML/issues/2056 
<https://github.com/spdx/license-list-XML/issues/2056>


Other issues that may implicate decisions about matching markup can be 
found at


https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label%3A%22XML+markup+change%22 
<https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label%3A%22XML+markup+change%22>


Thanks,

Jilayne





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3440): https://lists.spdx.org/g/Spdx-legal/message/3440
Mute This Topic: https://lists.spdx.org/mt/100552560/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

issues that need input

[J Lovejoy]

Hi SPDX-legal,

We currently have 24 license requests that need review. Links below, please 
contribute your valuable input! It’d be preferable if to all decisions were 
just Steve and I.

Reminder - for those license request issues with the label “used in major 
distro” - this means that the license has been determined to meet the free 
software license guidelines of either Debian or Fedora (or both) and is used in 
one of those distros, which also generally means the license meets two of the 
more important SPDX License inclusion guidelines. In this case, we 2 SPDX-legal 
members to review and approve for the license to be accepted. 


https://github.com/spdx/license-list-XML/issues/1992
https://github.com/spdx/license-list-XML/issues/1944
https://github.com/spdx/license-list-XML/issues/2026 (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2039
https://github.com/spdx/license-list-XML/issues/2042 (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2043 (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2048 (needs one more person to 
review)
https://github.com/spdx/license-list-XML/issues/2049
https://github.com/spdx/license-list-XML/issues/2050
https://github.com/spdx/license-list-XML/issues/2055
https://github.com/spdx/license-list-XML/issues/2056

Other issues that may implicate decisions about matching markup can be found at 
https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label%3A%22XML+markup+change%22

Thanks,
Jilayne





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3438): https://lists.spdx.org/g/Spdx-legal/message/3438
Mute This Topic: https://lists.spdx.org/mt/100552560/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Discussing Change Proposal regarding DataLicense / CC0-1.0

[J Lovejoy]

Just want to reiterate that we have an SPDX-legal call tomorrow and will 
be discussion the Change Proposal related to data license. Please see 
Steve's summary below and associated links and come prepared!


Thanks,
Jilayne

On 7/14/23 12:16 PM, Steve Winslow wrote:

Hello spdx-legal and spdx-tech teams,

As you may be aware, all SPDX specification versions since 1.1 have 
required that SPDX documents have a “DataLicense” value of CC0-1.0. 
Details about this in the latest-released spec are available at [1] 
and additional background about the SPDX community’s past decisions is 
available at [2].


Ria Schalnat has put together a draft Change Proposal at [3] proposing 
that future versions of the SPDX specification _remove_ the 
requirement that SPDX documents and data be licensed under CC0-1.0. 
Further discussion and a variety of opinions are available in the 
discussion thread in that issue.


To move the discussion forward, we would like to invite interested 
participants from the SPDX legal team and tech team communities to 
discuss this Change Proposal at the next regularly scheduled Legal 
Team call, on Thursday, July 27th, at 12:00 noon Eastern US time. 
Meeting information is available at [4].


For anyone who plans to attend and participate in the discussion, I 
would ask that you please read [1], [2] and [3] prior to the call to 
familiarize yourself with the details of the present state and the 
proposed changes. Please also feel free to weigh in with your own 
thoughts in the thread at [3] prior to the meeting.


Best,
Steve


[1] 
https://spdx.github.io/spdx-spec/v2.3/document-creation-information/#62-data-license-field

[2] https://wiki.spdx.org/images/SPDX-TR-2014-1.v1.1.pdf
[3] https://github.com/spdx/change-proposal/issues/8
[4] https://github.com/spdx/meetings/tree/main#legal-team-meetings




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3435): https://lists.spdx.org/g/Spdx-legal/message/3435
Mute This Topic: https://lists.spdx.org/mt/100146786/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: update Re: current issues - meeting Thursday

[J Lovejoy]

Hi folks,

Can we get some comments on these? Would be nice to get them accepted 
and start working on files.


Thanks,
Jilayne

On 7/13/23 1:36 PM, J Lovejoy wrote:

Thanks for the productive call today!

I'm revising the list below of issues that need input :)

The following licenses have already been reviewed by Steve as a +1 to 
add and just need one other person to weigh in as per our "used in a 
major distro" criteria of two reviewers:


- Knuth-MMIXware - https://github.com/spdx/license-list-XML/issues/2028
- Zeeff - https://github.com/spdx/license-list-XML/issues/2027
- TTYPO font license - 
https://github.com/spdx/license-list-XML/issues/2026

- Texinfo-exception - https://github.com/spdx/license-list-XML/issues/2025
- Sl - https://github.com/spdx/license-list-XML/issues/2023
- MIT-dotnet - https://github.com/spdx/license-list-XML/issues/2022
- Soundex - https://github.com/spdx/license-list-XML/issues/2018

general review still needed for:
- DRL-1.1 - https://github.com/spdx/license-list-XML/issues/1992
- Zarafa trademark exception - 
https://github.com/spdx/license-list-XML/issues/2011



Thanks!
Jilayne






On 7/11/23 5:07 PM, J Lovejoy wrote:

Hi all,

A quick reminder that we have our SPDX-legal meeting coming up on 
Thursday at noon Eastern time at https://meet.jit.si/SPDXLegalMeeting


The monthly general call will be just prior.

We have a bunch of new licenses and other issues that need review - 
please have a look and comment in the issue prior to the call! I 
think most of these can be sorted via Github issue comments, but 
please remember we do need to decide on the SPDX id for anything that 
is to be accepted, so please weigh in on that as well:


DRL-1.1 - https://github.com/spdx/license-list-XML/issues/1992
Zarafa trademark exception - 
https://github.com/spdx/license-list-XML/issues/2011

MIT-Khronos - https://github.com/spdx/license-list-XML/issues/2017
Soundex - https://github.com/spdx/license-list-XML/issues/2018
MIT-dotnet - https://github.com/spdx/license-list-XML/issues/2022
Sl - https://github.com/spdx/license-list-XML/issues/2023
cvs variation of FSFULLR - 
https://github.com/spdx/license-list-XML/issues/2024

Texinfo-exception - https://github.com/spdx/license-list-XML/issues/2025
TTYPO font license - https://github.com/spdx/license-list-XML/issues/2026
Zeef - https://github.com/spdx/license-list-XML/issues/2027
Knuth-MMIXware - https://github.com/spdx/license-list-XML/issues/2028
xlock-like - https://github.com/spdx/license-list-XML/issues/2030 and 
see https://github.com/spdx/license-list-XML/issues/2029


2 for additional markup consideration:
https://github.com/spdx/license-list-XML/issues/2020
https://github.com/spdx/license-list-XML/issues/2019

Thanks,
Jilayne








-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3434): https://lists.spdx.org/g/Spdx-legal/message/3434
Mute This Topic: https://lists.spdx.org/mt/100127683/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

update Re: current issues - meeting Thursday

[J Lovejoy]

Thanks for the productive call today!

I'm revising the list below of issues that need input :)

The following licenses have already been reviewed by Steve as a +1 to 
add and just need one other person to weigh in as per our "used in a 
major distro" criteria of two reviewers:


- Knuth-MMIXware - https://github.com/spdx/license-list-XML/issues/2028
- Zeeff - https://github.com/spdx/license-list-XML/issues/2027
- TTYPO font license - https://github.com/spdx/license-list-XML/issues/2026
- Texinfo-exception - https://github.com/spdx/license-list-XML/issues/2025
- Sl - https://github.com/spdx/license-list-XML/issues/2023
- MIT-dotnet - https://github.com/spdx/license-list-XML/issues/2022
- Soundex - https://github.com/spdx/license-list-XML/issues/2018

general review still needed for:
- DRL-1.1 - https://github.com/spdx/license-list-XML/issues/1992
- Zarafa trademark exception - 
https://github.com/spdx/license-list-XML/issues/2011



Thanks!
Jilayne






On 7/11/23 5:07 PM, J Lovejoy wrote:

Hi all,

A quick reminder that we have our SPDX-legal meeting coming up on 
Thursday at noon Eastern time at https://meet.jit.si/SPDXLegalMeeting


The monthly general call will be just prior.

We have a bunch of new licenses and other issues that need review - 
please have a look and comment in the issue prior to the call! I think 
most of these can be sorted via Github issue comments, but please 
remember we do need to decide on the SPDX id for anything that is to 
be accepted, so please weigh in on that as well:


DRL-1.1 - https://github.com/spdx/license-list-XML/issues/1992
Zarafa trademark exception - 
https://github.com/spdx/license-list-XML/issues/2011

MIT-Khronos - https://github.com/spdx/license-list-XML/issues/2017
Soundex - https://github.com/spdx/license-list-XML/issues/2018
MIT-dotnet - https://github.com/spdx/license-list-XML/issues/2022
Sl - https://github.com/spdx/license-list-XML/issues/2023
cvs variation of FSFULLR - 
https://github.com/spdx/license-list-XML/issues/2024

Texinfo-exception - https://github.com/spdx/license-list-XML/issues/2025
TTYPO font license - https://github.com/spdx/license-list-XML/issues/2026
Zeef - https://github.com/spdx/license-list-XML/issues/2027
Knuth-MMIXware - https://github.com/spdx/license-list-XML/issues/2028
xlock-like - https://github.com/spdx/license-list-XML/issues/2030 and 
see https://github.com/spdx/license-list-XML/issues/2029


2 for additional markup consideration:
https://github.com/spdx/license-list-XML/issues/2020
https://github.com/spdx/license-list-XML/issues/2019

Thanks,
Jilayne






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3432): https://lists.spdx.org/g/Spdx-legal/message/3432
Mute This Topic: https://lists.spdx.org/mt/100127683/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

current issues - meeting Thursday

[J Lovejoy]

Hi all,

A quick reminder that we have our SPDX-legal meeting coming up on 
Thursday at noon Eastern time at https://meet.jit.si/SPDXLegalMeeting


The monthly general call will be just prior.

We have a bunch of new licenses and other issues that need review - 
please have a look and comment in the issue prior to the call! I think 
most of these can be sorted via Github issue comments, but please 
remember we do need to decide on the SPDX id for anything that is to be 
accepted, so please weigh in on that as well:


DRL-1.1 - https://github.com/spdx/license-list-XML/issues/1992
Zarafa trademark exception - 
https://github.com/spdx/license-list-XML/issues/2011

MIT-Khronos - https://github.com/spdx/license-list-XML/issues/2017
Soundex - https://github.com/spdx/license-list-XML/issues/2018
MIT-dotnet - https://github.com/spdx/license-list-XML/issues/2022
Sl - https://github.com/spdx/license-list-XML/issues/2023
cvs variation of FSFULLR - 
https://github.com/spdx/license-list-XML/issues/2024

Texinfo-exception - https://github.com/spdx/license-list-XML/issues/2025
TTYPO font license - https://github.com/spdx/license-list-XML/issues/2026
Zeef - https://github.com/spdx/license-list-XML/issues/2027
Knuth-MMIXware - https://github.com/spdx/license-list-XML/issues/2028
xlock-like - https://github.com/spdx/license-list-XML/issues/2030 and 
see https://github.com/spdx/license-list-XML/issues/2029


2 for additional markup consideration:
https://github.com/spdx/license-list-XML/issues/2020
https://github.com/spdx/license-list-XML/issues/2019

Thanks,
Jilayne



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3431): https://lists.spdx.org/g/Spdx-legal/message/3431
Mute This Topic: https://lists.spdx.org/mt/100089784/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [spdx-implementers] vs. in XML?

[J Lovejoy]

Hi there,

First thanks for checking in on this before making a pull request!

The short answer is no, please do not do this because these have 
distinct meanings and are not equivalent. Looks like Gary has already 
responded on the spdx-implementers list, but the other resource that 
would be helpful  is the SPDX License List matching guidelines.


Longer explanation:
The  tag is used to indicate the copyright notice for the 
software to which the license applies in the XML files. As per the SPDX 
License List matching guidelines, this can be ignored for license 
matching purposes. See section B.11 for more info 
https://spdx.github.io/spdx-spec/v2.3/license-matching-guidelines-and-templates/


 is actually only used in 5 licenses, see 
https://github.com/search?q=repo%3Aspdx%2Flicense-list-XML%20path%3A%2F%5Esrc%5C%2F%2F%20%3Calt%20name%3D%22copyright%22%3E=code 
and always part of a an   where some copyright info is 
contained in the text of the license and can be variable. See section 
B.3 in the matching guidelines for a more complete explanation.  Also 
note the "name" attribute used in an  tag is not meaningful in a 
standardized way.


Thanks,
Jilayne
SPDX legal team co-lead

On 6/26/23 8:05 PM, Viatrix via lists.spdx.org wrote:

Hi SPDX Legal,

Would it be beneficial if I made a pull request to license-list-XML
replacing every  with equivalent ?
(See discussion in spdx-implementers)








-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3427): https://lists.spdx.org/g/Spdx-legal/message/3427
Mute This Topic: https://lists.spdx.org/mt/99802318/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

meeting tomorrow (thursday) at noon Eastern US time

[J Lovejoy]

Hi All,

Big thanks to Steve for pushing the 3.21 before going on vacation!

For tomorrow, I'd like to spend a bit of time on the following items, 
please have a look in advance!


https://github.com/spdx/license-list-XML/issues/1773 - this needs 
another person to weigh in (Steve and I already have)


https://github.com/spdx/license-list-XML/issues/1925 - also needs more 
input (and then to determine if whatever outcome for the 2.0 version 
should also apply to 1.0 and 1.1 )


Now that the spec will have the ability to make a custom `AdditionRef-` 
for something that is not on the SPDX License List of exception but is 
intended to represent additional language which is meant to be added to 
a License, but which is not itself a standalone License. - should we 
close out the additional patent grant issues as being able to use this 
(instead of adding to the exception list)?


