Hi Mark,
I understand why software developers want to Inherit from the package
license. It's a short cut to avoid having to include a license notice
in every file. However, there are many short cuts in life that
actually make life more difficult. The global license approach or
inherit the package license approach are good examples. The more
successful a project becomes the more sharing that takes place and the
greater the nightmare "inherited the package license" approach
becomes. Attached is an SPDX file for Busybox. Busybox is an example
of a successful project that benefited greatly by borrowing (sharing)
code from/with other projects. Notice how many files have a different
license from the Busybox package.
I work in projects where changing the header of source code files is not
an option after a given code was certified and locked by quality
assurance or some other business reason. It isn't a shortcut as exists
no intention of writing the license terms in stone (file header), they
vary according to whom receives the files (not open source code). In
essence, expressing the implicit licensing nature of these files in
consistent manner.
Would perhaps this syntax be possible to consider?
FileName: ./Config.src
FileType: SOURCE
FileChecksum: SHA1: 53f410f780bf5659aa100aa0161c2d5229944d2b
LicenseInfoInFile: NONE
LicenseConcluded: NOASSERTION
FileLicenseDeclared: DEFAULT
Expressing that:
- no license is included with the file
- the SPDX creator has not yet made a conclusion about the license
- the IPR holder declared a license connected to the overall declared
license
At this moment the standard does not prescribe declaring licenses on a
file level, "FileLicenseDeclared" nor the keyword DEFAULT exist.
With kind regards,
Nuno Brito
---
email: [email protected]
phone: +49 615 146 03187
twitter: @triplechecked
_______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech
