Re: [spdx-tech] SPDX short-form IDs site

2018-04-12 Thread W. Trevor King 
On Thu, Apr 12, 2018 at 08:14:30PM -0700, Bradley M. Kuhn wrote:
> I suggest modifying the tutorial at https://spdx.org/ids to address
> the issue head-on, with perhaps a explanation on why you would carry
> license information in individual files at all.  The *only* reason
> it's useful to do so is in case the file gets separated from its
> larger work.

This point is already addressed in [1] with:

  SPDX IDs make code reuse easier.

  If your project only has license info in a top-level LICENSE.txt
  file, it's harder for others to reuse your code. They may not know
  what license applies once the file leaves your repo.

  An SPDX ID is located within each source code or documentation file,
  and follows that file into downstream projects, making license
  compliance easier.

I think that covers your point fairly clearly.  Perhaps it could be
raised into a more prominent position?

Looking over the landing page again [2], I feel like the
question-words distinctions are not as clear as I initially felt.  For
example, a very similar idea is covered by WHAT's “Needs only one new
comment line per file” and HOW's “In each file in your project, just
add a single line…”.  And WHAT's “Human-readable and machine readable”
also shows up as a section in the why-detail page [1].

Perhaps we should drop the WHAT block, put all the motivation in WHY,
and leave the implementation details to HOW.  The consolidated WHY
could have reasons like:

  WHY use SPDX IDs?

  Easily declare licensing for each source file, even when the file
  appears out of context.  Declarations are compact, precise, and
  machine- and human-readable.

  Read more about why to use SPDX identifiers

The two-sentence paragraph would also fit the pattern used by the
existing HOW and WHERE entries, replacing the list-like current WHAT
and WHY entries.

Cheers,
Trevor

[1]: https://spdx.org/ids-why
[2]: https://spdx.org/ids

-- 
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


signature.asc
Description: OpenPGP digital signature
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-12 Thread Bradley M. Kuhn 

My concern about https://spdx.org/ids is that its current drafting helps to
perpetuate the fiction that licenses apply primarily to individual "files", not
works, as if files on a filesystem have some real connection with
copyrightability, boundries in copyright, and/or how licenses apply to works.

While the distinction might not matter in some cases, giving developers
the impression that licensing is primarily a file-based phenomena serves to
exacerbate commonly held confusions about how copyright licensing works.

I suggest modifying the tutorial at https://spdx.org/ids to address the issue
head-on, with perhaps a explanation on why you would carry license
information in individual files at all.  The *only* reason it's useful to do
so is in case the file gets separated from its larger work.  I'd suggest
something like this:

   WHY
put license information in every file?


Ultimately, licenses apply to copyrighted works, and a single work is
usually comprised lots of different files.  However, because it's easy to
bring a file from one work into another -- you don't even have to cut and
paste, you just type "cp file1 /a/new/directory" -- it's really important
to carry the license information in each file of your project as well as
at the top level.  The toplevel is the place for detailed information,
and SPDX identifiers are short and easy to carry the information in every
file, and you assure that your project's licensing decisions are not
easily missed.

--
Bradley M. Kuhn

Pls. support of the charity where I work, Software Freedom Conservancy:
https://sfconservancy.org/supporter/
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread W. Trevor King 
On Wed, Apr 11, 2018 at 09:52:39PM +, Wheeler, David A wrote:
> W. Trevor King:
> > I think that would be clearer if, instead of scoping this as “SPDX
> > IDs”, you scoped it as “SPDX License Expression Comments” or some
> > such.
>
> Agreed.  Perhaps call these "SPDX license comments" - since that's
> what they are?

That works for me.

> > Along those lines, I wish the comment tag had been
> > SPDX-License-Expression, but it's too late to adjust that now ;).
>
> I disagree, you could still adjust that over time.

I've spun this out into [1] to avoid getting off-topic here.

[1]: https://github.com/spdx/spdx-spec/issues/82

Cheers,
Trevor

-- 
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


signature.asc
Description: OpenPGP digital signature
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread Wheeler, David A 
W. Trevor King:
> I think that would be clearer if, instead of scoping this as “SPDX IDs”, you
> scoped it as “SPDX License Expression Comments” or some such.

Agreed.  Perhaps call these "SPDX license comments" - since that's what they 
are?

> Along those lines, I wish the comment tag had been
> SPDX-License-Expression, but it's too late to adjust that now ;).

I disagree, you could still adjust that over time.
A future version of SPDX could ask tools to support both
"SPDX-License-Identifier" and "SPDX-License-Expression",
and then recommend using "SPDX-License-Expression".
You can change a lot, as long as you give people time & a reasonable process
to do the transition.  I think it'd be a good idea, but it'd need to be over
*time* - since currently we're all using "SPDX-License-Identifier".

--- David A. Wheeler
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread W. Trevor King 
On Wed, Apr 11, 2018 at 02:59:20PM -0600, Jilayne Lovejoy wrote:
> No problem, Steve. I think this all looks great, but we definitely
> need to be consistent. The advice we came up with in Appendix V was
> pretty well vetted, so I think that’s safe to stay within those
> boundaries.
>
> Along the same lines: this suggestion should NOT be added: “The MIT
> and BSD-1-Clause are examples of license headrs that would not allow
> this removal.”

Yeah, we don't need to talk about that at all if the mini-site pivots
to the appendix V both/and approach.  If we do that, should we update
[1] to link examples using that approach?  Currently neither of the
two directly-linked examples includes the header boilerplate [2,3].

Also on the markup nits front, we may want to use U+2011 NON-BREAKING
HYPHEN (and possibly include a font that supports it) to avoid breaks
like:

  // SPDX-License-
  Identifier: GPL-2.0-
  or-later

on narrow screens.  With U+2011 in the license ID (but not the tag),
you'd get:

  // SPDX-License-
  Identifier:
  GPL-2.0-or-later

which I think is easier to read.

Cheers,
Trevor

[1]: https://spdx.org/ids-where
[2]: http://git.denx.de/?p=u-boot.git;a=blob_plain;f=README;hb=HEAD
[3]: https://github.com/zephyrproject-rtos/zephyr/blob/master/zephyr-env.sh

-- 
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


signature.asc
Description: OpenPGP digital signature
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread gary 
Way cool 

 

Looks great.

 

Gary

 

From: spdx-tech-boun...@lists.spdx.org  On 
Behalf Of Steve Winslow
Sent: Wednesday, April 11, 2018 1:57 PM
To: spdx-tech@lists.spdx.org
Cc: Jilayne Lovejoy 
Subject: [spdx-tech] SPDX short-form IDs site

 

Hello all,

I've been working on a few pages on the SPDX website on why and how to use SPDX 
short-form IDs. This is intended to be developer-focused, usable by someone who 
isn't otherwise familiar with SPDX, to get them to start putting SPDX 
identifiers in their source code.

The first cut at this is now available at https://spdx.org/ids. There are a few 
"read more..." pages linked from that URL. These pages are visible but not yet 
linked from the rest of the site. 

I'd welcome feedback and edits, if you have any, before linking this into the 
main site. In particular it would be great to know if it looks okay on other 
browsers, since this is the first time I've worked with Drupal and I may have 
bent a few things...

Thanks,

Steve



-- 

Steve Winslow
Director of Strategic Programs
The Linux Foundation
Cell: +1.202.641.3047  Skype: 12026413047

swins...@linuxfoundation.org  

___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread John Sullivan 
Jilayne Lovejoy  writes:

> Hi John,
> 
> Steve Winslow  writes:
> 
> > Hello all,
> >
> > I've been working on a few pages on the SPDX website on why and how to 
> use
> > SPDX short-form IDs. This is intended to be developer-focused, usable by
> > someone who isn't otherwise familiar with SPDX, to get them to start
> > putting SPDX identifiers in their source code.
> >
> > The first cut at this is now available at
> > 
> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspdx.org%2Fids=02%7C01%7CJilayne.Lovejoy%40arm.com%7C103bfc98d6f64298bee708d59fe9e31a%7Cf34e597957d94d4db122a662184d%7C0%7C1%7C636590749258954709=nLWJSZhEzVKkU04yPM1e8Ut9cWwxQhmCYgVK%2BQYb9Gw%3D=0.
> > There are a
> > few "read more..." pages linked from that URL. These pages are visible 
> but
> > not yet linked from the rest of the site.
> >
> 
> I can't find the previous links now, but I thought the previous "how to
> use SPDX identifiers" page on the site recommended keeping the
> file-level boilerplate text for, for example, the GPL, and included
> examples along those lines.
>
> Yes, and it still does - the page you are thinking of is Appendix V to the 
> Spec https://spdx.org/specifications 
> (which you can go directly to via this link: 
> https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b )
> Which is the main source of explaining the use of SPDX identifiers in source 
> files. 
> Notably, in the second paragraph in Appendix V, it states:
>

Thanks Jilayne. I'm thinking of a different page, I can go looking for
it, but the one I had in mind showed examples of files and had a title
that was more like "How to use SPDX".

I do think the info in that Appendix is important to include on the new
/ids page -- in particular the part about preserving the standard
header.

I also wonder about warranty disclaimers?

-john

-- 
John Sullivan | Executive Director, Free Software Foundation
GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B
https://status.fsf.org/johns | https://fsf.org/blogs/RSS

Do you use free software? Donate to join the FSF and support freedom at
.
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread Jilayne Lovejoy 
No problem, Steve.  I think this all looks great, but we definitely need to be 
consistent. The advice we came up with in Appendix V was pretty well vetted, so 
I think that’s safe to stay within those boundaries. 

 

Along the same lines: this suggestion should NOT be added:  “The MIT and 
BSD-1-Clause are

examples of license headrs that would not allow this removal.”

 

That is making a license interpretation which SPDX does not do. Just like if a 
copyright holder who uses GPL-x decides to only use the SPDX identifier may so 
choose to do so; a copyright holder using MIT can decide whether they think 
they have to use the whole license or can only use the SPDX id for MIT in each 
source file. Either way, SPDX needs to be neutral here and not suggest one way 
or the other. 

 

Thanks for working on this!!

 

Cheers,

Jilayne

 

From: Steve Winslow <swins...@linuxfoundation.org>
Date: Wednesday, April 11, 2018 at 2:52 PM
To: Jilayne Lovejoy <opensou...@jilayne.com>
Cc: John Sullivan <jo...@fsf.org>, "spdx-tech@lists.spdx.org" 
<spdx-tech@lists.spdx.org>
Subject: Re: [spdx-tech] SPDX short-form IDs site

 

Thanks all (and Jilayne, apologies for the multiple copies!)

Hi John, Jilayne is correct, I was aiming to frame this as something a bit more 
"user-friendly" for developers who might not be familiar with SPDX more 
broadly. I'll take another look at the language from the appendix, and will 
likely clarify the new page to recommend retaining standard license headers 
where provided by the license steward. Thanks for highlighting this.

Best,

Steve

 

On Wed, Apr 11, 2018 at 4:40 PM, Jilayne Lovejoy <opensou...@jilayne.com> wrote:


Hi John,

Steve Winslow <swins...@linuxfoundation.org> writes:

> Hello all,
>
> I've been working on a few pages on the SPDX website on why and how to use
> SPDX short-form IDs. This is intended to be developer-focused, usable by
> someone who isn't otherwise familiar with SPDX, to get them to start
> putting SPDX identifiers in their source code.
>
> The first cut at this is now available at 
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspdx.org%2Fids=02%7C01%7CJilayne.Lovejoy%40arm.com%7C103bfc98d6f64298bee708d59fe9e31a%7Cf34e597957d94d4db122a662184d%7C0%7C1%7C636590749258954709=nLWJSZhEzVKkU04yPM1e8Ut9cWwxQhmCYgVK%2BQYb9Gw%3D=0.
 There are a
> few "read more..." pages linked from that URL. These pages are visible but
> not yet linked from the rest of the site.
>

I can't find the previous links now, but I thought the previous "how to
use SPDX identifiers" page on the site recommended keeping the
file-level boilerplate text for, for example, the GPL, and included
examples along those lines.

Yes, and it still does - the page you are thinking of is Appendix V to the Spec 
https://spdx.org/specifications
(which you can go directly to via this link: 
https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b )
Which is the main source of explaining the use of SPDX identifiers in source 
files.
Notably, in the second paragraph in Appendix V, it states:

To the extent that a source file contains existing copyright and 
license information,  it is the SPDX project’s recommendation that SPDX 
short identifiers be used to supplement,  not replace that information.   When 
there is a  standard header provided by the license author, it is 
recommended to use such standard header (alone or in  combination with the 
SPDX short identifier).

I think what Steve is doing here is trying to take that more formal advice and 
create some more "user-friendly" guides for the website.

(also removing my arm.com address from thread, so I stop getting this in two 
places __

Jilayne







-- 

Steve Winslow
Director of Strategic Programs
The Linux Foundation
Cell: +1.202.641.3047  Skype: 12026413047

swins...@linuxfoundation.org

___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread W. Trevor King 
On Wed, Apr 11, 2018 at 01:39:03PM -0700, W. Trevor King wrote:
> The centered entries in the table from [11] caught me out, and I
> initially thought the beginning ong the “Apache-2.0 AND (MIT OR
> GPL-2.0-only)” explanation was a later paragraph in the “Apache-2.0
> AND MIT” explanation.  You may want to use a definition list [12]
> for this information instead of using a table.

Also on the table front, the mini-site looks pretty good on my phone's
Firefox, except for the landing page, where fixed-with table [1] is
flowing off the right edge.  If the mobile experience is important
enough to get polishing time, you may be able to get a more responsive
layout easily by using styled headers or some such instead of a table
to set off the sections.

Also, on the narrow displays, the dynamic SPDX-License-Identifier
example at the top of the landing page is sometimes one line and
sometimes two.  This causes the bulk of the content to jump up and
down as the value cycles, which makes it hard to read ;).

Cheers,
Trevor

[1]: $ curl -s https://spdx.org/ids | grep 800px | head -n1
 


-- 
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


signature.asc
Description: OpenPGP digital signature
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread John Sullivan 
Hi Steve,

Steve Winslow  writes:

> Hello all,
>
> I've been working on a few pages on the SPDX website on why and how to use
> SPDX short-form IDs. This is intended to be developer-focused, usable by
> someone who isn't otherwise familiar with SPDX, to get them to start
> putting SPDX identifiers in their source code.
>
> The first cut at this is now available at https://spdx.org/ids. There are a
> few "read more..." pages linked from that URL. These pages are visible but
> not yet linked from the rest of the site.
>

I can't find the previous links now, but I thought the previous "how to
use SPDX identifiers" page on the site recommended keeping the
file-level boilerplate text for, for example, the GPL, and included
examples along those lines.

-john

-- 
John Sullivan | Executive Director, Free Software Foundation
GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B
https://status.fsf.org/johns | https://fsf.org/blogs/RSS

Do you use free software? Donate to join the FSF and support freedom at
.
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread Steve Winslow 
Thanks all (and Jilayne, apologies for the multiple copies!)

Hi John, Jilayne is correct, I was aiming to frame this as something a bit
more "user-friendly" for developers who might not be familiar with SPDX
more broadly. I'll take another look at the language from the appendix, and
will likely clarify the new page to recommend retaining standard license
headers where provided by the license steward. Thanks for highlighting this.

Best,
Steve

On Wed, Apr 11, 2018 at 4:40 PM, Jilayne Lovejoy 
wrote:

