We spent quite a bit of time discussing snippets in the SPDX technical working group. There are definitely a number of issues and considerations.
At the conclusion of the discussions, there was a consensus that denoting snippets in an SPDX document was required for several use cases and was a common scenario in JavaScript / Node environments. You could use the SPDX term "LicenseInfoInSnippet" since you are including the license information directly in the copied snippet. I've always treated this similar to the declared license for packages. In terms of marking the start and end of the snippet, I don't know of any existing SPDX tags that would help. Within the SPDX document, we use a byte range. This would be rather impractical within the file containing the snippets. The proposal in the referenced thread of using a tag at the start and end of the snippet range looks like it would work. Gary > -----Original Message----- > From: Spdx-legal@lists.spdx.org <Spdx-legal@lists.spdx.org> On Behalf Of > James Bottomley > Sent: Friday, June 5, 2020 9:08 AM > To: Max Mehl <max.m...@fsfe.org>; spdx-legal@lists.spdx.org > Subject: Re: Correct handling of snippets > > On Fri, 2020-06-05 at 16:15 +0200, Max Mehl wrote: > > Hi all, > > > > At REUSE, we currently discuss how to correctly handling snippets from > > a third party, potentially under a different license [^1]. Since we > > strive to make as much use of SPDX as possible, I wonder about how you > > would solve this. > > > > I saw that SPDX uses the following tags instead of FileCopyrightText > > and License-Identifier: > > > > * SPDX-SnippetCopyrightText: Foo Bar > > * SPDX-SnippetLicenseConcluded: CC-BY-SA-4.0 > > > > This raised a bunch of questions: > > > > * How would one mark the begin and end of a snippet? > > * "LicenseConcluded" is quite different from the well-known > > License-Identifier [^2], so not very intuitive for developers. Is > > there some kind of alias that people can use? > > * Is was asked how one could refer the source of the snippet. > > "SnippetLicenseComments"? > > I really think this is a recipe for disaster. What's wrong with simply > keeping the > licence of the file? since to be contributed, the snippet must be compatible > with > it. To put it another way, why treat a snippet (a cut and paste) differently > from > a usual contribution? If someone really wants to cut a function out of Linux > and > put it in BSD based on the theory that it's originally a snippet under a > permissive > licence, they'll have to do a lot of legal analysis anyway. > > The problem you'll run into if you track snippets differently is that once a > snippet inside a file is modified, under the DCO the modifications are under > the > licence "of the file" not of the snippet, so the newly derived snippet is now > unconditionally under the licence of the file and that would make any separate > tracking of the snippet licence wrong unless someone manually keep it in sync, > which is not a burden any maintainer wants. > > The way we handle explicitly allowing code to move from Linux to BSD (usually > in the area of drivers) is to make the *file* licence dual GPLv2/BSD to it's > unequivocally agreed that every contribution is under both licences and thus a > cut and paste from anywhere in the file is OK to go under a sole BSD licensed > project. > > James > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2819): https://lists.spdx.org/g/Spdx-legal/message/2819 Mute This Topic: https://lists.spdx.org/mt/74693470/21656 Group Owner: spdx-legal+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
