I understand the need to keep it simple for the sake of adoption. However, if it is too simple we run the risk of mega-tagging doing more damage than good. If one is concerned about pursuing Strong Compliance (where one tries, within reason, to honor the license wishes of all applicable copyright holders of a distributed program) then: 1. A simple SPDX License Identifier is not sufficient. 2. License text is required for a variety of licenses (including but not limited to BSD, MIT, Apache, and many custom licenses)
I understand many organizations today still pursue Weak Compliance (selectively honoring only certain copyright holders and/or licenses that cover a program) but this trend is changing. Just five years ago very few companies produced third party notice files (an artifact of strong compliance). Today the requests I receive from our customers with respect to supporting strong compliance has quadrupled in 2013 compared to three years ago. Many of us are well aware of the comprehensive legal notices found on our iphones and Android devices today. SPDX needs to support both weak and strong compliance therefore meta-tagging should encourage the capture of as much compliance relevant information as possible. I will present a number of examples in my next email to better illustrate the point. - Mark Mark Gisi | Wind River | Senior Intellectual Property Manager Tel (510) 749-2016 | Fax (510) 749-4552 -----Original Message----- From: spdx-legal-boun...@lists.spdx.org [mailto:spdx-legal-boun...@lists.spdx.org] On Behalf Of Philip Odence Sent: Friday, October 04, 2013 6:08 AM To: d...@uvic.ca; Wheeler, David A Cc: spdx-tech@lists.spdx.org; SPDX-biz; SPDX-legal Subject: Re: meta-tag page LICENSE ID I think I'm on the same page as Daniel. From "SPDX-License-Identifier: MIT" someone ignorant of SPDX can infer/guess at the meaning, but you can imagine one liners (like Bradley's suggestion "License: spdx-license=IDENTIFIER") that would be more explicit from a human perspective and equally easy for a machine to recognize. On the GENIVI Alliance License Review list, there's been some discussion about the SPDX license tag (at my prompting). It led to a comparison with the DEP5 format which is different, in addition to a slight difference in the short names. (for the most part they are compatible but they don't like decimal places in short names (eg they go with GPL-2 rather than GPL-2.0). Thoughts on if/how to resolve with DEP5? It seems like a legit concern from GENIVI...what are they to do, faced with two ways of expressing the same thing? LICENSE TEXT IN FILE SPDX-License-Identifier: It seems to me we should be somewhere between agnostic and encouraging, although our main focus is on getting the meta-tag in there whether or no the copyright holder chooses to include license text. CHANGING THE LICENSE LIST It should, like amending the constitution be rare, but possible. To me the most important thing (even with list versioning) that identifier A0 only point to a unique page B0. It would be OK to change A0 to A1 and and have A1 also point to B0, but it would not be OK for A0 to point to B0 and B1. I hope this makes sense. PROCESS Lastly...everyone OK with this being on all 3 team lists. It does cut across, but I don't want people to feel spammed. (I would not be in favor of doing this on the GENERAL MEETING list; as we have always positioned that list as having light traffic and suitable for folks with only casual interest) On 10/3/13 10:49 PM, "D M German" <d...@uvic.ca> wrote: > > Wheeler, David A twisted the bytes to say: > > > David> From a programmer's perspective I think the "cryptic" approach > David> is >FAR > David> superior. There are lots of tools that can quickly examine > David> files >and > David> return text with the pattern "SPDX-License-Identifier: ", and >other > David> tools that can trivially process the stuff after it. The above > David> alternative is more work to process, and humans don't like >unnecessary > David> work :-). > > David> If you want more boilerplate with the goal of enforceability, > David> you might try a format that's trivial to process, e.g.: > > David> SPDX-License-Notice: This file is licensed under the following >license(s): > David> SPDX-License-Identifier: MIT > David> SPDX-License-More-Information: http://wiki.spdx.org/ > >I like this idea. > >My point is not about being cryptic or not, but being able to convey >what the intention is to people who don't know anything about SPDX. >There needs to be a way that if somebody opens the file, they know that >that SPDX-License-Identifier means, and that it is an intention to >license the file under that license. > >Now regarding the immutability of the SPDX license list, one way to >deal with it is to version the list, but then the version of the list >would have to be included in the file that is referring to the license. > >--dmg > > > >-- >Daniel M. German "A coin symbolizes our free will" > El Zahír, Jorge Luis Borges >http://turingmachine.org/ http://silvernegative.com/ dmg (at) uvic >(dot) ca replace (at) with @ and (dot) with . > > >_______________________________________________ >Spdx-biz mailing list >spdx-...@lists.spdx.org >https://lists.spdx.org/mailman/listinfo/spdx-biz _______________________________________________ Spdx-legal mailing list spdx-le...@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal _______________________________________________ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
