Hi Michel, In reply to your comment on the issue of only a package level and file level license. First, I completely agree. This is also my biggest issue in using the 1.x version spec.
Fixing this is one of the objectives for version two of the spec. The proposal is to add a relationship between SPDX packages and SPDX documents which will allow dependencies and their respective licenses to be expressed. We are at the modeling/design stage in the 2.0 development process. Would you be interested in reviewing the UML class diagram for 2.0? If you would prefer to get involved later when we have it spec'd out more, that would be fine as well. We are currently working on 1.2 items in the technical team, but we should be back to 2.0 discussions in about 3 weeks. We have a session schedule at LinuxCon Sept. 17. Any review and feedback would be appreciated. Thanks, Gary -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of RUFFIN, MICHEL (MICHEL) Sent: Friday, August 16, 2013 7:54 AM To: Manbeck, Jack; Meier, Roger; [email protected] Cc: [email protected] Subject: RE: SPDX General Meeting minutes and request Alcatel-Lucent is using the SPDX standard internally and we have aligned all our internal documents on FOSS (including trainings) and our Databases on the license taxonomy of SPDX. So I guess you can mention our name for license taxonomy compliance. A small comment on the taxonomy. We have a governance process in place since 10 years and I have now to explain to people (already trained as experts, that's around 250+ people) that what we were calling old BSD or BSD1 is now BSD4-clause and new BSD or BSD2 is now BSD3-clause. That's sometimes a bit confusing 8-). Even me I am a bit confused sometimes. So today for BSD, in document and trainings we keep the 3 way of calling the licenses I would like to point out that there is a big issue with the SPDX standard. For a given FOSS there is a top level license And there is a file level license There is no intermediate level In fact there are 3 levels for open sources Top level license of the FOSS Dependencies (FOSS which are included with the top level FOSS) File level license (not use in practice by any of our suppliers). This is something that SPDX should address Michel [email protected], PhD Software Coordination Manager, N&P IS/IT Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France -----Message d'origine----- De : [email protected] [mailto:[email protected]] De la part de Manbeck, Jack Envoyé : vendredi 16 août 2013 16:19 À : Meier, Roger; [email protected] Cc : [email protected] Objet : RE: SPDX General Meeting minutes and request You can include Texas Instruments as well. Jack -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Meier, Roger Sent: Friday, August 16, 2013 5:14 AM To: [email protected] Cc: [email protected] Subject: Re: SPDX General Meeting minutes and request Hi Phil > REQUEST for immediate action: > Jilayne, Scott and I are working on a paper for law journal (IFOSSLR). In one section we are talking about the license list. We have heard anecdotally about some companies that are using the short names and list for internal purposes even if they have not yet implemented SPDX overall. If your company is using SPDX in this way, we'd like to include the name of your company in a sentence, something along the lines of: > A number of companies, such as X, Y and Z, are already using the license list and short names internally. > Please get back to me if we can include your company on the list. We are trying to wrap up the article next week, so a response in the next few days would be appreciated. Yes, we are using the license list internally at Siemens. You can add us to the list as well. All the best! Roger With best regards, Roger Meier Siemens Schweiz AG, Building Technologies Division, International Headquarters Infrastructure & Cities Sector Building Technologies Division Control Products & Systems IC BT CPS R&D ZG FW CCP Gubelstrasse 22 6300 Zug, Switzerland Tel: +41 41 724-4942 mailto:[email protected] Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank you. _______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx _______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx _______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