If there's time, I'd also like to touch on the public domain dedication 
thread that I started 
https://lists.spdx.org/g/Spdx-legal/topic/public_domain_dedication/98776908 
To be clear, any of the major changes discussed in the thread would 
require a Change Proposal, but I'm not sure myself as to best approach, 
so wanted to get some input from the community first.


Thanks!
Jilayne






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3425): https://lists.spdx.org/g/Spdx-legal/message/3425
Mute This Topic: https://lists.spdx.org/mt/99691774/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

meeting Thursday and license/issues that need review

[J Lovejoy]

Hi all,

We are aiming to get the 3.21 release out shortly and seem to have a 
backlog of issues again :(


We REALLY need other people to weigh in on license/exception submissions 
to get to a decision on inclusion. PLEASE review the items below and 
comment prior to the meeting tomorrow. If there are things to discuss we 
can do so then.


See list below.

Thanks,
Jilayne

On 6/1/23 5:40 PM, J Lovejoy wrote:

Hi SPDX-legal,

Please help review and comment on the following license submissions. 
Keep in mind the license inclusion guidelines at

https://github.com/spdx/license-list-XML/blob/main/DOCS/license-inclusion-principles.md

Japan Gov't Terms of Use 2.0: 
https://github.com/spdx/license-list-XML/issues/1925

- also https://github.com/spdx/license-list-XML/issues/1943 and
- https://github.com/spdx/license-list-XML/issues/1942

Asterick exception: https://github.com/spdx/license-list-XML/issues/1971

Inner Net license: https://github.com/spdx/license-list-XML/issues/1987

Lisp exception: https://github.com/spdx/license-list-XML/issues/1988

libatomic: https://github.com/spdx/license-list-XML/issues/1989

Lucent: https://github.com/spdx/license-list-XML/issues/1990

Autoconf markup? https://github.com/spdx/license-list-XML/issues/1991

DRL-1.1 https://github.com/spdx/license-list-XML/issues/1992


Could someone do the PR for this one? 
https://github.com/spdx/license-list-XML/issues/1551



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3409): https://lists.spdx.org/g/Spdx-legal/message/3409
Mute This Topic: https://lists.spdx.org/mt/99400015/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

license/issues that need review - June 1

[J Lovejoy]

Hi SPDX-legal,

Please help review and comment on the following license submissions. 
Keep in mind the license inclusion guidelines at

https://github.com/spdx/license-list-XML/blob/main/DOCS/license-inclusion-principles.md

Japan Gov't Terms of Use 2.0: 
https://github.com/spdx/license-list-XML/issues/1925

- also https://github.com/spdx/license-list-XML/issues/1943 and
- https://github.com/spdx/license-list-XML/issues/1942

Asterick exception: https://github.com/spdx/license-list-XML/issues/1971

Inner Net license: https://github.com/spdx/license-list-XML/issues/1987

Lisp exception: https://github.com/spdx/license-list-XML/issues/1988

libatomic: https://github.com/spdx/license-list-XML/issues/1989

Could someone do the PR for this one? 
https://github.com/spdx/license-list-XML/issues/1551


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3408): https://lists.spdx.org/g/Spdx-legal/message/3408
Mute This Topic: https://lists.spdx.org/mt/99276478/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

meeting tomorrow, various updates

[J Lovejoy]

Hi all,

Reminder we have our regular SPDX-legal meeting tomorrow at noon US 
eastern time at https://meet.jit.si/SPDXLegalMeeting


As for agenda:
1) We will have Vedant Jolly - our GSoC student working on improvements 
and increased functionality for the SPDX license submission tool. You 
can see his proposal here: https://lists.spdx.org/g/Spdx-legal/message/3378


2) Please have a look in advance at (and feel free to comment in the issue):
https://github.com/spdx/license-list-XML/issues/1959
https://github.com/spdx/license-list-XML/issues/1925 (also two other 
issues for previous version of same)

https://github.com/spdx/license-list-XML/issues/1047

3) If there's time, I'd also like to touch on the public domain 
dedication thread that I started 
https://lists.spdx.org/g/Spdx-legal/topic/public_domain_dedication/98776908 
To be clear, any of the major changes discussed in the thread would 
require a Change Proposal, but I'm not sure myself as to best approach, 
so wanted to get some input from the community first.



Also note that Ria has submitted a Change Proposal related to the 
license field in the SPDX spec itself. Please see 
https://github.com/spdx/change-proposal/issues/8 and comment there. We 
will find a time to have a discussion on this on a later call.


Thanks,
Jilayne





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3401): https://lists.spdx.org/g/Spdx-legal/message/3401
Mute This Topic: https://lists.spdx.org/mt/99119196/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: public domain dedication variants in the wild (found in Fedora)

[J Lovejoy]

On 5/24/23 3:18 PM, McCoy Smith wrote:


I’m not sure you can easily find some sort of “these are the 
characteristics that make a public domain dedication effect” analysis, 
and it might be expensive to put together. I think CC looked into this 
when they created CC0 but their dedication is pretty wordy, probably 
to cover every possible jurisdiction.


Just an idea, and perhaps not practical.



well, what if it was kept as simply as equating things like:

 * This program is in the public domain.
 * This text is in the public domain.
 * This page is in the public domain.
 * This file is in the public domain
 * This code is public domain software.
 * This is in the public domain
 * This template file is in the Public Domain. You may do anything you
   want with this file.
 * This stylesheet has been placed in the public domain.
 * This code is public domain software.

Would you say these have different meanings?

J.


*From:*J Lovejoy 
*Sent:* Wednesday, May 24, 2023 2:15 PM
*To:* mc...@lexpan.law; 'SPDX-legal' 
*Subject:* Re: public domain dedication variants in the wild (found in 
Fedora)


On 5/9/23 12:34 PM, McCoy Smith wrote:

FWIW, maybe this is an opportunity for SPDX to lead?
Most of these look similar, but not the same. I’m guessing a lot
of the similar ones would have the same legal effect, although the
more dissimilar ones, maybe not (depending on where you are, and
as we know some places don’t recognize PD).

do you think there is some analysis we (SPDX-legal) could do to safely 
lump the similar ones /that have the same legal effect?


*From:*Spdx-legal@lists.spdx.org 
<mailto:Spdx-legal@lists.spdx.org> *On Behalf Of *J Lovejoy
*Sent:* Monday, May 8, 2023 8:34 PM
*To:* 'SPDX-legal' 
<mailto:Spdx-legal@lists.spdx.org>
*Subject:* public domain dedication variants in the wild (found in
Fedora)

Hi SPDX-legal

Some time ago, I raised the issue of the possibility of finding a
proliferation of "public domain "dedication" texts in the course
of Fedora reviewing package license info to adopt SPDX ids. Please
see https://lists.spdx.org/g/Spdx-legal/topic/93048752#3202 for
the background

Fedora has been "collecting" such texts here

https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt

and using a specific LicenseRef-Fedora-Public-Domain as a sort of
placeholder SPDX id.

The idea being, no assessment of how many of these types of
dedications exist has been collected in one place in order for the
SPDX-legal community to assess.

I estimate that Fedora has collected about 48 variations of public
domain statements that are not specifically identified on the SPDX
License List.  I'm going to assume many of these packages also
show up in other major distros.

I'd like to raise the conversation as to:
1) Should each unique entry be added to the SPDX License List as a
standalone entry (like normal, in that one SPDX license id
represents a specific, identifiable license/set of text)?
2) Should SPDX consider a different approach by defining one SPDX
id to represent any one of a collection of specifically identified
and vetted texts?

I'd love to hear your yes or no answer to these questions and why
you answered as such :)

Also see for background:

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_updating_existing_packages_callaway_short_name_categories

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_public_domain


We likely won't have time to discuss this on Thursday's call, but
I wanted to start the discussion here and perhaps we can dedicate
some time at an upcoming meeting.

Thanks,
Jilayne







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3399): https://lists.spdx.org/g/Spdx-legal/message/3399
Mute This Topic: https://lists.spdx.org/mt/98776908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: public domain dedication variants in the wild (found in Fedora)

[J Lovejoy]

tions. But text-> tag is impossible without a database, which 
means something more is needed for that aspect of things because the 
matching guidelines can't apply. I'm also not sure how a supply chain 
chases back a BOM that has PUBLIC-DOMAIN in it to make sure the 
original dedication is sufficient for their jurisdiction. So I'm not 
sure how each organization deciding something different would work in 
practice. That is, unless I've missed something in #4's description.



agree with Warner and Philippe's later comment about losing traceability

Jilayne



On May 8, 2023, at 11:34 PM, J Lovejoy 
wrote:

Hi SPDX-legal

Some time ago, I raised the issue of the possibility of finding a
proliferation of "public domain "dedication" texts in the course
of Fedora reviewing package license info to adopt SPDX ids.
Please see
https://lists.spdx.org/g/Spdx-legal/topic/93048752#3202 for the
background

Fedora has been "collecting" such texts here

https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt

and using a specific LicenseRef-Fedora-Public-Domain as a sort of
placeholder SPDX id.

The idea being, no assessment of how many of these types of
dedications exist has been collected in one place in order for
the SPDX-legal community to assess.

I estimate that Fedora has collected about 48 variations of
public domain statements that are not specifically identified on
the SPDX License List.  I'm going to assume many of these
packages also show up in other major distros.

I'd like to raise the conversation as to:
1) Should each unique entry be added to the SPDX License List as
a standalone entry (like normal, in that one SPDX license id
represents a specific, identifiable license/set of text)?
2) Should SPDX consider a different approach by defining one SPDX
id to represent any one of a collection of specifically
identified and vetted texts?

I'd love to hear your yes or no answer to these questions and why
you answered as such :)

Also see for background:

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_updating_existing_packages_callaway_short_name_categories

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_public_domain


We likely won't have time to discuss this on Thursday's call, but
I wanted to start the discussion here and perhaps we can dedicate
some time at an upcoming meeting.

Thanks,
Jilayne









-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3398): https://lists.spdx.org/g/Spdx-legal/message/3398
Mute This Topic: https://lists.spdx.org/mt/98776908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: public domain dedication variants in the wild (found in Fedora)

[J Lovejoy]

On 5/10/23 9:39 AM, Mary Hardy (CELA) wrote:


I see the disadvantages, but what are the advantages to having one 
SPDX identifier that applies to many public domain references?


advantage would be avoiding many, many new SPDX identifiers or 
LicenseRef- for things that are essentially the same


The current method (if I understand correctly) is to give each a 
LicenseRef- and reproduce the text in the report.



or request to add them to the SPDX License List and have an SPDX id


Would the proposed method be to use a unique identifier instead and 
not reproduce the text in the report?



good question...


Is the advantage that humans no longer must read each LicenseRef- text 
and interpret what compliance conditions are present?


I guess the advantage would be to know that when you see "public-domain" 
(or whatever) it represents a concrete set of things in a similar way 
that a license id now represents a concrete, individual license


Thanks,

Mary

*From:* Spdx-legal@lists.spdx.org  *On 
Behalf Of *Ria Schalnat (HPE) via lists.spdx.org

*Sent:* Tuesday, May 9, 2023 9:11 PM
*To:* Richard Fontana ; mc...@lexpan.law
*Cc:* J Lovejoy ; SPDX-legal 

*Subject:* [EXTERNAL] Re: public domain dedication variants in the 
wild (found in Fedora)





You don't often get email from ria.schalnat=hpe@lists.spdx.org. 
Learn why this is important 
<https://aka.ms/LearnAboutSenderIdentification>




I’m 100% in favor of a blanket public domain identifier.

/Ria Farrell Schalnat/(she/her)**

Open Source Program Manager

_ria.schal...@hpe.com <mailto:ria.schal...@hpe.com> _

Text Description automatically generated with low confidence


*From:* Spdx-legal@lists.spdx.org  *On 
Behalf Of *Richard Fontana

*Sent:* Tuesday, May 9, 2023 7:38 PM
*To:* mc...@lexpan.law
*Cc:* J Lovejoy ; SPDX-legal 

*Subject:* Re: public domain dedication variants in the wild (found in 
Fedora)


On Tue, May 9, 2023 at 2:38 PM McCoy Smith  wrote:

FWIW, maybe this is an opportunity for SPDX to lead?
Most of these look similar, but not the same. I’m guessing a lot
of the similar ones would have the same legal effect, although the
more dissimilar ones, maybe not (depending on where you are, and
as we know some places don’t recognize PD).

Might it be useful for SPDX to adopt a single PD tag for what they
think is the best format for such a dedication, and see if that
leads to adoption of that format/text, rather than everyone
writing their own?

I think most of these public domain dedications are relatively 
ancient, dating from a time in FOSS when such permission grants were 
very common. Nowadays someone with similar inclinations would probably 
be more likely to reach for the Unlicense or CC0 or MIT-0 or 0BSD or a 
simple permissive license like the MIT license. So SPDX adopting a 
preferred format would probably not have much impact.


Richard






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3397): https://lists.spdx.org/g/Spdx-legal/message/3397
Mute This Topic: https://lists.spdx.org/mt/98776908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: public domain dedication variants in the wild (found in Fedora)

[J Lovejoy]

On 5/10/23 2:00 AM, Richard Purdie wrote:

On Tue, 2023-05-09 at 22:37 -0400, Richard Fontana wrote:

On Tue, May 9, 2023 at 2:38 PM McCoy Smith  wrote:

FWIW, maybe this is an opportunity for SPDX to lead?
Most of these look similar, but not the same. I’m guessing a lot of
the similar ones would have the same legal effect, although the
more dissimilar ones, maybe not (depending on where you are, and as
we know some places don’t recognize PD).
Might it be useful for SPDX to adopt a single PD tag for what they
think is the best format for such a dedication, and see if that
leads to adoption of that format/text, rather than everyone writing
their own?



