Dear Daniel, In message <87ob71qey8....@mn.cs.uvic.ca> you wrote: > > Wolfgang> Also, in the interest of easy processing of the license tags, I > wouls > Wolfgang> like to propse that multiple licenses in a list are separated by > white > Wolfgang> space only - no "OR", no commas, nor any other artificial > delimiters > Wolfgang> that will only make parsing the information more difficult. > > > I feel that the main challenge with adoption is that our discussions are > centered around those that "consume" open source, and no those that > create it. The main discussions so far have been about making it easy to > parse (for downstream tools) in order to simplify compliance.
For a softeare developer, there is no sharp line here. While creating new software, we frequently borrow from existing code, so we are creators and consumers at the same time. > I think that, if SPDX is to succeed, the ones who need to be involved in > this discussion are the developers. Since we can't involve them "all" we > can use their representatives, the big foundations: Apache, FSF, > Mozilla, GNOME, KDE, and Linux. Full agreement here. No matter how nice the theory and the specifications are, the implementation must fit nicely into the regular work flow of the developers. We all are more than busy, so additional efforts will always be frowned upon, while anything that makes our life easier is highly appreciated. Short, self-explanatory "macro definitions" like the SPDX license IDs instead of voluminous license headers is something that I like very much, as it condenses the legally necessary information to a level where the unavoidable bureaucratic overhead is really minimized. I am pretty much sure that other developpers feel the same. > Now, with respect to guidelines, it seems that there are several > approaches, each providing a different level of precision in the > information: > > 0. Status quo. Project does nothing and everything states the same. > > 1. Label the license statement in file (where it is located). Inside > indicate the licenses under which the file is licensed. This has to > be consistent with the current rules of the project/Foundation. > > 2. Label the license under which the file is licensed using SPDX > identifiers > > 3. Label the license under which the file is licensed using an SPDX such > that it is easy to use automatic tools for its analysis. > > Perhaps each of these can be called a level of "maturity" in license > compliance for the upstream package at the file level. Most are at label > 0 now. Some projects (most Apache's) are in level 1. In fact, they are > easy to automatically analyze because of that. > > Levels 2 and 3 would be towards SPDX-ing their license statements in > file. What I'm trying to do (unfortunaltely with less bandwith that I'd like to) is pushing the U-Boot project toward level 3. Before I started, I talked to a number of the most active developers. Judging from their initial response, and from the feedback on my patches on the U-Boot mailing list, I think this is the way to go. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de All he had was nothing, but that was something, and now it had been taken away. - Terry Pratchett, _Sourcery_ _______________________________________________ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
