In 2016 we explored how the benefits of the Blockchain could be leveraged to
assist with open source compliance across a complex manufacturing supply chain
[1]. Our interest was sparked after witnessing a group of customers struggling
to coordinate/consolidate open source compliance artifacts
r these various reasons Keyring deserved a failing License Coverage grade.
- Mark
-Original Message-
From: Philippe Ombredanne [mailto:pombreda...@nexb.com]
Sent: Monday, February 20, 2017 2:24 AM
To: spdx-tech@lists.spdx.org
Cc: Gisi, Mark; Schuberth, Sebastian; Paul She
, Open Source & Software Assurance
Tel (510) 749-2016 | Fax (510) 749-4552
-Original Message-
From: m...@juniper.net [mailto:m...@juniper.net]
Sent: Saturday, December 24, 2016 7:57 PM
To: brad.edmond...@gmail.com
Cc: Gisi, Mark; spdx-tech@lists.spdx.org; SPDX-legal
Subject: Re: Net-SNMP license
http://net-snmp.sourceforge.net/about/license.html is not a license but a
license notice file. License expressions were initially designed to represent
the licensing of a single file whether it be a source file or a binary library
or program. They each represent a complete atomic integrated
Hi Jeremiah,
Glad to see a growing interest in HyperLegder. At Wind River we have been
exploring how a Hyperledger based project could facilitate in the sharing of
compliance artifacts among our customers for the past several months. Our
current thinking has been motivated by recent customers
clarification: The argument was that the replacement of a license header
in a source file by some abbreviation (an ID tag) is not just a formal
change of the textual representation of the license information,
but a might be considered a change to the actual license terms.
As a general rule
into the file header such that all stakeholders benefit (or at least no
one stakeholder loses). Most importantly - the Open Source Movement
collectively.
- Mark
From: Meier, Roger [mailto:r.me...@siemens.com]
Sent: Tuesday, June 09, 2015 2:44 AM
To: Henri Yandell; Gisi, Mark
Cc: spdx-tech
Hi Philippe,
The difference is that an identifier is defined as starting with a letter or
digit and this is specified for refs, id and an exception ids.
Are you suggesting the current proposed grammar does not sufficiently
represent the lexical definition of what a license-id, license-ref
I agree. Let’s discuss it when we meet on Friday.
- Mark
From: kate.stew...@att.net [mailto:kate.stew...@att.net]
Sent: Tuesday, April 14, 2015 10:21 AM
To: Gisi, Mark; spdx-tech@lists.spdx.org
Subject: Network connection dropping
Sorry.
Looks like network connections is jumping in/out
Here is the ABNF for license expressions.
- Mark
license-id = short form license identifier in
Appendix I
license-exception-id = short form license exception identifier in
Appendix I
idstring = 1*(ALPHA / DIGIT
Gary,
Sameer and I discussed it. We believe the LicenseInfoInFiles field would best
be represented as a list of license expression expressions and therefore we
agree with your recommendation.
Best,
- Mark
From: spdx-tech-boun...@lists.spdx.org
[mailto:spdx-tech-boun...@lists.spdx.org] On
Thank you Gary. We can discuss the + operator feedback at the next legal
working group meeting.
- Mark
From: Gary O'Neall [mailto:g...@sourceauditor.com]
Sent: Monday, August 25, 2014 10:02 AM
To: Gisi, Mark; 'SPDX-legal'; spdx-tech@lists.spdx.org
Cc: kate.stew...@att.net
Subject: RE: SPDX 2.0
Hi Matt,
We are working on creation of SPDX docs from parallel scans by FOSSology and
Ninka. One of the things that we would like
to do is identify which scanner identified which license at the file level.
And we would like to mark if the licenses were
the identified by one, both, or if
AM
To: spdx-tech@lists.spdx.org
Subject: RE: SPDX meta-tag for implicit license terms (Gisi, Mark)
Hi Mark,
I understand why software developers want to Inherit from the package
license. It's a short cut to avoid having to include a license notice
in every file. However, there are many short
Instead, they rely on the fact that they inherit the global, project-wide
license as defined in the top
level README and COPYING files.
Although a global license file is a commonly used approach, I would categorize
it as a bad practice from a license compliance perspective. It is analogous
the long list of SPDX ids AND the composite text.
On lundi 28 octobre 2013 23:23 Gisi, Mark [mailto:mark.g...@windriver.com]
wrote:
All in all, Boolean expressions provide an effective way to describe
licensing of programs, libraries and source files (linkable distributable
components
In the last SPDX Legal meeting we discussed whether the current SPDX license
representation syntax is sufficient to represent the licensing terms of most
files (e.g., source, library and binary programs). For example, is the
combination of the SPDX license list + current binary operands (AND
I understand the need to keep it simple for the sake of adoption. However, if
it is too simple we run the risk of mega-tagging doing more damage than good.
If one is concerned about pursuing Strong Compliance (where one tries, within
reason, to honor the license wishes of all applicable
18 matches
Mail list logo