I think most of these public domain dedications are relatively
ancient, dating from a time in FOSS when such permission grants were
very common. Nowadays someone with similar inclinations would
probably be more likely to reach for the Unlicense or CC0 or MIT-0 or
0BSD or a simple permissive license like the MIT license. So SPDX
adopting a preferred format would probably not have much impact.

One idea that did come up last time I worked with something with a PD
license is that I believe you're within the rights to re-license it as
something else. If people did re-license the older code under something
like MIT, it does solve the issues in a different way.

On that train of thought, would the SPDX identifier be something like
"Relicensable"?
I think that would involve more of an analysis that SPDX doesn't want to 
get in the business of (is my gut thinking) and could be confusing or 
misleading to use that kind of a tag


I would be in favour of SPDX having something in this space since
distros like the one I work with have to do something with code under
these terms.

thanks, good to know!


Cheers,

Richard




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3395): https://lists.spdx.org/g/Spdx-legal/message/3395
Mute This Topic: https://lists.spdx.org/mt/98776908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: public domain dedication variants in the wild (found in Fedora)

[J Lovejoy]

On 5/9/23 12:34 PM, McCoy Smith wrote:


FWIW, maybe this is an opportunity for SPDX to lead?
Most of these look similar, but not the same. I’m guessing a lot of 
the similar ones would have the same legal effect, although the more 
dissimilar ones, maybe not (depending on where you are, and as we know 
some places don’t recognize PD).


do you think there is some analysis we (SPDX-legal) could do to safely 
lump the similar ones /that have the same legal effect?


Might it be useful for SPDX to adopt a single PD tag for what they 
think is the best format for such a dedication, and see if that leads 
to adoption of that format/text, rather than everyone writing their own?


SPDX is not really in the business of creating license-like things, 
though... :)


As to your questions:

 1. Yes.

the downside of this option is the addition of MANY of these one-liners 
or other very short "public domain dedications" and I"m not sure blowing 
up the SPDX License List with these is of value? Plus, how do you name 
each one...??


1.


 2. No. Just because of the variation in these things, you might be
tagging different things with different legal outcomes using the
same identifier, which could be an issue downstream.


see question above re: if we could safely lump at least some together?


*From:*Spdx-legal@lists.spdx.org  *On 
Behalf Of *J Lovejoy

*Sent:* Monday, May 8, 2023 8:34 PM
*To:* 'SPDX-legal' 
*Subject:* public domain dedication variants in the wild (found in Fedora)

Hi SPDX-legal

Some time ago, I raised the issue of the possibility of finding a 
proliferation of "public domain "dedication" texts in the course of 
Fedora reviewing package license info to adopt SPDX ids. Please see 
https://lists.spdx.org/g/Spdx-legal/topic/93048752#3202 for the background


Fedora has been "collecting" such texts here 
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt 

and using a specific LicenseRef-Fedora-Public-Domain as a sort of 
placeholder SPDX id.


The idea being, no assessment of how many of these types of 
dedications exist has been collected in one place in order for the 
SPDX-legal community to assess.


I estimate that Fedora has collected about 48 variations of public 
domain statements that are not specifically identified on the SPDX 
License List.  I'm going to assume many of these packages also show up 
in other major distros.


I'd like to raise the conversation as to:
1) Should each unique entry be added to the SPDX License List as a 
standalone entry (like normal, in that one SPDX license id represents 
a specific, identifiable license/set of text)?
2) Should SPDX consider a different approach by defining one SPDX id 
to represent any one of a collection of specifically identified and 
vetted texts?


I'd love to hear your yes or no answer to these questions and why you 
answered as such :)


Also see for background:
https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_updating_existing_packages_callaway_short_name_categories
https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_public_domain 



We likely won't have time to discuss this on Thursday's call, but I 
wanted to start the discussion here and perhaps we can dedicate some 
time at an upcoming meeting.


Thanks,
Jilayne






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3394): https://lists.spdx.org/g/Spdx-legal/message/3394
Mute This Topic: https://lists.spdx.org/mt/98776908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: public domain dedication variants in the wild (found in Fedora)

[J Lovejoy]

On 5/9/23 10:56 AM, Philippe Ombredanne wrote:

Hi Jilayne:

On Tue, May 9, 2023 at 5:34 AM J Lovejoy  wrote:

Some time ago, I raised the issue of the possibility of finding a proliferation of 
"public domain "dedication" texts in the course of Fedora reviewing package 
license info to adopt SPDX ids. Please see 
https://lists.spdx.org/g/Spdx-legal/topic/93048752#3202 for the background

Fedora has been "collecting" such texts here 
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt
and using a specific LicenseRef-Fedora-Public-Domain as a sort of placeholder 
SPDX id.

This is awesome! I guess that "LicenseRef-Fedora-Public-Domain" is now
the de-facto way to use namespaces for LicenseRef in the same way I
have been using them and advocating for this all along with ScanCode
with "LicenseRef-scancode-" license keys.
No, we never came to consensus on the "namespace" proposal, as you 
probably recall.


Fedora is just using this really as a placeholder potentially until we 
could collect some data and then have this discussion (as per my email)!

The idea being, no assessment of how many of these types of dedications exist 
has been collected in one place in order for the SPDX-legal community to assess.

I estimate that Fedora has collected about 48 variations of public domain 
statements that are not specifically identified on the SPDX License List.  I'm 
going to assume many of these packages also show up in other major distros.

A couple notes:


- Some of the dedications listed in this Fedora doc
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt
are for bona-fide SPDX licenses such as NIST-PD, SAX-PD,
libselinux-1.0 and some are permissive notice that are not public
domain and are tracked separately in ScanCode.
hmmm... there should not be anything that is already on the SPDX License 
List in 
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt

I just checked and do not see NIST-PD or SAX-PD
Am I understanding you wrong?

I'd like to raise the conversation as to:
1) Should each unique entry be added to the SPDX License List as a standalone 
entry (like normal, in that one SPDX license id represents a specific, 
identifiable license/set of text)?

2) Should SPDX consider a different approach by defining one SPDX id to 
represent any one of a collection of specifically identified and vetted texts?

Either way is fine, but be ready to create eventually somewhere around
500+ license identifiers if you go with option 1).
I would think these would be added to the SPDX collection with review by 
SPDX-legal to ensure they are truly public domain and not a license in 
disguise. In the case of the list of items collected by Fedora, they 
have already been reviewed by one or two lawyers (Richard or I) so I'd 
hope that SPDX-legal wouldn't come to a different conclusion, but in any 
case, the advantage would be some amount of vetting by SPDX-legal 
community members.

We handle these in ScanCode as in your suggested option 2): we have a
few license identifiers each with many variants of the license text.
And we report the matched license text in scan results (and SPDX
documents) of course, so there is never any ambiguity.
that makes sense. out of curiosity, where do you record the matched 
license text in an SPDX document?




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3393): https://lists.spdx.org/g/Spdx-legal/message/3393
Mute This Topic: https://lists.spdx.org/mt/98776908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: public domain dedication variants in the wild (found in Fedora)

[J Lovejoy]

Thanks for the various feedback on this, everyone!

Responding in order... see below

On 5/8/23 10:43 PM, Warner Losh wrote:



On Mon, May 8, 2023, 9:34 PM J Lovejoy  wrote:

Hi SPDX-legal

Some time ago, I raised the issue of the possibility of finding a
proliferation of "public domain "dedication" texts in the course
of Fedora reviewing package license info to adopt SPDX ids. Please
see https://lists.spdx.org/g/Spdx-legal/topic/93048752#3202 for
the background

Fedora has been "collecting" such texts here

https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt

and using a specific LicenseRef-Fedora-Public-Domain as a sort of
placeholder SPDX id.

The idea being, no assessment of how many of these types of
dedications exist has been collected in one place in order for the
SPDX-legal community to assess.

I estimate that Fedora has collected about 48 variations of public
domain statements that are not specifically identified on the SPDX
License List.  I'm going to assume many of these packages also
show up in other major distros.

I'd like to raise the conversation as to:
1) Should each unique entry be added to the SPDX License List as a
standalone entry (like normal, in that one SPDX license id
represents a specific, identifiable license/set of text)?
2) Should SPDX consider a different approach by defining one SPDX
id to represent any one of a collection of specifically identified
and vetted texts?

I'd love to hear your yes or no answer to these questions and why
you answered as such :)

Also see for background:

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_updating_existing_packages_callaway_short_name_categories

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_public_domain


We likely won't have time to discuss this on Thursday's call, but
I wanted to start the discussion here and perhaps we can dedicate
some time at an upcoming meeting.


Some thoughts. Public domain needs no license since there is no 
enforceable copyright. If these are truly public domain now, then how 
can a license catalog apply? If it doesn't then this catalog could be 
viewed as verified ways the public domain provenance of the work is 
attested.
well, yeah, having "public domain dedications" which are not technically 
licenses on a list that lists licenses is a bit incongruent, but I've 
always thought that the value of having such things on the SPDX License 
List is to recognize the lack of copyright and therefore, license 
obligations.


I think of it this way: if you were auditing code and created an SPDX 
document with the licensing info and left it blank or put NONE or 
NOASSERTION for something that was under an actual public domain 
dedication, then it would leave a question for the downstream recipient. 
Being accurate at least takes out the questionn


As such, then the matching guidelines produce not an actual license in 
these cases, but confirm no license is needed. Since the text imposes 
no obligations, then them all resolving to the same thing seems OK.


But there is a catch for those people who mark their code with spdx 
license expression.  Would it convey the work to the public domain 
just with such a notice? Or would that be legally insufficient?
Hmmm.. I take it you are thinking about the use of an SPDX identifier in 
source code to identify a license. If we have one "identifier" that can 
refer to a set of different, but similar-in-meaning texts, would it work 
to use the SPDX identifier in source files? Probably not... that 
requires more thought and maybe we'd have to include some specific 
advice on that.


I lean therefore for this to be a special thing. As a special thing, 
we could have the registry of texts that match, presumably with 
replaceable elements for names as such.

not sure what you mean here?


Would there ever be another thing like this? Where many texts map to 
the same thing? That would have the same value in an spdx expression 
but whose backing text would be unknown. For public domain, it doesn't 
matter because there are no obligations because there is no copyright. 
So if it's a special registry, then the matching tooling would need to 
know about this special case.
re: tooling - my thinking is that tools would have to match on the 
designated texts in order to use/identify with the "public-domain" (or 
whatever) id


And how would a putative public-domain label work in spdx expressions? 
Would X AND public-donain just be X? would X OR public-domain be just 
that or just public-domain?
X AND public-domain would be just that - indicating that that 
package/file/snippet includes both license X and a public-domain 
dedication that matches to the set captured by SPDX


Finally, how does jurisdiction play into this with

Re: License list navigation menu item removal

[J Lovejoy]

I also agree with Alexios' and Steve's comments below!

Jilayne

On 5/22/23 9:55 AM, Steve Winslow wrote:
I agree with Alexios' comments in this thread. I would not be in favor 
of “hiding” the license list in the licensing profile.


I think the SPDX License List is broadly used across the ecosystem, 
including by people and projects who are not creating SPDX documents / 
SBOMs. Having this quickly and clearly accessible is worthwhile so 
that newcomers to SPDX (many of whom, I’m guessing, are encountering 
it through “SPDX-License-Identifier:” short-form license IDs in open 
source project source code) can quickly find and learn about the 
License List.


Jordi, I’ve cc’d you here but you may need to join the spdx-legal 
mailing list in order to receive and send messages. (Apologies if you 
already have! I didn’t see your original message, just Phil’s reply to 
it, so I’m guessing it might not have gone through.)


Steve

On May 22, 2023, at 5:46 AM, Alexios Zavras 
 wrote:


I also disagree “hiding” the license list in the licensing profile.
As Phil notes, the SPDX project produces:

  * the specification;
  * the license list; and
  * the libraries in various programming languages.

Maybe we can have these three as the top-level menus (plus an 
“About”, if needed).

-- zvr
*From:*Spdx-legal@lists.spdx.org*On Behalf 
Of*Phil Odence vialists.spdx.org 

*Sent:*Friday, 19 May, 2023 18:34
*To:*Jordi Mon 
;Spdx-legal@lists.spdx.org

*Subject:*Re: License list navigation menu item removal
Jordi,
Thanks for putting this idea out before anything is decided. I know 
that we need to move to get the website in shape for the 3.0 release, 
so this is important. I wanted to share with the Legal Team the 
perspective I provided to you.
I could understand reducing the number of menus. And I agree the 
license list and the licensing profile are related. However, I look 
at the License List as an asset produced by the SPDX group similar to 
the spec. I note that they wireframe changes the name of the Spec 
menu to SPDX Project with specifications under that. It seems to me 
that would be the best place to place the license list if we need to 
reduce the number of menus. We toyed with similar structure in the 
past. Of course the LL would be referenced by the page describing the 
profile.

Phil

*From:*Jordi Mon 
*Date:*Friday, May 19, 2023 at 11:09 AM
*To:*Spdx-legal@lists.spdx.org
*Subject:*License list navigation menu item removal

Hi members of the LC, I'd like to propose the removal of the License 
List navigation menu item and link the pages (License List and 
License IDs) in the soon to be created Licensing Profile 
landing page. In this video I present the case

ZjQcmQRYFpfptBannerStart
*This Message Is From an External Sender*
Do not click links or open attachments unless you recognize the 
sender and know the content is safe.


ZjQcmQRYFpfptBannerEnd
Hi members of the LC,
I'd like to propose the removal of the License List navigation menu 
item and link the pages (*License List*and*License IDs*) in the soon 
to be created Licensing Profile landing page. In thisvideo 
I 
present the case for this and walkthrough the proposed changes in a 
low fidelity prototype. I'd like to know your opinion about this.
Please let me know if this video format makes sense to you or if, 
otherwise, you'd like a written description of the proposed changes. 
The video is set at 1.2x speed but you can change that here:


Best,
--
Jordi Mon Companys
SPDX 
PMM
An international standard to make the software supply chain 
transparent and secure. Hosted at the Linux Foundation. Built by a 
diverse, multinational community.

