I would agree with Oliver's point, as well as Kate's - that we should be consistent with what is already defined in the standard. Oliver has concisely summarized the information you would expect to find in the SPDX document for the file level information for a file that has no license info in it - that is, as Kate also pointed out, the LicenseInfoInFile would be NONE or NOASSERTION and then the Concluded License field would be used to declare the license based upon extrinsic (e.g. directly level license) information.
The question here seems to be a matter of order: can the fields of the spec also be used for meta-tagging preemptively? And if so, would such information then be dumped into the SPDX file for the project. Or the other way around, could information from an SPDX file for an entire project be used to generate file-level meta-tags? While I completely agree with Mark that file-level licensing information is the way to go ultimately, the concept of someone determining the license for unmarked files and then inserting some license information seems to be treading in potentially dangerous water - if someone is incredibly diligent in this process, it could be incredibly helpful; but if they are sloppy in even the slightest bit (perhaps, unknowingly so), then you have license information that is wrong. It might be safer to just leave this info, that is, the concluded license for files with no explicit license info, in the SPDX document that will go with the package (and its files) and leave the preemptive meta-tagging to project/file authors. If someone really wanted to, I suppose they could generate the tags from the SPDX document as suggested below, but then that seems a bit like replacing or duplicating some of the SPDX file… just my off-the-top of my head (and late) thoughts on the matter… (which I reserve the right to alter upon further discussion) Jilayne SPDX Legal Team lead lovejoyl...@gmail.com On Dec 10, 2013, at 4:45 AM, "Fendt, Oliver" <oliver.fe...@siemens.com> wrote: > Hi, > > As far as I under stood the standard one would express this kind of > association (file without license information - is assumed to be licensed > under the "conluded" license of the package) with the following elements on > file level: > LicenseInfoInFile: NONE > License concluded: SPDX Identifier of the "concluded" license of the package > > Would it be possible to transfer the information from the SDPX file to the > package. Meaning that those files will receive (or better to say: these files > will be modified with) the Strings: > LicenseInfoInFile: NONE > License concluded: SPDX Identifier of the "concluded" license of the package > > This is just a suggestion > > Best Regards > Oliver Fendt > > Siemens AG > Corporate Technology > Corporate Standards & Guidance > CT CSG SWI OSS > Otto-Hahn-Ring 6 > 81739 München, Deutschland > Tel: +49 89 636-46033 > mailto:oliver.fe...@siemens.com > > > -----Ursprüngliche Nachricht----- > Von: spdx-tech-boun...@lists.spdx.org > [mailto:spdx-tech-boun...@lists.spdx.org] Im Auftrag von Wolfgang Denk > Gesendet: Dienstag, 10. Dezember 2013 11:10 > An: spdx-t...@lists.spdx.org; spdx-legal@lists.spdx.org > Betreff: SPDX meta-tag for implicit license terms > > Hello, > > after converting the U-Boot project to use SPDX meta-tags, we now started > working on another Open Source project; here we face a somewhat different > situation: a large number of the individual source files do not contain any > per-file license header at all. Instead, they rerely on the fact that they > inherit the global, project-wide license as defined in the top level README > and COPYING files. > > My understanding is that this is technically and legally clean as is. > > However, I see a handling problem here: the conversion of the project to use > SPDX meta-tags will probably be an incremental process, and there will be > some period of time (eventually even a long one) where still files exist that > have not been converted yet. > > I would like to define a way to mark such files where implicit licensing > applies, so that we do not have to check these again and again. > > Of course we could insert a license tag corresponding to the actual > project-wide license, but such a modification is considered intrusive by some > of affected people. > > I think it would be better (and easier acceptable by the respective copyright > holders) to have some "neutral" SPDX meta-tag that reflects the fact that > this file inherits the project's global license terms. > > Would such a meta-tag be acceptable to the SPDX team? > > I'm still looking for a good "name" for such a tag; suggestions we have so > far include: > > SPDX-License-Identifier: implicit > > SPDX-License-Identifier: inherit > > SPDX-License-Identifier: none > > SPDX-License-Identifier: - > > Suggestions and comments welcome... > > Best regards, > > Wolfgang Denk > > -- > DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de There > is a time in the tides of men, Which, taken at its flood, leads > on to success. On the other hand, don't count on it. - T. K. Lawson > _______________________________________________ > Spdx-tech mailing list > spdx-t...@lists.spdx.org > https://lists.spdx.org/mailman/listinfo/spdx-tech > _______________________________________________ > Spdx-legal mailing list > Spdx-legal@lists.spdx.org > https://lists.spdx.org/mailman/listinfo/spdx-legal _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
