On Thu, Sep 07, 2017 at 04:41:23PM -0400, Richard Fontana wrote: > Out of curiosity I searched a bit just now and found in the earliest > extant GCC release, apparently from 1988, the license (GNU CC General > Public License) has this slightly different meta-license: > > Copyright (C) 1987 Richard M. Stallman > Everyone is permitted to copy and distribute verbatim copies > of this license, but changing it is not allowed.
So we probably want to use: …copies of this <alt name="doc" match="license|document|">license document</alt>, but … > IHTBTG but ... if you want to go down this path, do you want to > consider such things as, say, the fact that the vast majority of the > other license texts recognized by SPDX have no explicit metalicense? In that case, how are we allowed to share copies of their text via license-list-XML repository [1], our published license list [2], etc.? If the material is copyrightable (seems likely for most of the licenses we carry), we need some justification for that. In most cases, I expect something like the Verbatim license is implicit as part of somebody (often the license author?) submitting the license to us for inclusion. In those cases we can conclude a Verbatim license and move on. For license where we do not feel comfortable concluding a license, we probably want to stop distributing local copies until we figure out what license applies to them (or whether we think they are not copyrighted, or if our complete copy of their text falls under fair use, or whatever). On Thu, Sep 07, 2017 at 02:47:16PM -0600, J Lovejoy wrote: > I think this may be solving a problem we don’t have. While you are > precise here, I think the operative goal is to understand the > license for the code - at the project level and the file level, as > appropriate (or both) and I was using the file-level breakdown to > illustrate the challenging (but acknowledged as potentially common) > scenario where there is the license text and then no further > information. I agree that the license of the GPL-2.0 text has only a limited impact on the project license. Although if a project with only GPL-2.0+ code includes a local copy of the GPL-2.0, I think the accurate SPDX identifier for a tarball containing the whole package would be ‘GPL-2.0+ AND Verbatim’. Compiled output, installed packages, etc., which don't include the full GPL-2.0 text would just be GPL-2.0+. > In any case, I’m not sure we need to worry so much about identifying > the license of the license. Why not? They're generally copyrightable content that we copy and distribute, just like code. > If we made a new identifier for the purposes here, as you suggest, > where would the leave MIT, BSD-3-Clause, etc.? Good question. Wikipedia claims BSD-3-Clause is in the public domain [3], although I'm not clear on their reasoning for that. For other licenses, I'm not sure who owns copyright on them or whether they're creative enough (vs. prior art?) to be copyrightable. Since many, many people have copied them verbatim, distributed those copies, and not been sued, I expect we at least have the “distribute verbatim copies” permission (possibly via some estoppel thing, but I'm not a lawyer). I'm not clear on whether I'm allowed to tweak their wording or not. > We want scanners to be able to identify the exact license text where > it exists for what it actually is - that is the key piece of > information for determining the license for the code. If we start to > boil down to the license of the license, we seem to be missing the > key goal? I don't think so. If I get a tarball for a package, I want to know the licensing information for the contents of that tarball. If some of the content in that tarball is GPL-2.0+ (e.g. main.c), I want to know that. If some of the content in that tarball is Verbatim (e.g. COPYING), I want to know that too. Cheers, Trevor [1]: http://github.com/spdx/license-list-XML [2]: https://spdx.org/licenses/ [3]: https://en.wikipedia.org/wiki/BSD_licenses#3-clause_license_.28.22BSD_License_2.0.22.2C_.22Revised_BSD_License.22.2C_.22New_BSD_License.22.2C_or_.22Modified_BSD_License.22.29 -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