Image removed by sender.

Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0,www.intel.de 
Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon 
Silva

Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3391): https://lists.spdx.org/g/Spdx-legal/message/3391
Mute This Topic: https://lists.spdx.org/mt/99014749/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

3.21 release timing

[J Lovejoy]

Hi all,

As many of you are aware, we delayed the 3.21 release due to other 
priorities, particularly the 3.0 release candidate. Steve and I 
discussed various scheduling realities and wanted to let you all know 
that we will aim for the first week of June for the 3.21 release, so 
please keep helping out with contributing to issues and PRs in the meantime!


Once the release is done, we'll have a look at the timing of 3.22 as it 
will end up being quite close on the heels of 3.21


Thanks for your patience,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3385): https://lists.spdx.org/g/Spdx-legal/message/3385
Mute This Topic: https://lists.spdx.org/mt/99005602/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Request for Feedback on Proposal

[J Lovejoy]

Thanks Vedant!  We are very excited to have you participate in our 
community!


Vedant will be joining the SPDX-legal call on Thursday, May 25th to 
discuss his proposal, get to know us, and hear any other input about 
your experiences with using the SPDX Online License Submission Tool (we 
really need a better name...)


Thanks,
Jilayne

On 5/15/23 8:04 AM, Vedant Jolly wrote:

Hi everyone, I am Vedant Jolly

I hope this email finds you in good health and high spirits. I am 
writing this email to seek your valuable feedback and suggestions on a 
proposal that I have recently drafted.


I am glad to become one of the contributors to our great community 
this year, and I want to express my sincere gratitude to the community 
and my mentors!!


I have attached the proposal to this email for your review. The 
proposal outlines my ideas for the project that I am planning to 
undertake, and I would greatly appreciate your input on it. Your 
expertise and experience in this field would be incredibly helpful in 
improving the proposal and ensuring its success.


I would be grateful if you could take the time to review the attached 
proposal and share your thoughts with me. Please let me know if you 
have any questions or concerns, and I will be more than happy to 
discuss them with you.


Also, I would be very happy if someone have interest in keeping in 
touch with me during the next couple of months. I believe it will not 
only be helpful to you and me, but also be helpful to the entire 
community!


Regards,
Vedant Jolly




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3384): https://lists.spdx.org/g/Spdx-legal/message/3384
Mute This Topic: https://lists.spdx.org/mt/98916178/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: licenses to review or comment on

[J Lovejoy]

Thanks for the comments!  See updates below and additional issues that 
need attention:


another additional markup to BSD-3-Clause: 
https://github.com/spdx/license-list-XML/issues/1827
(I think this is a good markup addition, but would like another set of 
eyes/comment)


Asterick-exception: https://github.com/spdx/license-list-XML/issues/1971

On 5/15/23 10:43 PM, J Lovejoy wrote:

Hi all,

If we could get some other eyes on the following license requests, 
that would be great!


another Latex2e variation: 
https://github.com/spdx/license-list-XML/issues/1947

- I think this is an easy addition, but need another vote or two

need extra input on naming issue


additional markup that I think we should add, but wanted others to 
comment:

https://github.com/spdx/license-list-XML/issues/1777
https://github.com/spdx/license-list-XML/issues/1778
https://github.com/spdx/license-list-XML/issues/1786
https://github.com/spdx/license-list-XML/issues/1776

DONE: PR made to accommodate these


Linux-man-pages with variation from 
https://spdx.org/licenses/Linux-man-pages-copyleft.html

https://github.com/spdx/license-list-XML/issues/1959
- could this be accommodated with markup or new license??

still need comments on this one


BSD-3-Clause additional markup: 
https://github.com/spdx/license-list-XML/issues/1773

- could use some more comments on this
see additional comments, could use someone other than Steve and I 
weighing in :)


Gov't of Japan Terms of Use (multiple versions): 
https://github.com/spdx/license-list-XML/issues/1925

- also see issues #1942 and #1943
- needs some discussion as these seem to be website terms of use, and 
have some template options as far as I can tell?

still need some input on these


Thanks,
Jilayne




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3383): https://lists.spdx.org/g/Spdx-legal/message/3383
Mute This Topic: https://lists.spdx.org/mt/98920539/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

licenses to review or comment on

[J Lovejoy]

Hi all,

If we could get some other eyes on the following license requests, that 
would be great!


another Latex2e variation: 
https://github.com/spdx/license-list-XML/issues/1947

- I think this is an easy addition, but need another vote or two

additional markup that I think we should add, but wanted others to comment:
https://github.com/spdx/license-list-XML/issues/1777
https://github.com/spdx/license-list-XML/issues/1778
https://github.com/spdx/license-list-XML/issues/1786
https://github.com/spdx/license-list-XML/issues/1776

Linux-man-pages with variation from 
https://spdx.org/licenses/Linux-man-pages-copyleft.html

https://github.com/spdx/license-list-XML/issues/1959
- could this be accommodated with markup or new license??

BSD-3-Clause additional markup: 
https://github.com/spdx/license-list-XML/issues/1773

- could use some more comments on this

Gov't of Japan Terms of Use (multiple versions): 
https://github.com/spdx/license-list-XML/issues/1925

- also see issues #1942 and #1943
- needs some discussion as these seem to be website terms of use, and 
have some template options as far as I can tell?


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3379): https://lists.spdx.org/g/Spdx-legal/message/3379
Mute This Topic: https://lists.spdx.org/mt/98920539/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reminder meeting May17th: Fedora Legal - SPDX Hackfest

[J Lovejoy]

Hi SPDX-legal,

As mentioned previously, the Fedora hackfest was rescheduled to this 
coming Wednesday, May 17th.


It'd be great to have a couple more SPDX-legal folks there to, perhaps, 
review-live any potential new licenses. I think it will also be 
generally insightful as to licensing and package maintaining of the info 
in Fedora packages.


See below and let me know if you can make it!

Thanks,
Jilayne


 Forwarded Message 

Dear all,

You are kindly invited to the meeting:
Fedora Legal - SPDX Hackfest on 2023-05-17 from 10:00:00 to 14:00:00 
US/Eastern

At https://meet.google.com/fiu-jdzq-mws

The meeting will be about:
Hackfest for updating the license field in ELN packages to SPDX license 
expressions.


Google Meet: https://meet.google.com/fiu-jdzq-mws

There will be a short presentation for background and a demo on updating 
a package to start, then we'll work on packages and be available for 
questions and help.


We plan to have more events like this to help package maintainers 
convert License tags in spec files to SPDX syntax.



Source: https://calendar.fedoraproject.org//meeting/10505/

___


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3377): https://lists.spdx.org/g/Spdx-legal/message/3377
Mute This Topic: https://lists.spdx.org/mt/98839499/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

call now (re: 3.0 licensing profile)

[J Lovejoy]

Hi all,

Steve sent a reminder on Monday, but in case people missed getting a more 
typical last minute reminder, we are meeting now!

Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3375): https://lists.spdx.org/g/Spdx-legal/message/3375
Mute This Topic: https://lists.spdx.org/mt/98830837/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

public domain dedication variants in the wild (found in Fedora)

[J Lovejoy]

Hi SPDX-legal

Some time ago, I raised the issue of the possibility of finding a 
proliferation of "public domain "dedication" texts in the course of 
Fedora reviewing package license info to adopt SPDX ids. Please see 
https://lists.spdx.org/g/Spdx-legal/topic/93048752#3202 for the background


Fedora has been "collecting" such texts here 
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt 

and using a specific LicenseRef-Fedora-Public-Domain as a sort of 
placeholder SPDX id.


The idea being, no assessment of how many of these types of dedications 
exist has been collected in one place in order for the SPDX-legal 
community to assess.


I estimate that Fedora has collected about 48 variations of public 
domain statements that are not specifically identified on the SPDX 
License List.  I'm going to assume many of these packages also show up 
in other major distros.


I'd like to raise the conversation as to:
1) Should each unique entry be added to the SPDX License List as a 
standalone entry (like normal, in that one SPDX license id represents a 
specific, identifiable license/set of text)?
2) Should SPDX consider a different approach by defining one SPDX id to 
represent any one of a collection of specifically identified and vetted 
texts?


I'd love to hear your yes or no answer to these questions and why you 
answered as such :)


Also see for background:
https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_updating_existing_packages_callaway_short_name_categories
https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_public_domain 



We likely won't have time to discuss this on Thursday's call, but I 
wanted to start the discussion here and perhaps we can dedicate some 
time at an upcoming meeting.


Thanks,
Jilayne



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3364): https://lists.spdx.org/g/Spdx-legal/message/3364
Mute This Topic: https://lists.spdx.org/mt/98776908/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Reminder: Change Proposal on custom license exceptions / modifiers / additions

[J Lovejoy]

Hi all,

I’ve added some comments to https://github.com/spdx/change-proposal/issues/4 
 and am looking forward to 
coming to a conclusion on our first official use of the Change Proposal process 
at tomorrow’s meeting (and apologies to Alexios that its taken a bit longer 
than we intended). That said, I want to be clear that we will come to a 
conclusion at tomorrow’s meeting - for the reason already stated and because 
this is key to progressing 3.0!!

As for Karsten’s Change Proposal - I have commented there and will repeat here: 
I’d really like to consider and conclude on Alexios’s first. Then proceed to 
consider Karsten’s. While I realize there is some overlap, part of the point of 
implementing the Change Proposal process was to have concrete proposals and 
conclusions. As such, I think we should honor each proposer by giving their 
proposals due and separate consideration.

Thanks,
Jilayne

> On Apr 24, 2023, at 4:21 PM, Karsten Klein  
> wrote:
> 
> Hi all,
>  
> since we are discussing [2] I would like to keep another change proposal not 
> too secret. In [6] I’ve written up a slightly more extensive change proposal 
> that would also cover [2].
> In this change proposal I’m extending the concept of a license modifier to 
> cover different types of modifiers organized in categories (exceptions being 
> one out of currently four).
>  
> See also the yet management amount of discussion in issue [7].
>  
> Perhaps the change proposal offers a perspective that is worthwhile to 
> consider during the discussions on Thursday.
>  
> Please also mind the not yet merged PR [8]. It provides more examples that 
> apply modifiers to convey license application/usage specifics.
>  
> Kind regards,
> Karsten
>  
> [1] https://github.com/spdx/meetings#legal-team-meetings 
> 
> [2] https://github.com/spdx/change-proposal/issues/4 
> 
> [3] https://github.com/spdx/meetings/blob/main/legal/2023-01-12.md 
> 
> [4] https://github.com/spdx/spdx-spec/pull/839/files 
> 
> [5] https://spdx.org/licenses/exceptions-index.html 
> 
>  
> [6] https://github.com/spdx/change-proposal/blob/main/proposals/Modifiers.md 
> 
> [7] https://github.com/spdx/change-proposal/issues/6 
> 
> [8] 
> https://github.com/spdx/change-proposal/blob/2d6420940e2654a860cd79ef1520c0cf205167a7/proposals/Modifiers.md
>  
> 
>  
>  
> From:  on behalf of Steve Winslow 
> 
> Date: Sunday, 23. April 2023 at 13:30
> To: SPDX-legal , spdx-tech 
> 
> Subject: Re: Reminder: Change Proposal on custom license exceptions / 
> modifiers / additions
>  
> Hello SPDX legal and tech teams,
>  
> This Thursday, April 27th at 12:00 EDT, during our regularly scheduled legal 
> team meeting [1], we will be discussing and finalizing on the details of the 
> change proposal for custom license "additions" [2]. This follows from the 
> previous meeting on January 12 where this was discussed. [3]
>  
> Based on the discussion in the change proposal thread, I am seeing greatest 
> consensus for the use of `AdditionRef-` as the prefix for custom 'additions' 
> to license text, as reflected in Alexios's PR at [4]. As previously agreed, 
> the SPDX Exceptions List itself [5] would continue to be limited to solely 
> exceptions to license conditions / additional permissions. `AdditionRef-` as 
> a prefix would then be used for custom identifiers that are _not_ on the 
> Exceptions List, to represent any additional text added to a license which is 
> not a standalone license itself.
>  
> I would ask that folks who will attend the April 27th meeting please review 
> the threads linked below so that we can finalize on the decision during that 
> call.
>  
> Best,
> Steve
>  
> [1] https://github.com/spdx/meetings#legal-team-meetings 
> 
> [2] https://github.com/spdx/change-proposal/issues/4 
> 
> [3] https://github.com/spdx/meetings/blob/main/legal/2023-01-12.md 
> 
> [4] https://github.com/spdx/spdx-spec/pull/839/files 
> 
> [5] https://spdx.org/licenses/exceptions-index.html 
> 
>  
> On Tue, Mar 28, 2023 at 3:01 PM Steve Winslow via lists.spdx.org 
>   > wrote:
>> Hello spdx-legal and spdx-tech team lists,
>>  
>> As a 

Re: Upcoming Fedora Legal hackfest - converting to SPDX IDs

[J Lovejoy]

Hi all,

We/Fedora have rescheduled the ELN Hackfest for Wednesday, May 17th.  
Same time and meeting info as below. I'll send a reminder a few days out.


Sorry for the last minute notice!

Cheers,
Jilayne

On 4/17/23 11:53 AM, J Lovejoy wrote:

Time corrections from the original announcement:

14:00 - 18:00 UTC
10:00 - 14:00 EDT
16:00 - 20:00 CEST


On 4/17/23 10:51 AM, J Lovejoy wrote:

Hi SPDX-legal,

As you all are well aware, Fedora has adopted the use of SPDX ids in 
its package metadata. So far, Fedora package maintainers have been 
updating the license info for their packages at their own pace. To 
speed things up a bit and offer some help on potential challenges, 
Fedora-legal is holding a hackfest on April 26th.


I'd love to have a few SPDX-legal team members to help answer any 
SPDX-related questions and potentially be able to add/review/make a 
decision on new license submissions, if need be.


See details below.

(cc'ing tech team also, in case anyone is interested generally)

Thanks!
Jilayne


 Forwarded Message 
Subject:Upcoming Fedora Legal hackfest - converting to SPDX IDs
Date:   Mon, 17 Apr 2023 11:35:36 -0400
From:   David Cantrell 
To: devel-annou...@lists.fedoraproject.org
CC: 	jlove...@redhat.com, rfont...@redhat.com, msu...@redhat.com, 
dcantr...@redhat.com




Fedora Legal will be conducting a hackfest on April 26, 2023 during a 
four

hour block. Information is on the SIGs calendar:

https://calendar.fedoraproject.org/SIGs/2023/4/26/

We will be focusing on the ELN package set in Fedora and preparing pull
requests for those packages to convert the License tag to a valid SPDX
expression. There will be a short presentation and [hopefully] a video
walking through an example package and the steps we want package 
maintainers

to follow.

If you can make it, great! We expect to do more of these events in the
future.


What

Hackfest for updating the license field in ELN packages to SPDX license
expressions.

Date

Wednesday, April 26, 2023

Time

10:00 - 14:00 US eastern time
18:00 - 22:00 Central European time

Where

Google Meet: https://meet.google.com/fiu-jdzq-mws
(chat.fedoraproject.org information coming soon...awaiting new chat room)

How

There will be a short presentation for background and a demo on 
updating a

package to start, then we'll work on packages and be available for
questions and help.

We plan to have more events like this to help package maintainers convert
License tags in spec files to SPDX syntax.

Thanks,

--
David Cantrell
Red Hat, Inc. | Boston, MA | EST5EDT







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3358): https://lists.spdx.org/g/Spdx-legal/message/3358
Mute This Topic: https://lists.spdx.org/mt/98324050/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

licenses that need review

[J Lovejoy]

Hi all,

Especially since we have the Change Proposal to discuss on this week's 
call, it'd be great if we could move some license requests forward 
outside of a meeting :)


Issues that need additional reviewers:
https://github.com/spdx/license-list-XML/issues/1912 (another OpenSSL 
exception that we didn't previously add)

https://github.com/spdx/license-list-XML/issues/1921 (Interface exception)
https://github.com/spdx/license-list-XML/issues/1926 (MIT-Xfig)
https://github.com/spdx/license-list-XML/issues/1939 (Libpri exception)

Thanks!
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3357): https://lists.spdx.org/g/Spdx-legal/message/3357
Mute This Topic: https://lists.spdx.org/mt/98487475/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Upcoming Fedora Legal hackfest - converting to SPDX IDs

[J Lovejoy]

Time corrections from the original announcement:

14:00 - 18:00 UTC
10:00 - 14:00 EDT
16:00 - 20:00 CEST


On 4/17/23 10:51 AM, J Lovejoy wrote:

Hi SPDX-legal,

As you all are well aware, Fedora has adopted the use of SPDX ids in 
its package metadata. So far, Fedora package maintainers have been 
updating the license info for their packages at their own pace. To 
speed things up a bit and offer some help on potential challenges, 
Fedora-legal is holding a hackfest on April 26th.


I'd love to have a few SPDX-legal team members to help answer any 
SPDX-related questions and potentially be able to add/review/make a 
decision on new license submissions, if need be.


See details below.

(cc'ing tech team also, in case anyone is interested generally)

Thanks!
Jilayne


 Forwarded Message 
Subject:Upcoming Fedora Legal hackfest - converting to SPDX IDs
Date:   Mon, 17 Apr 2023 11:35:36 -0400
From:   David Cantrell 
To: devel-annou...@lists.fedoraproject.org
CC: 	jlove...@redhat.com, rfont...@redhat.com, msu...@redhat.com, 
dcantr...@redhat.com




Fedora Legal will be conducting a hackfest on April 26, 2023 during a four
hour block. Information is on the SIGs calendar:

https://calendar.fedoraproject.org/SIGs/2023/4/26/

We will be focusing on the ELN package set in Fedora and preparing pull
requests for those packages to convert the License tag to a valid SPDX
expression. There will be a short presentation and [hopefully] a video
walking through an example package and the steps we want package 
maintainers

to follow.

If you can make it, great! We expect to do more of these events in the
future.


What

Hackfest for updating the license field in ELN packages to SPDX license
expressions.

Date

Wednesday, April 26, 2023

Time

10:00 - 14:00 US eastern time
18:00 - 22:00 Central European time

Where

Google Meet: https://meet.google.com/fiu-jdzq-mws
(chat.fedoraproject.org information coming soon...awaiting new chat room)

How

There will be a short presentation for background and a demo on updating a
package to start, then we'll work on packages and be available for
questions and help.

We plan to have more events like this to help package maintainers convert
License tags in spec files to SPDX syntax.

Thanks,

--
David Cantrell
Red Hat, Inc. | Boston, MA | EST5EDT





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3352): https://lists.spdx.org/g/Spdx-legal/message/3352
Mute This Topic: https://lists.spdx.org/mt/98324050/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Upcoming Fedora Legal hackfest - converting to SPDX IDs

[J Lovejoy]

Hi SPDX-legal,

As you all are well aware, Fedora has adopted the use of SPDX ids in its 
package metadata. So far, Fedora package maintainers have been updating 
the license info for their packages at their own pace. To speed things 
up a bit and offer some help on potential challenges, Fedora-legal is 
holding a hackfest on April 26th.


I'd love to have a few SPDX-legal team members to help answer any 
SPDX-related questions and potentially be able to add/review/make a 
decision on new license submissions, if need be.


See details below.

(cc'ing tech team also, in case anyone is interested generally)

Thanks!
Jilayne


 Forwarded Message 
Subject:Upcoming Fedora Legal hackfest - converting to SPDX IDs
Date:   Mon, 17 Apr 2023 11:35:36 -0400
From:   David Cantrell 
To: devel-annou...@lists.fedoraproject.org
CC: 	jlove...@redhat.com, rfont...@redhat.com, msu...@redhat.com, 
dcantr...@redhat.com




Fedora Legal will be conducting a hackfest on April 26, 2023 during a four
hour block. Information is on the SIGs calendar:

https://calendar.fedoraproject.org/SIGs/2023/4/26/

We will be focusing on the ELN package set in Fedora and preparing pull
requests for those packages to convert the License tag to a valid SPDX
expression. There will be a short presentation and [hopefully] a video
walking through an example package and the steps we want package maintainers
to follow.

If you can make it, great! We expect to do more of these events in the
future.


What

Hackfest for updating the license field in ELN packages to SPDX license
expressions.

Date

Wednesday, April 26, 2023

Time

10:00 - 14:00 US eastern time
18:00 - 22:00 Central European time

Where

Google Meet: https://meet.google.com/fiu-jdzq-mws
(chat.fedoraproject.org information coming soon...awaiting new chat room)

How

There will be a short presentation for background and a demo on updating a
package to start, then we'll work on packages and be available for
questions and help.

We plan to have more events like this to help package maintainers convert
License tags in spec files to SPDX syntax.

Thanks,

--
David Cantrell
Red Hat, Inc. | Boston, MA | EST5EDT


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3351): https://lists.spdx.org/g/Spdx-legal/message/3351
Mute This Topic: https://lists.spdx.org/mt/98324050/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

meeting at top of hour

[J Lovejoy]

Hi all,

We have our regular SPDX-legal meeting at the top of the hour at 
https://meet.jit.si/SPDXLegalMeeting


Given we have a release due at the end of April, let's focus on 
decisions for pending license requests and assigning PRs for those accepted.

https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label%3A%22new+license%2Fexception+request%22

Thanks!
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3350): https://lists.spdx.org/g/Spdx-legal/message/3350
Mute This Topic: https://lists.spdx.org/mt/98242943/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

licenses to review

[J Lovejoy]

Hi SPDX-legal,

Here are a few issues for licenses that could use another reviewer or 
two - please have a look so we can log decisions on these!


Widget - https://github.com/spdx/license-list-XML/issues/1860
Bellcore - https://github.com/spdx/license-list-XML/issues/1863
Latex2e translation variant - 
https://github.com/spdx/license-list-XML/issues/1888

MIT-Festival - https://github.com/spdx/license-list-XML/issues/1911
vsftpd-openssl-exception - 
https://github.com/spdx/license-list-XML/issues/1870
Open Parliment Licence - 
https://github.com/spdx/license-list-XML/issues/1788
Label Commons Public License - 
https://github.com/spdx/license-list-XML/issues/1765


ASWF Digital Assets License 1.0 and 1.1 - these have been hanging around 
for some time, so we really need to close out. We have a sort of 2.5 out 
of 3 to accept, so might be good to have another person weigh in?

https://github.com/spdx/license-list-XML/issues/1550
https://github.com/spdx/license-list-XML/issues/1551

Thanks!
Jilayne





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3349): https://lists.spdx.org/g/Spdx-legal/message/3349
Mute This Topic: https://lists.spdx.org/mt/98129885/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: GSOC 2023

[J Lovejoy]

For a bit of background for the rest of SPDX-legal: As you know we have 
project submitted for GSoC, and proposals are due next week! Banula has 
created a proposal and is looking for some feedback, which I suggested 
be done to the greater SPDX-legal community on ideas.


Banula - perhaps you could ask for feedback on a couple specific items 
via email to make it easier for people to respond if they don't have 
time to read the entire proposal?


Thanks,
Jilayne

On 3/27/23 1:55 PM, Banula Kumarage wrote:

Hi Guys,

I am Banula Kumarage and I am applying for GSOC this year for the 
project of *Increasing Functionality of SPDX online tools*. The main 
purpose of the project is to enhance the features to make it more 
useful to its main user which is the *SPDX-legal team*. Therefore, any 
suggestion regarding the project is highly appreciated.


Currently I'm referring to this document:
https://docs.google.com/document/d/1NUQgUZ6-yIBGZsCCiTR31-xY2A2LImZiQlnVHNu5Ekc/edit# 



Thank you
--
Sincerely,
Banula Kumarage
mobile: +94711266278




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3347): https://lists.spdx.org/g/Spdx-legal/message/3347
Mute This Topic: https://lists.spdx.org/mt/97890768/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

spdx-legal meeting today

[J Lovejoy]

Hi all,

We have a meeting at noon eastern time today. Let’s have a look at:
- Steve’s PR as per his previous email, see 
https://github.com/spdx/license-list-XML/pull/1883 codifying the exceptions 
criteria as discussed a couple meeting ago (this is simply capturing what we’ve 
been doing, as that was not documented, so should not be controversial)

- a few issues that relate to “exceptions” or something like an exception: 
https://github.com/spdx/license-list-XML/issues/1672
https://github.com/spdx/license-list-XML/issues/1798

GSoC update: we have a few students interested in the GSoC project for 
improving the SPDX online license submission tool and xml editor. Rohit and I 
are the mentors for the project. I’ve encouraged them to get familiar with 
using the tool and the process, so if you see issues or PRs marked “TEST” that 
is why. Please feel free to comment, answer questions,  and otherwise support 
these contributors!

Thanks,
Jilayne



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3344): https://lists.spdx.org/g/Spdx-legal/message/3344
Mute This Topic: https://lists.spdx.org/mt/97801285/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

call today at top of the hour

[J Lovejoy]

Hi all,

We have our usual call at the top of the hour. Now that the big 3.20 
release is out, we'll reset on some process-related stuff, look at some 
of the issues that didn't get addressed, and plan for the next round!


Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3335): https://lists.spdx.org/g/Spdx-legal/message/3335
Mute This Topic: https://lists.spdx.org/mt/97186372/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

working session in 40', updates related to new license process and 3.20 release

[J Lovejoy]

Hi all,

I have now updated the process documentation  at 
https://github.com/spdx/license-list-XML/blob/main/DOCS/request-new-license.md 

 with links to the videos Steve and I made in December. We will hopefully re-do 
the videos at some point, but better than nothing! Note - the functionality for 
making a PR from the online tool is now working, so that part of the video I 
recorded that says it’s not working is wrong.

Mary and I are meeting at 3pm Pacific time to go over making the PRs for new 
licenses - feel free to join on the Legal Jitsi, if you want help! (Sorry for 
late notice) https://meet.jit.si/SPDXLegalMeeting 


Thanks,
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3325): https://lists.spdx.org/g/Spdx-legal/message/3325
Mute This Topic: https://lists.spdx.org/mt/96887549/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

call today

[J Lovejoy]

Hi all,

We have our call today, here are a few other agenda items and some 
issues that need some eyeballs (and then maybe we don't need to discuss) 
and


1) GSoC proposal for updates to license submission (and file creation) tool
2) update on spec 3.0 and licensing profile?
3) closing out 3.20 - issues that need attention:

 * https://github.com/spdx/license-list-XML/issues/1720 - license only
   used on fitsio project, does anyone know of more or significance of
   this project?
 * https://github.com/spdx/license-list-XML/issues/1731 - similar
   question as for fitsio
 * https://github.com/spdx/license-list-XML/issues/1765
 * https://github.com/spdx/license-list-XML/issues/1746 - I think we
   need someone else to weigh in? - relates to
   https://github.com/spdx/license-list-XML/issues/1722, which I think
   can be marked as accepted?
 * https://github.com/spdx/license-list-XML/issues/1773 - markup or new
   license?
 * https://github.com/spdx/license-list-XML/issues/1775 - I think just
   needs final decision on name
 * https://github.com/spdx/license-list-XML/issues/1672 - to discuss


Thanks,

Jilayne





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3324): https://lists.spdx.org/g/Spdx-legal/message/3324
Mute This Topic: https://lists.spdx.org/mt/96854733/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: SPDX in GSoC 2023!

[J Lovejoy]

Thank Rohit! That would be awesome!

On 2/9/23 1:44 AM, Rohit Lodha wrote:


Hey Jilayne,

I would be happy to co-mentor this project on spdx-online-tools. Apart 
from this idea, we can include many other open issues especially 
around testing improvements which can be taken up as part of the 
project to make it a complete 12 week project.


I missed mentoring last year as I was fully occupied with work. I have 
mentored couple of projects on the online tools couple of years back.


I'll update the GSoC ideas repo and include other features/tests to be 
part of the project.


Let me know if that works.

Thanks,

Rohit Lodha





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3323): https://lists.spdx.org/g/Spdx-legal/message/3323
Mute This Topic: https://lists.spdx.org/mt/96549538/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: SPDX in GSoC 2023!

[J Lovejoy]

Hi SPDX-legal,

I have added a potential project for GSoC related to improvements to the 
SPDX License Submission tool, especially as relates to generating the 
files once a license is accepted.


You can see it here: 
https://github.com/spdx/GSoC/blob/main/2023_ideas.md (plus a PR I have 
to add some more bits)


Further feedback and ideas are welcome.

We also need another mentor - does anyone in the SPDX-legal community 
have Django and Python programming skills by any chance?? :)


Thanks,
Jilayne

On 1/26/23 11:32 AM, Alexios Zavras wrote:


Hi everyone!

As every year, Google runs their Summer of Code program, where 
contributors get the opportunity to become part of Open Source 
communities. The SPDX Project has participated in the program in a 
number of years in the past. The way it works is that we publish 
project ideas and, if selected, newcomers to open source express their 
interest in them. The ones finally selected will spend their summer 
writing code under the guidance of mentors from our project. In order 
for contributors to join our community and help us, we have to publish 
a set of ideas where help is needed!


Therefore, this is a plea for *ideas* – and more importantly, 
*mentors* who can guide the new contributors and help them accomplish 
their projects!


Firstly, we are looking for *project ideas*! Either small or large, 
either incremental improvements to existing open source code or new 
pieces of software; everything is welcome!


Please read the basics on 
https://google.github.io/gsocguides/mentor/defining-a-project-ideas-list.html 
and then write a couple of lines on your great idea.


I’ve (hastily) created a special repo for all this: 
https://github.com/spdx/GSoC


Feel free to create PRs with your ideas!

Perhaps even more important than ideas, we are also looking for 
*mentors*! Please get in contact via the repo if you are willing to 
help new members become active participants to SPDX this summer. Each 
project should have at least two mentors (a primary and a secondary 
one) who will guide the contributors in their journey.


Feel free to open an issue in the repo if you want to discuss in more 
detail any of the above.


Looking forward to lots of participation!

-- zvr

PS. I’ve already added a project idea: help on the spec generation 
from our model files.


Off the top of my head I can think of other ideas like:

  * Outreach: help with the website
  * Legal: help with license submission tools, help with bulk import
from other license lists
  * Tech: help with SPDXv3 implementation in Java, Go, etc.

But all these need mentors, otherwise they cannot be realistically 
proposed.


Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de 
Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3321): https://lists.spdx.org/g/Spdx-legal/message/3321
Mute This Topic: https://lists.spdx.org/mt/96549538/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: 
https://lists.spdx.org/g/Spdx-legal/leave/2655900/21656/2011363115/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

regular meeting at top of the hour!

[J Lovejoy]

Sorry for the short notice reminder.

Given the end of the month and next release time frame is rapidly approaching, 
we’ll focus today’s meeting on divvying up work to get licenses added. 

I also want to touch base on documentation update from our last call in 
December.

Thanks!
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3318): https://lists.spdx.org/g/Spdx-legal/message/3318
Mute This Topic: https://lists.spdx.org/mt/96546915/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: SPDX should take a stronger stance against vanity/promotional licenses

[J Lovejoy]

Hi Kyle,

You raise some specific points that highlight some things we have worked 
on recently, so responding here inline.


Jilayne

On 1/24/23 4:13 PM, Kyle Mitchell wrote:

If distros are seeing packaged-but-not-identified licenses
in numbers to the point of pain, I'd suggest addressing that
pain directly.  Perhaps by laying a wider pipe from distros'
workflows to SPDX's.
Richard and I have been working on that given Fedora's recent adoption 
of SPDX id's for Fedora's license metadata. The "pipe" is not exactly 
smooth or efficient at this point, but sometimes you need to open the 
flow and then sort out the plumbing :)


 From personal experience, the biggest blocks might actually
be the XML schema and just reading through all the process
doc.  If SPDX had a special track for identification based
on calls from popular distros, and the distros could submit
plain text terms and have them formatted for inclusion by
someone else, would that flush the backlog?
We just adopted something along these lines in terms of trying to make 
it easier for the review process step by needing 2 (instead of 3) 
SPDX-legal folks to approve. See the update to the Review Process, 
(1)(ii) 
https://github.com/spdx/license-list-XML/blob/main/DOCS/request-new-license.md
We still simply need more people comfortable with reviewing and 
commenting, though.


To help with identifying licenses as per above, we have a new label to 
make it easier to spot these submissions, but have yet to go through all 
submissions and apply it.

https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label%3A%22used+in+major+distro%22

We are also trying to work on better documentation all around, it's 
coming along and has actually improved a lot recently, but always more 
to do and not enough hands and time!



As for motivations, I've sever seen SPDX identification as
approval.  I don't expect it's ever made a license popular.
And I've yet to meet any dev who does.
I'm glad to hear this as I don't and never have seen those kinds of 
values as the role of SPDX License List. It should be rather dry.


That being said, there are, even if it's a small percentage, of people 
who seem to attach some (mis)placed value. I think at times, this drives 
their submissions. And, going on my subjective memory and experience, it 
certainly feels like those submissions can end up soaking up more time, 
as someone from SPDX-legal has to explain that their license is not 
accepted and why, which can often include explaining some basic facts 
about SPDX and the SPDX License List, and in doing so, manage the 
submitter's reaction. This takes valuable time and energy. We have tried 
in various places that are a "point of entry" to remind people to 
familiarize themselves with the SPDX landscape before submitting a 
license, but you know what they say about leading a horse to water...


I'm all ears for any better way to deal with these kinds of submissions 
(back to Richard's email...)




The motivation I've seen and felt comes from where and how
the list has been used.  Not necessarily as originally
intended.  I've brought licenses here because package
manager metadata warnings are annoying.  I take it the
distro people might be irked in similar ways.  Both probably
seem insubstantial, looking over from the other side.  But a
few kB of XML file in a GitHub repo is pretty cheap cure.


if we can just get people to help creating the XML files... then yes :)


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3310): https://lists.spdx.org/g/Spdx-legal/message/3310
Mute This Topic: https://lists.spdx.org/mt/96510436/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: SPDX should take a stronger stance against vanity/promotional licenses

[J Lovejoy]

Thanks for this write-up, Richard.

Having spent an exorbitant amount of my time over the years of my 
involvement in SPDX trying to politely say "no" to licenses for the 
reasons you describe below, I cannot begin to express how much I would 
welcome a way to make that easier and quicker.


(That is not to say that we should not be polite! I take a lot of joy in 
the congeniality of the SPDX-legal community - it's a big part of what 
keeps me around :)


This reminds me that I think I had submitted a PR when we were working 
on our "documentation release" to swap factors #2 and #3, as it seemed 
like the substantial use factor should be higher up the list. I think we 
may have even discussed this on a call. But changing the inclusion 
guidelines (even ordering) is a big deal and Steve reminded me that is 
more apt for a formal Change Proposal or its own discussion.


https://github.com/spdx/license-list-XML/blob/main/DOCS/license-inclusion-principles.md
Looking again now at how the factors are organized - we could probably 
do a bit better on the "ordering" and grouping than simply swapping 2 
and 3. Some of the "definitive" factors aren't really factors. For 
example, A and D are more of threshold questions; and B is more of a 
policy that we always have had, but never wrote down anywhere. E is 
important, but not sure it's definitive (it's also a bit of a warning). 
Anyway, if someone wants to put some more "definitive" suggestions on 
paper (the Change Proposal format would be useful here, I think) that 
would be great. (I would, but I'm up to my ears in other things, so I 
won't get to it for a bit.)


Thanks,
Jilayne

On 1/24/23 5:07 PM, Ria Schalnat (HPE) wrote:

+1 to Richard!

-Original Message-
From:Spdx-legal@lists.spdx.orgOn Behalf Of 
Richard Fontana
Sent: Tuesday, January 24, 2023 3:30 PM
To: SPDX-legal
Subject: SPDX should take a stronger stance against vanity/promotional licenses

As I've been following the issue queue for 
github.com/spdx/license-list-XML/issues over the past several months, it seems 
to me that you get a significant number of license submissions like this latest 
one:
https://github.com/spdx/license-list-XML/issues/1790

The pattern is, someone has drafted their own license, it either isn't being 
used at all in the real world or it is being used for a few insignificant 
projects of the license author. In some cases the license seems to be connected 
to some contemplated commercial activity of the license submitter. Presumably 
SPDX license list inclusion is seen as a way of legitimizing or popularizing 
the novel license. I am quite familiar with this sort of phenomenon from my 
past involvement with the OSI, where the nature of the OSI process as it was 
historically defined seemed to unintentionally result in many license 
submissions of this sort.

When I look at the SPDX license inclusion guidelines, I am concerned that this sort of 
behavior is not sufficiently discouraged. The guidelines say "The license has 
actual, substantial use such that it is likely to be encountered. Substantial use may be 
demonstrated via use in many projects, or in one or a few significant projects. For new 
licenses, there are definitive plans for the license to be used in one or a few 
significant projects."
But this is not one of the "definitive" factors and it is the third of a list of non-definitive 
factors that are given "roughly in order of importance". Someone might understandably conclude that 
"substantial use" isn't too important to SPDX.

My main criticism of the SPDX license list from years ago was that it was not 
representative of the makeup of the FOSS project world that I was seeing in Linux 
distribution packages and other software I encountered in my work. I have been engaged in 
trying to get the SPDX license list to more accurately reflect the state of widely-used 
FOSS today and it is frustrating to see repeated examples of vanity license submissions. 
I suggest that the license inclusion principles should be revised to elevate and perhaps 
strengthen the "substantial use"
requirement and the maintainers of license-list-XML should more actively make 
clear that such licenses are generally inappropriate for the SPDX license list.

Richard














-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3309): https://lists.spdx.org/g/Spdx-legal/message/3309
Mute This Topic: https://lists.spdx.org/mt/96510436/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

joint legal and tech call Thursday, Jan 12th - Change Proposal: ExceptionRef

[J Lovejoy]

Hi all,

This is a reminder that Thursday, Jan 12th at the regular legal-team call time, 
we will have a joint call for the tech and legal teams to discuss the change 
proposal:
https://github.com/spdx/change-proposal/issues/4 
   Please see discussion so 
far at: https://github.com/spdx/change-proposal/issues/4 


The meeting will be Thursday at noon US eastern time at 
https://meet.jit.si/SPDXLegalMeeting  


Thanks,
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3303): https://lists.spdx.org/g/Spdx-legal/message/3303
Mute This Topic: https://lists.spdx.org/mt/96188709/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

SPDX-legal meeting - reviewing and making PRs for licenses

[J Lovejoy]

Hi all,

As discussed on our last call, we'll have our regularly scheduled 
meeting Thurs, Dec 22 at noon Eastern US time.


We'll use the time to go through the review of a license and how to make 
a PR for the necessary files. We also have a few "to discuss" items.


Thanks!
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3297): https://lists.spdx.org/g/Spdx-legal/message/3297
Mute This Topic: https://lists.spdx.org/mt/95822052/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Mismatches between OSI and SPDX

[J Lovejoy]

Awesome, Gary! Thanks for the update. Looks like some of the items 
listed in the issue you link to are on Max's list, so that's good.


Jilayne

On 12/9/22 12:12 PM, Gary O'Neall wrote:

One more input on this discussion - I've been collaborating with OSI on a more 
automated way of keeping the SPDX and OSI license lists in sync.

This issue tracks the remaining items that need correction to the OSI 
data:https://github.com/OpenSourceOrg/licenses/issues/62

Note that some of these also impact what is on the OSI website.

Once all of the issues have been addressed and assuming no new issue have been 
introduced, I plan to enhance the tools that generate our license list data to 
keep the OSI related data in sync when we publish a new version of the license 
list.

Gary


-Original Message-
From:Spdx-legal@lists.spdx.orgOn Behalf Of
Richard Fontana
Sent: Friday, December 9, 2022 7:27 AM
To: Max Mehl
Cc:spdx-legal@lists.spdx.org
Subject: Re: Mismatches between OSI and SPDX

On Fri, Dec 9, 2022 at 4:22 AM Max Mehl
wrote:


In my organisation, we define all licenses approved by OSI as valid Open

Source licenses. However, we also increasingly rely on SPDX and therefore
also its license list.

Recently, we found several mismatches between OSI’s list of approved

licenses [1] and the licenses marked as OSI-approved in SPDX’s list [2].

Certainly, some of these issues are on OSI’s side (e.g., misleading links or

wrong SPDX identifiers). But most mismatches are from licenses on SPDX’s list
that cannot be found on the OSI website.

I documented my findings for all issues in this gist:

https://gist.github.com/mxmehl/1e7a3aed4ff14a8ddfd4aff8ab4de552

Now, I am sure I’m not the first who notices this. Is this a known problem?

Is the OSI website incomplete and/or SPDX list incorrect? What can we do to

better align both sources?

[1]:https://opensource.org/licenses/alphabetical

[2]:
https://github.com/spdx/license-list-data/blob/v3.19/json/licenses.jso
n

Not speaking for SPDX or OSI: To some degree this is a known problem, and
possibly viewable as not a problem in some cases. Some issues I see
embodied in your list:

1. In some cases licenses published on the OSI website are incorrect in the
sense that they do not match widely used versions of the license text that the
OSI probably intended to be the approved license text. I think these cases have
all been noticed through activity related to creation or adoption of SPDX
identifiers -- for example, Fedora recently adopted use of SPDX identifiers for
package license metadata and early on it was noticed that the license SPDX
calls Python-2.0, which I assume is a faithful copy of the corresponding license
text from the OSI website, does not actually match the license (or "license
stack") text used in known releases of CPython, so SPDX added Python-2.0.1
to capture the latter text. There is a similar situation involving the Artistic
License 1.0.

I think it is not reasonable to expect the OSI to have historically applied the
degree of rigor SPDX applies in associating an identifier with a matchable
license text (where "matching" is a concept that SPDX has itself defined). This
simply didn't exist in FOSS before SPDX; it was foreign to the culture. I'm not
excusing outright mistakes in published licenses though (see e.g.
https://github.com/spdx/license-list-XML/issues/1653). For submitted
licenses, I can tell you from my time on the board that OSI assumes the
license submitter has the correct text. In some cases the "incorrect" text gets
adopted by projects, at which point it is questionable whether it is really
incorrect.

2. You list some cases of 'WITH' expressions. The OSI has been reluctant to
approve license exceptions, except in a few special cases where the exception
(or exception coupled with a standard license) is itself thought of as a single
license (e.g. LGPL version 3; ec0s-2.0 is also like this). From my recollection 
of
my time on the OSI board, the main concern was the potential numerosity of
license submissions if the OSI encouraged submission of exceptions. There's
been a tendency to assume that typical types of GPL exceptions are legit (for a
GPL-world notion of legit) because they conform to the model of a grant of
additional permission -- I need to comment on this issue on another recent
thread.

3. The OSI website IIRC does not list (though still publishes?) certain licenses
or license versions considered by the license steward to be deprecated. Not
sure if that accounts for anything on your list.

4. Use of SPDX identifiers: Probably the main issue here today is that an SPDX
identifier gets adopted after the approval of the license by the OSI (for most
OSI-approved licenses in recent memory).

One basic issue here, which is not really acknowledged by anyone, is that the
kinds of things the OSI has been historically approving are not the same kinds
of things that SPDX assigns identifiers to. For example, the OSI has approved a
license 

Re: Mismatches between OSI and SPDX

[J Lovejoy]

Hi again Max, and thanks Richard for filling in on some of this.

Max - While you are not the first person who has asked about some of 
these, you might be the first person to have done such a thorough review!


When SPDX decided that every license ever approved by the OSI should be 
included on the SPDX License List and the OSI decided to adopt use of 
the SPDX license ids in their URLs and on the license pages, it kicked 
off a bunch of work by both sides. I led that on the SPDX side and 
collaborated with a handful of OSI board members over a few years. We 
didn't get everything perfectly tidied up, so much of what you are 
noticing are the things that we sorted out, but maybe didn't get to an 
ideal end result.


This has made me think that this history/background would probably be a 
good to document some of these known issues because 1) digging through 
email archives is not exactly time efficient or intuitive;  2) if a few 
people have asked a similar thing, it'd probably be good to document; 
and 3) relying on one person's memory is not a sustainable model!


To that end, I've taken your list and started to create a page in the 
SPDX Legal List DOCS area to document/explain this all. This is a PR 
in-progress at this point. It will take a bit of time to get it in 
proper shape and merged, but at least it's a start! 
https://github.com/spdx/license-list-XML/pull/1738


I may have a few questions for you as to what exactly you observed in 
your research and will follow-up accordingly. Stay tuned.


Thanks,
Jilayne

On 12/9/22 8:26 AM, Richard Fontana wrote:

On Fri, Dec 9, 2022 at 4:22 AM Max Mehl  wrote:


In my organisation, we define all licenses approved by OSI as valid Open Source 
licenses. However, we also increasingly rely on SPDX and therefore also its 
license list.

Recently, we found several mismatches between OSI’s list of approved licenses 
[1] and the licenses marked as OSI-approved in SPDX’s list [2].

Certainly, some of these issues are on OSI’s side (e.g., misleading links or 
wrong SPDX identifiers). But most mismatches are from licenses on SPDX’s list 
that cannot be found on the OSI website.

I documented my findings for all issues in this gist:

https://gist.github.com/mxmehl/1e7a3aed4ff14a8ddfd4aff8ab4de552

Now, I am sure I’m not the first who notices this. Is this a known problem?

Is the OSI website incomplete and/or SPDX list incorrect? What can we do to 
better align both sources?

[1]:https://opensource.org/licenses/alphabetical

[2]:https://github.com/spdx/license-list-data/blob/v3.19/json/licenses.json

Not speaking for SPDX or OSI: To some degree this is a known problem,
and possibly viewable as not a problem in some cases. Some issues I
see embodied in your list:

1. In some cases licenses published on the OSI website are incorrect
in the sense that they do not match widely used versions of the
license text that the OSI probably intended to be the approved license
text. I think these cases have all been noticed through activity
related to creation or adoption of SPDX identifiers -- for example,
Fedora recently adopted use of SPDX identifiers for package license
metadata and early on it was noticed that the license SPDX calls
Python-2.0, which I assume is a faithful copy of the corresponding
license text from the OSI website, does not actually match the license
(or "license stack") text used in known releases of CPython, so SPDX
added Python-2.0.1 to capture the latter text. There is a similar
situation involving the Artistic License 1.0.

I think it is not reasonable to expect the OSI to have historically
applied the degree of rigor SPDX applies in associating an identifier
with a matchable license text (where "matching" is a concept that SPDX
has itself defined). This simply didn't exist in FOSS before SPDX; it
was foreign to the culture. I'm not excusing outright mistakes in
published licenses though (see e.g.
https://github.com/spdx/license-list-XML/issues/1653). For submitted
licenses, I can tell you from my time on the board that OSI assumes
the license submitter has the correct text. In some cases the
"incorrect" text gets adopted by projects, at which point it is
questionable whether it is really incorrect.

2. You list some cases of 'WITH' expressions. The OSI has been
reluctant to approve license exceptions, except in a few special cases
where the exception (or exception coupled with a standard license) is
itself thought of as a single license (e.g. LGPL version 3; ec0s-2.0
is also like this). From my recollection of my time on the OSI board,
the main concern was the potential numerosity of license submissions
if the OSI encouraged submission of exceptions. There's been a
tendency to assume that typical types of GPL exceptions are legit (for
a GPL-world notion of legit) because they conform to the model of a
grant of additional permission -- I need to comment on this issue on
another recent thread.

3. The OSI website IIRC does not list (though still 

Change proposal, 2023 meeting schedule, etc.

[J Lovejoy]

Hi SPDX legal and tech teams,

I’m cross-posting this for wider visibility as some of this impacts both teams:

In regard to legal team meetings for the rest of 2022: we will have our 
regularly scheduled meeting on Dec 22nd and use that time as a working session 
to help go through the process for reviewing licenses and creating PRs (XML and 
txt files) for new submissions for anyone who wants to bring questions, etc.

We still need to have a cross-team meeting to discuss and decide on the Change 
Proposal for adding ExceptionRef- 
https://github.com/spdx/change-proposal/issues/4 

Considering it’s now the end of the year, we will schedule a discussion on this 
topic for the first SPDX-legal team meeting of 2023 on Jan 12th @ noon Eastern 
time, US. Steve will send a single invite for the Jan 12th to both teams. 
Please keep an eye out for that and feel free to add comments to the issue in 
the meantime.

Steve will also send recurring invites for the regular legal team meetings on 
the  2nd and 4th Thursdays of the month, starting Jan 26th at our usual time.

Thanks and Happy Holidays to all!

Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3289): https://lists.spdx.org/g/Spdx-legal/message/3289
Mute This Topic: https://lists.spdx.org/mt/95604437/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Mismatches between OSI and SPDX

[J Lovejoy]

Max,

All of what you have done here was already done years ago (~2011, mostly 
by me, working with various OSI members at that time) in terms of 
"matching" up the OSI list and is documented on the SPDX-legal mailing 
lists archives. I wish you had asked first before expending this effort!


I will respond in length in detail to your list and larger questions 
later or Monday :)


Thanks,
Jilayne
SPDX-legal co-lead

On 12/9/22 2:19 AM, Max Mehl wrote:


Dear all,

In my organisation, we define all licenses approved by OSI as valid 
Open Source licenses. However, we also increasingly rely on SPDX and 
therefore also its license list.


Recently, we found several mismatches between OSI’s list of approved 
licenses [1] and the licenses marked as OSI-approved in SPDX’s list [2].


Certainly, some of these issues are on OSI’s side (e.g., misleading 
links or wrong SPDX identifiers). But most mismatches are from 
licenses on SPDX’s list that cannot be found on the OSI website.


I documented my findings for all issues in this gist:

https://gist.github.com/mxmehl/1e7a3aed4ff14a8ddfd4aff8ab4de552

Now, I am sure I’m not the first who notices this. Is this a known 
problem?


Is the OSI website incomplete and/or SPDX list incorrect? What can we 
do to better align both sources?


Thanks for any insights.

Best,

Max

[1]: https://opensource.org/licenses/alphabetical 



[2]: 
https://github.com/spdx/license-list-data/blob/v3.19/json/licenses.json 



--

*Max Mehl*

Open Source Strategy & Governance

Enterprise-Team Chief Technology Office (CTO), T.IP E-T-378

DB Systel GmbH

Jürgen-Ponto-Platz 1, 60329 Frankfurt/M




Pflichtangaben anzeigen 



Nähere Informationen zur Datenverarbeitung im DB-Konzern finden Sie 
hier: https://www.deutschebahn.com/de/konzern/datenschutz





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3286): https://lists.spdx.org/g/Spdx-legal/message/3286
Mute This Topic: https://lists.spdx.org/mt/95557207/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

meeting tomorrow/Thursday

[J Lovejoy]

Hi all,

Just a reminder of our regular legal team meeting at 9am Pacific time.

We'll look at some of the open issues and discuss how to best tackle the 
many new license submissions we have!


See: 
https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label%3A%22new+license%2Fexception+request%22


We also need to address the Change Proposal re: "ExceptionRef" - see 
https://github.com/spdx/change-proposal/blob/main/proposals/ExceptionRef.md 
and discussion at https://github.com/spdx/change-proposal/issues/4


However, given that I am only getting this reminder out now and we 
should have more notice to people for cross-team awareness, please 
consider if our final meeting of the year on Dec 22nd would be a good 
time to discuss, if we should schedule a different time before the end 
of the year, or if we should put this on hold until January?


Thanks,
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3284): https://lists.spdx.org/g/Spdx-legal/message/3284
Mute This Topic: https://lists.spdx.org/mt/95532622/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: standardizing opt-out of EU data mining rights?

[J Lovejoy]

On 11/15/22 12:34 PM, Luis Villa wrote:
Thanks for the links, Richard. I'll try to follow up there though of 
course welcome further discussion here as well.




On Thu, Nov 10, 2022 at 5:06 PM Richard Fontana  
wrote:


On Thu, Nov 10, 2022 at 3:01 PM Luis Villa  wrote:
[...]

> (1) Would SPDX be an appropriate mechanism for representing that
opt-out clause in a machine-readable way, eg via a short
identifier + WITH?
>
> (2) This would be, to the best of my knowledge, the first
proposed Exception that removes permissions[3] rather than
granting new permissions. Would that be acceptable to SPDX? Would
that break any implicit or explicit expectations of the
specifications or tooling?

Recent exchange that is possibly slightly related to those questions:
https://github.com/spdx/change-proposal/issues/4#issuecomment-1283004681
https://github.com/spdx/change-proposal/issues/4#issuecomment-1304842184

JL: to be clear, this proposal is about an improved way to capture 
"exceptions" that are NOT on the SPDX License List, so relevant to the 
extent that such a hypothetical additional clause would not end up being 
eligible for inclusion on the SPDX License List, you could still 
represent it with an SPDX conformant license expression


Basically, I believe SPDX has locked itself into a model of what an
"exception" is that is based on normative FSF doctrine built up around
FSF-authorized GPL exceptions, but which does not fully reflect how
standardized license terms actually get supplemented by other terms in
the real world with the GPL and other FOSS licenses (in some cases by
removing permissions, and in some cases where it is not actually clear
whether permissions are being removed). I think this is inconsistent
with SPDX's professed mission of focusing on "just the facts". 

JL: I don't think it's inconsistent with this, but it is consistent with 
the prior standing license inclusion guidelines - see previous email



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3283): https://lists.spdx.org/g/Spdx-legal/message/3283
Mute This Topic: https://lists.spdx.org/mt/94944281/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: standardizing opt-out of EU data mining rights?

[J Lovejoy]

Hi Luis,

While I'm barely getting my head around the many complications related 
to the reality of AI models and data, let alone the related licensing 
issues...


Let me try to answer some of your questions below as to the SPDX License 
List and process :)


Cheers,
Jilayne

On 11/10/22 12:58 PM, Luis Villa wrote:

Hi, all-

[Starting here, though I realize SPDX cannot be a complete answer to 
this problem. Also /not /on spdx-ai because it isn't about AI 
models/data, but happy to move discussion or cc if that makes sense.]


As you all have probably seen, one area of interesting research in 
machine learning right now is training models on source code in order 
to generate more source code. Whether or not this is legal in the US 
is somewhat unclear, but in the EU there appears to be more clarity: 
data mining is legal, but a licensor can opt /out/.[1]


The W3C has done some work on how to implement this opt out in the 
digital space[2] but as you would imagine it is optimized for the web 
environment, not source code. So there is, as of yet, no standardized 
way for source code authors to express their desire to opt-out of data 
mining, as is their right under EU law.


So, some questions/thinking out loud about what role SPDX might play 
in such an opt-out scheme.


Presume, for purposes of discussion, that someone else writes a 
standardized data mining opt-out clause, tailored for use with open 
source software, that a developer could attempt to apply to their 
project.
JL: so you are thinking of a clause that would not be a stand-alone 
license, but made to be used with existing open source licenses? 
(assuming that is correct...)


(1) Would SPDX be an appropriate mechanism for representing that 
opt-out clause in a machine-readable way, eg via a short identifier + 
WITH?
JL: it could, potentially, be treated as an "exception" (that is, as 
described on the SPDX License List exceptions page: "exceptions grant an 
exception to a license condition or additional permissions beyond those 
granted in a license; they are not stand-alone licenses.") - which would 
mean, submit like usual, review by SPDX-legal, if accepted under the 
SPDX inclusion guidelines, then it would get assigned an SPDX id and 
could be used by way of an SPDX license expression using the operator, WITH


(2) This would be, to the best of my knowledge, the first proposed 
Exception that /removes /permissions[3] rather than granting 
new//permissions. Would that be acceptable to SPDX? Would that break 
any implicit or explicit expectations of the specifications or tooling?
JL: it probably would be. This is because the long-standing license 
inclusion guidelines more-or-less followed the OSD, so we would not 
accept further restrictions. Since the license inclusion guidelines were 
updated and loosened a bit a couple years ago, we have not explicitly 
discussed a revised policy as to exception.


(3) Because this is a restriction for a specific use case it might not 
be OSD-compliant, or might not be GPLv2-compliant. Without trying to 
/answer/ here whether it is OSD-compliant, what requirements would 
SPDX want to see met? Would OSI review/approval be necessary? "Mere" 
deployment/usage in the wild? Other?
JL: well, see above, and the factors in the license inclusion guidelines 
would still apply


This is not a purely hypothetical question, for what it is worth - 
people in the AI community (specifically, part of the BigCode 
project[3]) are actively trying to figure this out right now, and I'd 
like to be able to build a bridge there if this group thinks it would 
be appropriate.


Thanks-
Luis

[1] some more details: 
https://felixreda.eu/2021/07/github-copilot-is-not-infringing-your-copyright/ 


[2] https://www.w3.org/community/tdmrep/
[3] https://www.bigcode-project.org





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3282): https://lists.spdx.org/g/Spdx-legal/message/3282
Mute This Topic: https://lists.spdx.org/mt/94944281/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: licenses to review for submission

[J Lovejoy]

Hi all,

As per our license review protocol, we need 3 SPDX-legal team members to 
agree to add a license (not counting the submitter). Can we get more 
people to weigh in on these:


https://github.com/spdx/license-list-XML/issues/1608
https://github.com/spdx/license-list-XML/issues/1652

these need 1 more person to weigh in:
https://github.com/spdx/license-list-XML/issues/1614
https://github.com/spdx/license-list-XML/issues/1612
https://github.com/spdx/license-list-XML/issues/1611
https://github.com/spdx/license-list-XML/issues/1606
https://github.com/spdx/license-list-XML/issues/1550 (analysis done for 
this one and is similar to #1551, so view together)

https://github.com/spdx/license-list-XML/issues/1551

Thanks!
Jilayne

On 11/15/22 3:51 PM, J Lovejoy wrote:

Hi all,

In light of our discussion on our last call about how to make it easier and 
faster to get licenses reviewed (and adhere to our 3 “votes” from spdx-legal 
members for a license to be included), I’m sending a list of license submission 
issues that have at least one person reviewed below - please have a look and 
add your thoughts!

https://github.com/spdx/license-list-XML/issues/1706  
https://github.com/spdx/license-list-XML/issues/1614

https://github.com/spdx/license-list-XML/issues/1612
https://github.com/spdx/license-list-XML/issues/1611
https://github.com/spdx/license-list-XML/issues/1606
https://github.com/spdx/license-list-XML/issues/1550  (analysis done for this 
one and is similar to #1551, so view together)
https://github.com/spdx/license-list-XML/issues/1551


Note - not all of these used the license submission template. Relatedly, I used 
the new version of that on a couple and although the check boxes are an 
improvement, I still find it a bit clunky and slow. I am not sure if this is a 
biased view b/c I have so much historical knowledge, but I do think some of the 
factors are sort of “n/a” in some cases and you know that from the initial 
submission. That being said, I’m not sure I have any good ideas as to how to 
make it shorter or faster… yet….

Thanks!
Jilayne







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3279): https://lists.spdx.org/g/Spdx-legal/message/3279
Mute This Topic: https://lists.spdx.org/mt/95055362/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

licenses to review for submission

[J Lovejoy]

Hi all,

In light of our discussion on our last call about how to make it easier and 
faster to get licenses reviewed (and adhere to our 3 “votes” from spdx-legal 
members for a license to be included), I’m sending a list of license submission 
issues that have at least one person reviewed below - please have a look and 
add your thoughts!

https://github.com/spdx/license-list-XML/issues/1706 
https://github.com/spdx/license-list-XML/issues/1614
https://github.com/spdx/license-list-XML/issues/1612
https://github.com/spdx/license-list-XML/issues/1611
https://github.com/spdx/license-list-XML/issues/1606
https://github.com/spdx/license-list-XML/issues/1550 (analysis done for this 
one and is similar to #1551, so view together)
https://github.com/spdx/license-list-XML/issues/1551


Note - not all of these used the license submission template. Relatedly, I used 
the new version of that on a couple and although the check boxes are an 
improvement, I still find it a bit clunky and slow. I am not sure if this is a 
biased view b/c I have so much historical knowledge, but I do think some of the 
factors are sort of “n/a” in some cases and you know that from the initial 
submission. That being said, I’m not sure I have any good ideas as to how to 
make it shorter or faster… yet….

Thanks!
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3276): https://lists.spdx.org/g/Spdx-legal/message/3276
Mute This Topic: https://lists.spdx.org/mt/95055362/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

meeting on Thursday

[J Lovejoy]

Hi all,

We have our regular meeting Thursday at noon Eastern time. The US set back the 
clocks this past weekend, so we should be back to the usual time intervals.

As we move into the next release cycle, we have 32 new license requests 
earmarked for 3.20 - see 
https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+milestone%3A3.20+label%3A%22new+license%2Fexception+request%22

I think it’d be good to discuss ideas on any streamlining of both the review of 
the licenses; and the creation of the XML and TXT files for those accepted!

Thanks,
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3270): https://lists.spdx.org/g/Spdx-legal/message/3270
Mute This Topic: https://lists.spdx.org/mt/94930924/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

FAQs update

[J Lovejoy]

Hi all,

I deviated slightly from the plan as discussed at our last call regarding 
updating the FAQs. I went ahead and made a PR here: 
https://github.com/spdx/license-list-XML/pull/1692 as working in the Google doc 
was getting a bit unwieldy.

Steve - can you merge that so people can then iterate there? Feel free to add 
comments or additional PRs to that content via Github. 

I have kept FAQs that are not in the pull request in the Google doc here: 
https://docs.google.com/document/d/1VhqW3WgG0T2rDdPP-7lx9VbLVU3RAykOy9ZjZOS664I/edit
 for questions that still need an answer or need further editing. Feel free to 
contribute there in terms of answering or adding more questions.


Thanks!
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3269): https://lists.spdx.org/g/Spdx-legal/message/3269
Mute This Topic: https://lists.spdx.org/mt/94697272/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

call at top of the hour

[J Lovejoy]

Hi folks,

We have a regular SPDX-legal call at the top of the hour (noon, Eastern 
time) at https://meet.jit.si/SPDXLegalMeeting


We'll have a look at whatever needs attention to close out our 
"documentation release" - some items that we need to address include:
- updates to the SPDX License Submission online tool. I have a PR for 
this and Gary is helping me with testing on Friday, but I wanted to 
check that I have all the changes and would like feedback on one 
additional thing
- FAQs - plan for getting all the new changes into a PR, I also noted a 
formatting item that I wanted to share with the group!
- any further feedback on Steve's PR to Add documentation on XML 
templates and fields #1677

- review of what's left on our "list" for Documentation tasks

Also note, Alexios submitted a Change Proposal for adding 
"ExceptionRef-" to the spec. You can review the Change Proposal itself 
here: 
https://github.com/spdx/change-proposal/blob/main/proposals/ExceptionRef.md 
and comment here: https://github.com/spdx/change-proposal/issues/4
While we won't have time to discuss this on today's call, please do 
comment and we will consider if a wider discussion would be appropriate 
on the next legal team call.


Thanks!
Jilayne


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3262): https://lists.spdx.org/g/Spdx-legal/message/3262
Mute This Topic: https://lists.spdx.org/mt/94606688/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: Introduction + question about CC0/confidentiality in SPDX 2.2

[J Lovejoy]

Hi Anna,

Welcome!

You have interpreted the CC0-1.0 designation and comment regarding 
confidentiality correctly. (Note, it is now section 6.2 in version 2.3 
of the spec: 
https://spdx.github.io/spdx-spec/v2.3/document-creation-information/ )


There was much discussion on this in the very, very early days of SPDX 
which probably can be found in early email archives or meeting minutes. 
I haven't dug around, but from my memory of those discussion: The vision 
of SPDX is "to reduce redundant work by providing common formats for 
organizations and communities to share important data, thereby 
streamlining and improving compliance, security, and dependability." 
This was born out of the reality of various entities asking for and 
passing around software bill of materials information in different 
format, often not sharing that information upstream or downstream. The 
ultimate ideal scenario would be if SPDX documents accompanied software 
throughout the supply chain. It was important that the standard be open, 
but also that people could not create an SPDX document and then assert 
some rights or control upon that information. Thus, CC0-1.0 and the 
accompanying explanation was chosen to alleviate that concern and signal 
the desire of an open exchange of this information. At the same time, we 
wanted to recognize the reality that some entities may feel that the 
information contained in an SPDX document could expose confidential 
information and thus may not want everything to be openly available.


Not sure if there's something to discuss here, but happy to have you 
join any and all of the SPDX legal calls!


Cheers,
Jilayne

On 10/26/22 8:26 AM, Haipola, Anna (Nokia - FI/Espoo) wrote:


Hi all,

I have recently joined the SPDX legal mailing list and wanted to give 
a short introduction. My name is Anna Haipola and I am a Legal Counsel 
supporting the Open Source Program Office at Nokia. I am based in 
Espoo, Finland. I attended my first external event related to open 
source software last week at the OSPOlogy.live workshop in Stockholm, 
and it was truly inspiring to meet professionals working with the same 
topics in other organizations. I look forward to more collaboration.


The reason why I wanted to get in touch with the SPDX legal team was 
that I had a question related to the section 2.2.2 of the SPDX 
Specification (version 2.2). SPDX-Metadata is subject to the terms of 
the Creative Commons CC0 1.0 Universal license. Section 2.2.2 further 
states: “This approach


avoids intellectual property and related restrictions over the SPDX 
file, however individuals can still contract with each other to 
restrict release of specific collections of SPDX files (which map to 
software bill of materials) and the identification of the supplier of 
SPDX files.”


I was unsure whether this meant that even though the data related to 
the SPDX fields can be distributed freely under CC0, collections of 
SPDX files could be protected under confidentiality clauses agreed 
upon between the SPDX document creator and the recipient. I would be 
happy to discuss this matter in one of the upcoming Legal Team 
meetings. I will be joining tomorrow’s meeting, so happy to provide 
some more details on this proposed agenda item there if there is time.


Looking forward to meeting you tomorrow.

Kind regards,
Anna Haipola



*Anna Haipola*
Legal Counsel, TECH Legal
Nokia Technologies Oy
Nokia
At Nokia, we create technology that helps the world act together

CONFIDENTIALITY NOTICE

This e-mail and any attachments hereto may contain information that is 
privileged or confidential,
and is intended for use only by the individual or entity to which it 
is addressed. Any disclosure, copying or distribution
of the information by anyone else is strictly prohibited. If you have 
received this document in error, please notify us

promptly by responding to this e-mail. Thank you.

Please consider the environment before printing this e-mail.





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3261): https://lists.spdx.org/g/Spdx-legal/message/3261
Mute This Topic: https://lists.spdx.org/mt/94582761/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Change Proposal: ExceptionRef-

[J Lovejoy]

Please see our first Change Proposal submission from Alexios here: 
https://github.com/spdx/change-proposal/blob/main/proposals/ExceptionRef.md 


This is a cross-team issue for tech and legal teams.

Please indicate your vote for moving this forward or not in the issue here: 
https://github.com/spdx/change-proposal/issues/4 


Thanks!
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3258): https://lists.spdx.org/g/Spdx-legal/message/3258
Mute This Topic: https://lists.spdx.org/mt/94417534/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

FAQs updates

[J Lovejoy]

Hi All,

As per our discussion about collaboratively updating the License List FAQ, I 
created this Google doc, so multiple people can make changes/additions at the 
same time and review before we move this to a PR in Github.  Please try to 
use/retain the markup formatting :)

https://docs.google.com/document/d/1VhqW3WgG0T2rDdPP-7lx9VbLVU3RAykOy9ZjZOS664I/edit
 

 

Thanks,
Jilayne

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3257): https://lists.spdx.org/g/Spdx-legal/message/3257
Mute This Topic: https://lists.spdx.org/mt/94309263/21656
Group Owner: spdx-legal+ow...@lists.spdx.org
Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-