>
> Hi John,
>
> Steve Winslow  writes:
>
> > Hello all,
> >
> > I've been working on a few pages on the SPDX website on why and how
> to use
> > SPDX short-form IDs. This is intended to be developer-focused,
> usable by
> > someone who isn't otherwise familiar with SPDX, to get them to start
> > putting SPDX identifiers in their source code.
> >
> > The first cut at this is now available at https://emea01.safelinks.
> protection.outlook.com/?url=https%3A%2F%2Fspdx.org%2Fids&
> data=02%7C01%7CJilayne.Lovejoy%40arm.com%7C103bfc98d6f64298bee708d59fe9
> e31a%7Cf34e597957d94d4db122a662184d%7C0%7C1%
> 7C636590749258954709=nLWJSZhEzVKkU04yPM1e8Ut9cWwxQh
> mCYgVK%2BQYb9Gw%3D=0. There are a
> > few "read more..." pages linked from that URL. These pages are
> visible but
> > not yet linked from the rest of the site.
> >
>
> I can't find the previous links now, but I thought the previous "how to
> use SPDX identifiers" page on the site recommended keeping the
> file-level boilerplate text for, for example, the GPL, and included
> examples along those lines.
>
> Yes, and it still does - the page you are thinking of is Appendix V to the
> Spec https://spdx.org/specifications
> (which you can go directly to via this link: https://spdx.org/spdx-
> specification-21-web-version#h.twlc0ztnng3b )
> Which is the main source of explaining the use of SPDX identifiers in
> source files.
> Notably, in the second paragraph in Appendix V, it states:
>
> To the extent that a source file contains existing copyright and
> license information,  it is the SPDX project’s recommendation that
> SPDX short identifiers be used to supplement,  not replace that
> information.   When there is a  standard header provided by the license
> author, it is recommended to use such standard header (alone or in
> combination with the SPDX short identifier).
>
> I think what Steve is doing here is trying to take that more formal advice
> and create some more "user-friendly" guides for the website.
>
> (also removing my arm.com address from thread, so I stop getting this in
> two places __
>
> Jilayne
>
>
>
>
>


-- 
Steve Winslow
Director of Strategic Programs
The Linux Foundation
Cell: +1.202.641.3047  Skype: 12026413047
swins...@linuxfoundation.org
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread Jilayne Lovejoy 

Hi John,

Steve Winslow  writes:

> Hello all,
>
> I've been working on a few pages on the SPDX website on why and how to use
> SPDX short-form IDs. This is intended to be developer-focused, usable by
> someone who isn't otherwise familiar with SPDX, to get them to start
> putting SPDX identifiers in their source code.
>
> The first cut at this is now available at 
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspdx.org%2Fids=02%7C01%7CJilayne.Lovejoy%40arm.com%7C103bfc98d6f64298bee708d59fe9e31a%7Cf34e597957d94d4db122a662184d%7C0%7C1%7C636590749258954709=nLWJSZhEzVKkU04yPM1e8Ut9cWwxQhmCYgVK%2BQYb9Gw%3D=0.
 There are a
> few "read more..." pages linked from that URL. These pages are visible but
> not yet linked from the rest of the site.
>

I can't find the previous links now, but I thought the previous "how to
use SPDX identifiers" page on the site recommended keeping the
file-level boilerplate text for, for example, the GPL, and included
examples along those lines.

Yes, and it still does - the page you are thinking of is Appendix V to the Spec 
https://spdx.org/specifications 
(which you can go directly to via this link: 
https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b )
Which is the main source of explaining the use of SPDX identifiers in source 
files. 
Notably, in the second paragraph in Appendix V, it states:

To the extent that a source file contains existing copyright and 
license information,  it is the SPDX project’s recommendation that SPDX 
short identifiers be used to supplement,  not replace that information.   When 
there is a  standard header provided by the license author, it is 
recommended to use such standard header (alone or in  combination with the 
SPDX short identifier).

I think what Steve is doing here is trying to take that more formal advice and 
create some more "user-friendly" guides for the website.  

(also removing my arm.com address from thread, so I stop getting this in two 
places __

Jilayne




___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread W. Trevor King 
On Wed, Apr 11, 2018 at 02:56:38PM -0400, Steve Winslow wrote:
> I've been working on a few pages on the SPDX website on why and how
> to use SPDX short-form IDs.

This looks good to me :).  A few minor nits:

> This is intended to be developer-focused, usable by someone who
> isn't otherwise familiar with SPDX, to get them to start putting
> SPDX identifiers in their source code.

I think that would be clearer if, instead of scoping this as “SPDX
IDs”, you scoped it as “SPDX License Expression Comments” or some
such.  That would allign a bit better with the backing appendix [1],
making it clear that this mini-site was about source-comments and not
about associating license expressions in general (which is broader) or
using license list IDs (which is narrower).  Along those lines, I wish
the comment tag had been SPDX-License-Expression, but it's too late to
adjust that now ;).

From [2]:

  You can replace 20+ lines of license header comments with a single
  SPDX-License-Identifier: line.

And later down that same page:

  Over time, if you want, you can replace pre-existing complicated
  license headers with simple SPDX IDs if your project finds it to be
  worthwhile.

The Linux docs make these comments “An alternative to boilerplate
text” [3], and that's how things seem to be working in most of the
kernel.  But at least a few files are going with the both/and
approach, e.g. [4].  I'm not sure, but it's possible that the BSD
source redistribution requirement [5], although at least one kernel
file seems to have skipped that [6] (and punted to a LICENSE file that
does not exist in the kernel repo?).  You may want to:

* shift the “SPDX IDs are short” entry down after the “SPDX IDs can be
  adopted gradually” entry,
* drop the “Over time…” line, and
* add a new line to the “SPDX IDs are short” entry that is something
  like:

For license headers that allow it, you can optionally remove
pre-existing license headers after you've added a
SPDX-License-Identifier: line.  The MIT and BSD-1-Clause are
examples of license headrs that would not allow this removal.

Further down in [2]:

  If your files repeatedly contain multiple lines of all-caps text,
  for example, it's possible for changes to the license text to be
  introduced -- accidentally or intentionally.

  Using SPDX IDs helps reduce the risks of license changes sneaking
  into your code.

You may want to replace that with something closer to:

  Because they are short, it is easier notice changes—accidental or
  intentional—to SPDX license expressions than it is to notice changes
  in longer license headers.  No more reviewing paragraph re-wrapping
  patches to all-caps warrenty disclaimers!

On [7] you have “ARM mbed”, but the upstream casing appears to be “Arm
Mbed” [8].  Also, “Uboot” →  “U-Boot” [9], “poco” → “POCO” [10].

On [11], you have an ‘EPL-1.0+’ example, but I think the EPL-1.0
includes that behavior by default [12] and does not provide a way for
licensors to pin to a particular version.  Since the -or-later / -only
split, I don't think we have any good examples of a + expression
available.  The only other licenses that allow a choice are the CDDL
family, they're or-later by default [13], and we currently do not
provide an ONLY operator or CDDL-1.0-only case, or similar to mark
those pinning notices.  I'm not sure what the plans are for the CDDL,
but for the purpose of this mini-site you may just want to ignore the
existence of the + operator, and treat that as covered by the
license-expression appendix link you already have.

The centered entries in the table from [11] caught me out, and I
initially thought the beginning ong the “Apache-2.0 AND (MIT OR
GPL-2.0-only)” explanation was a later paragraph in the “Apache-2.0
AND MIT” explanation.  You may want to use a definition list [12] for
this information instead of using a table.

Also on [11], I think you want “how IDs work” → “how license
expressions work”.

You may want to add anchors throughout so folks can link directly to
things like section headers (e.g. the “SPDX License Expressions”
section of [11]).

In the “SPDX License Expressions” section of [11], you make it sound
like the value is a choice between a single license ID or an SPDX
license expressions.  But single license IDs are a subset of SPDX
license expressions, via [14]:

  license-expression =  1*1(simple-expression / compound-expression)
  simple-expression = license-id / license-id”+” / license-ref

I think you could drop that section and use:

  3. An SPDX license expression as defined in Appendix IV of the SPDX
 specification, version 2.1.

in your “Format” section.  In fact, I'd consider dropping all of the
[14] sections after the “Format” section and extending the list of
examples and discussion at the top of [14] to cover the material in
question.

Is there any chance of getting this material into a Git repo?  I think
it's harder to track this sort of review via email threads once the
responses

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread Yev Bronshteyn 
That looks amazing! Please give a shout when it’s OK to share.

From:  on behalf of Steve Winslow 

Date: Wednesday, April 11, 2018 at 2:57 PM
To: "spdx-tech@lists.spdx.org" 
Cc: "jilayne.love...@arm.com" 
Subject: [spdx-tech] SPDX short-form IDs site
Resent-From: Yev Bronshteyn 
Resent-Date: Wednesday, April 11, 2018 at 2:57 PM

Hello all,
I've been working on a few pages on the SPDX website on why and how to use SPDX 
short-form IDs. This is intended to be developer-focused, usable by someone who 
isn't otherwise familiar with SPDX, to get them to start putting SPDX 
identifiers in their source code.
The first cut at this is now available at 
https://spdx.org/ids.
 There are a few "read more..." pages linked from that URL. These pages are 
visible but not yet linked from the rest of the site.

I'd welcome feedback and edits, if you have any, before linking this into the 
main site. In particular it would be great to know if it looks okay on other 
browsers, since this is the first time I've worked with Drupal and I may have 
bent a few things...
Thanks,
Steve

--
Steve Winslow
Director of Strategic Programs
The Linux Foundation
Cell: +1.202.641.3047  Skype: 12026413047
swins...@linuxfoundation.org
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread Steve Winslow 
Thanks Sam! Good point on the copyright notice. I'll add something to
clarify that those should remain in place.

I also think that this site could benefit from an FAQs page to go into more
detail on some items. If people have suggestions for questions / answers,
feel free to send them my way and I'll add an FAQ section.

On Wed, Apr 11, 2018 at 4:03 PM, Sam Ellis  wrote:

> Hi Steve,
>
>
>
> Nice page!
>
>
>
> It may be worth noting (perhaps in the ‘How’ section) that the SPDX ID
> should only replace license text, and that copyright notices should remain
> (otherwise there is a danger of overzealous replacement of both license
> text + copyright).
>
>
>
>
>
> *From:* spdx-tech-boun...@lists.spdx.org [mailto:spdx-tech-bounces@
> lists.spdx.org] *On Behalf Of *Steve Winslow
> *Sent:* 11 April 2018 19:57
> *To:* spdx-tech@lists.spdx.org
> *Cc:* Jilayne Lovejoy 
> *Subject:* [spdx-tech] SPDX short-form IDs site
>
>
>
> Hello all,
>
> I've been working on a few pages on the SPDX website on why and how to use
> SPDX short-form IDs. This is intended to be developer-focused, usable by
> someone who isn't otherwise familiar with SPDX, to get them to start
> putting SPDX identifiers in their source code.
>
> The first cut at this is now available at https://spdx.org/ids. There are
> a few "read more..." pages linked from that URL. These pages are visible
> but not yet linked from the rest of the site.
>
> I'd welcome feedback and edits, if you have any, before linking this into
> the main site. In particular it would be great to know if it looks okay on
> other browsers, since this is the first time I've worked with Drupal and I
> may have bent a few things...
>
> Thanks,
>
> Steve
>
>
> --
>
> Steve Winslow
> Director of Strategic Programs
> The Linux Foundation
> Cell: +1.202.641.3047  Skype: 12026413047
>
> swins...@linuxfoundation.org
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>



-- 
Steve Winslow
Director of Strategic Programs
The Linux Foundation
Cell: +1.202.641.3047  Skype: 12026413047
swins...@linuxfoundation.org
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] SPDX short-form IDs site

2018-04-11 Thread Philippe Ombredanne 
Steve:

On Wed, Apr 11, 2018 at 8:56 PM, Steve Winslow
 wrote:
> Hello all,
>
> I've been working on a few pages on the SPDX website on why and how to use
> SPDX short-form IDs. This is intended to be developer-focused, usable by
> someone who isn't otherwise familiar with SPDX, to get them to start putting
> SPDX identifiers in their source code.
>
> The first cut at this is now available at https://spdx.org/ids. There are a
> few "read more..." pages linked from that URL. These pages are visible but
> not yet linked from the rest of the site.
>
> I'd welcome feedback and edits, if you have any, before linking this into
> the main site. In particular it would be great to know if it looks okay on
> other browsers, since this is the first time I've worked with Drupal and I
> may have bent a few things...

You positively rock!

My only comment is that I did not see a GPL license in the expression
animation ;)

BTW, I just pushed an update to Scancode the other day that at last
detects all these correctly.
And deals with less well formed variants too.

-- 
Cordially
Philippe Ombredanne
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech