Wolfgang> Dear David,
Wolfgang> In message
<[email protected]> you wrote:
>>
>> SPDX-License-Identifier: LGPL-2.1 OR MPL-1.1
Wolfgang> ...
>> In general, we all want both simplicity (so people will USE it) and
>> expressiveness (so it can be USEFUL). The trick is getting there...
Wolfgang> I dislike this idea. Combining alternative liceses (where the user
Wolfgang> can chose any of them) by anyhting alse but an "OR" does not make
Wolfgang> sense. I cannot imagine how you woudl apply two licesnese (like,
say,
Wolfgang> GPL and BSD) simultaneously.
Wolfgang> Also, in the interest of easy processing of the license tags, I wouls
Wolfgang> like to propse that multiple licenses in a list are separated by
white
Wolfgang> space only - no "OR", no commas, nor any other artificial delimiters
Wolfgang> that will only make parsing the information more difficult.
I feel that the main challenge with adoption is that our discussions are
centered around those that "consume" open source, and no those that
create it. The main discussions so far have been about making it easy to
parse (for downstream tools) in order to simplify compliance.
I think that, if SPDX is to succeed, the ones who need to be involved in
this discussion are the developers. Since we can't involve them "all" we
can use their representatives, the big foundations: Apache, FSF,
Mozilla, GNOME, KDE, and Linux.
They are the ones that have the cloud to convince developers to use a
standard format (in fact, most of them do, to a certain extent).
I think we need to ask them for feedback, and try to get a consensus
WITH THE upstream developers of what a good guideline should
be. Otherwise the guidelines will fall in deaf ears.
Now, with respect to guidelines, it seems that there are several
approaches, each providing a different level of precision in the
information:
0. Status quo. Project does nothing and everything states the same.
1. Label the license statement in file (where it is located). Inside
indicate the licenses under which the file is licensed. This has to
be consistent with the current rules of the project/Foundation.
2. Label the license under which the file is licensed using SPDX
identifiers
3. Label the license under which the file is licensed using an SPDX such
that it is easy to use automatic tools for its analysis.
Perhaps each of these can be called a level of "maturity" in license
compliance for the upstream package at the file level. Most are at label
0 now. Some projects (most Apache's) are in level 1. In fact, they are
easy to automatically analyze because of that.
Levels 2 and 3 would be towards SPDX-ing their license statements in
file.
--dmg
--
Daniel M. German "Give a man a password,
he'll log in for a day.
Teach him to code,
Anonymous -> and he will hack his way in..."
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .
_______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech
