Hi Nuno Brito
I think I understand. Without jumping to a solution, let me see if I can
summarize the problem.
A single copyright holder (IPR holder) provides the same software to different
parties each potentially under different licensing terms. At the time the
software is developed and tested the precise licensing terms are not known. It
is not until later that the terms are determined (e.g., via a negotiation).
Therefore the file does not include a license notice - just perhaps a copyright
notice such as:
/*
* Copyright 2013 ABC Company, Inc.
*/
I do believe a minimum license notice like the following:
/*
* Copyright 2013 ABC Company, Inc.
*
* This software is licensed pursuant to the terms of the
* ABC Company software license agreement.
*
*/
is useful even if it is not very specific (i.e., the terms have not been
written in stone). It is helpful to understand that the intent of the IPR
holder is to offer this file/software to others under terms that are subject to
a negotiation or discussion. Assuming that company ABC Company is 100% the
copyright (IPR) holder - the above license notice does not prevent ABC Company
from offering the same file to one party (recipient 1) under one set of license
terms and to a different party (recipient 2) under a different set of licensing
terms. That is:
(i) ABC Company may not know the precise terms until the day they deliver
the code to a given customer; and
(ii) different customers may potentially receive different terms;
One can create the following SPDX record for the example file:
>> FileName: ./Config.src
>> FileType: SOURCE
>> FileChecksum: SHA1: 53f410f780bf5659aa100aa0161c2d5229944d2b
LicenseInfoInFile: LicenseRef-23
LicenseConcluded: LicenseRef-23
where LicenseRef-23 either:
(a) simply repeats the license notice above; or
(b) provides a reference to a specific contract (e.g., a formal name + date);
or
(c) provides the precise terms of the agreement for a given recipient.
With option (a) you can prepare just one SPDX file that can be delivered to all
recipients and essentially achieve your "DEFAULT" reference without adding the
default keyword to the SDPX spec. With options (b) and (c) one would need to
generate and deliver a custom SPDX file with each software delivery but you
contain the customization to the SPDX file (and more specifically to the
LicenseRef-23 record) as opposed to all the source files.
Is this the problem you are looking to address?
Regards,
- Mark
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Nuno Brito
Sent: Wednesday, December 11, 2013 3:38 AM
To: [email protected]
Subject: RE: SPDX meta-tag for implicit license terms (Gisi, Mark)
Hi Mark,
> I understand why software developers want to Inherit from the package
> license. It's a short cut to avoid having to include a license notice
> in every file. However, there are many short cuts in life that
> actually make life more difficult. The global license approach or
> inherit the package license approach are good examples. The more
> successful a project becomes the more sharing that takes place and the
> greater the nightmare "inherited the package license" approach
> becomes. Attached is an SPDX file for Busybox. Busybox is an example
> of a successful project that benefited greatly by borrowing (sharing)
> code from/with other projects. Notice how many files have a different
> license from the Busybox package.
I work in projects where changing the header of source code files is not an
option after a given code was certified and locked by quality assurance or some
other business reason. It isn't a shortcut as exists no intention of writing
the license terms in stone (file header), they vary according to whom receives
the files (not open source code). In essence, expressing the implicit licensing
nature of these files in consistent manner.
Would perhaps this syntax be possible to consider?
> FileName: ./Config.src
> FileType: SOURCE
> FileChecksum: SHA1: 53f410f780bf5659aa100aa0161c2d5229944d2b
> LicenseInfoInFile: NONE
> LicenseConcluded: NOASSERTION
> FileLicenseDeclared: DEFAULT
Expressing that:
- no license is included with the file
- the SPDX creator has not yet made a conclusion about the license
- the IPR holder declared a license connected to the overall declared license
At this moment the standard does not prescribe declaring licenses on a file
level, "FileLicenseDeclared" nor the keyword DEFAULT exist.
With kind regards,
Nuno Brito
---
email: [email protected]
phone: +49 615 146 03187
twitter: @triplechecked
_______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech
_______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech
