> Given there are bodies such as OSI and SPDX present, with presence on the > GitHub community, would the need for such a tool be mitigated if something > like the GPL—itself being copy written and arguably difficult to use > <https://github.com/comfusion/hyperdrive/issues/41>—be mitigated if each > license were given an address in the Blockchain pointing back to the > authentic and original license text as to represent the canonical source of a > license used.
I don’t think this would help as often the issue is reliably finding or identifying the “canonical” source of the license text. Take the Fedora “good” list - the SPDX Legal team did a massive amount of work to add as many licenses from that list to SPDX (we added ~80 licenses, if memory recalls) to make it easier to use SPDX for Fedora distros or the like. Many of those licenses we could not find any other instance of the license text other than what was captured on the Fedora site. In general, we do a fair amount of research at the time the license is added, but links change and there is no feasible way to keep that kind of information up-to-date. You can only go so far down the rabbit hole, license “authors” don’t always respond (if you can find them), etc. But that’s okay, because that is part of the point of having the SPDX License List - the license is captured there and that is a reference. As for the OSI - given the goal of SPDX in terms of identifying licenses in a reliable way, I can personally tell you it was a huge effort of collaboration with members of the OSI no longer actively involved in this mailing list to get things aligned in terms of the actual license text, as we uncovered certain oddities that no one noticed before and then had to sort out how to handle it. This was not always easy! The most obvious example being: Artistic-1.0 has three variations on SPDX License List - two reflect the inclusion or not of clause 8, which is also reflected on the OSI site. The third is the actual license that Perl uses, which is different yet again. OSI always had a note about this license being used with Perl, but it wasn’t actually the same license. After much going back and forth about how to solve this (and clarify if the actual Perl license was OSI approved) we came up with the solution as you see it. The point is, these things are not always straight forward, licenses or license text are not code and haven’t been treated as such in terms of tracking changes. The SPDX License List serves by having a list of license text associated with short identifiers that can be used in SPDX documents and elsewhere. This purpose has been and will continue to increase being very useful and successful. Thanks, Jilayne SPDX Legal Team co-lead [email protected] > On Aug 4, 2017, at 1:53 PM, Josh Habdas <[email protected]> wrote: > > Errata: W3C and WHATWG operate in *a somewhat similar manner* > > On Sat, Aug 5, 2017 at 3:51 AM Josh Habdas <[email protected] > <mailto:[email protected]>> wrote: > Given there are bodies such as OSI and SPDX present, with presence on the > GitHub community, would the need for such a tool be mitigated if something > like the GPL—itself being copy written and arguably difficult to use > <https://github.com/comfusion/hyperdrive/issues/41>—be mitigated if each > license were given an address in the Blockchain pointing back to the > authentic and original license text as to represent the canonical source of a > license used. > > The W3C and WHATWG operate in this manner and I perceive this to be strategic > way to help simplify the burden of companies attempting to understand what's > actually in their products, help prevent accidental long-term license > proliferation and simplify application of licenses to FOSS project source > code in the wild. > > I'd open to finding time to discuss on this in more detail as I feel it ties > in with the crypto licenses I'm attempting to push forward if there is any > interest. Sometimes the simple solutions are the best ones. > > Regards, > Josh > > On Sat, Aug 5, 2017 at 3:05 AM W. Trevor King <[email protected] > <mailto:[email protected]>> wrote: > On Fri, Aug 04, 2017 at 02:53:05PM -0400, Richard Fontana wrote: > > On Fri, Aug 04, 2017 at 11:44:45AM -0700, W. Trevor King wrote: > > > The only difference that turned up in the license text is: > > > > > > Copyright [-©-]{+(C)+} 2007 Free Software Foundation, Inc. > > > > > > Our guideline for equating copyright symbols includes (c) but not (C) > > > [2]. Maybe that's what's going on? > > > > Is that intentional? > > Ah, there is also guideline 4 saying that case is not significant. > Presumably that also applies to these equivalent replacements. > > Cheers, > Trevor > > [1]: https://spdx.org/spdx-license-list/matching-guidelines > <https://spdx.org/spdx-license-list/matching-guidelines> > > -- > This email may be signed or encrypted with GnuPG (http://www.gnupg.org > <http://www.gnupg.org/>). > For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy > <http://en.wikipedia.org/wiki/Pretty_Good_Privacy> > _______________________________________________ > Spdx-legal mailing list > [email protected] <mailto:[email protected]> > https://lists.spdx.org/mailman/listinfo/spdx-legal > <https://lists.spdx.org/mailman/listinfo/spdx-legal> > _______________________________________________ > Spdx-legal mailing list > [email protected] > https://lists.spdx.org/mailman/listinfo/spdx-legal
_______________________________________________ Spdx-legal mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-legal
