Hi Nuno Brito I think I understand. Without jumping to a solution, let me see if I can summarize the problem.
A single copyright holder (IPR holder) provides the same software to different parties each potentially under different licensing terms. At the time the software is developed and tested the precise licensing terms are not known. It is not until later that the terms are determined (e.g., via a negotiation). Therefore the file does not include a license notice - just perhaps a copyright notice such as: /* * Copyright 2013 ABC Company, Inc. */ I do believe a minimum license notice like the following: /* * Copyright 2013 ABC Company, Inc. * * This software is licensed pursuant to the terms of the * ABC Company software license agreement. * */ is useful even if it is not very specific (i.e., the terms have not been written in stone). It is helpful to understand that the intent of the IPR holder is to offer this file/software to others under terms that are subject to a negotiation or discussion. Assuming that company ABC Company is 100% the copyright (IPR) holder - the above license notice does not prevent ABC Company from offering the same file to one party (recipient 1) under one set of license terms and to a different party (recipient 2) under a different set of licensing terms. That is: (i) ABC Company may not know the precise terms until the day they deliver the code to a given customer; and (ii) different customers may potentially receive different terms; One can create the following SPDX record for the example file: >> FileName: ./Config.src >> FileType: SOURCE >> FileChecksum: SHA1: 53f410f780bf5659aa100aa0161c2d5229944d2b LicenseInfoInFile: LicenseRef-23 LicenseConcluded: LicenseRef-23 where LicenseRef-23 either: (a) simply repeats the license notice above; or (b) provides a reference to a specific contract (e.g., a formal name + date); or (c) provides the precise terms of the agreement for a given recipient. With option (a) you can prepare just one SPDX file that can be delivered to all recipients and essentially achieve your "DEFAULT" reference without adding the default keyword to the SDPX spec. With options (b) and (c) one would need to generate and deliver a custom SPDX file with each software delivery but you contain the customization to the SPDX file (and more specifically to the LicenseRef-23 record) as opposed to all the source files. Is this the problem you are looking to address? Regards, - Mark -----Original Message----- From: spdx-tech-boun...@lists.spdx.org [mailto:spdx-tech-boun...@lists.spdx.org] On Behalf Of Nuno Brito Sent: Wednesday, December 11, 2013 3:38 AM To: spdx-tech@lists.spdx.org Subject: RE: SPDX meta-tag for implicit license terms (Gisi, Mark) Hi Mark, > I understand why software developers want to Inherit from the package > license. It's a short cut to avoid having to include a license notice > in every file. However, there are many short cuts in life that > actually make life more difficult. The global license approach or > inherit the package license approach are good examples. The more > successful a project becomes the more sharing that takes place and the > greater the nightmare "inherited the package license" approach > becomes. Attached is an SPDX file for Busybox. Busybox is an example > of a successful project that benefited greatly by borrowing (sharing) > code from/with other projects. Notice how many files have a different > license from the Busybox package. I work in projects where changing the header of source code files is not an option after a given code was certified and locked by quality assurance or some other business reason. It isn't a shortcut as exists no intention of writing the license terms in stone (file header), they vary according to whom receives the files (not open source code). In essence, expressing the implicit licensing nature of these files in consistent manner. Would perhaps this syntax be possible to consider? > FileName: ./Config.src > FileType: SOURCE > FileChecksum: SHA1: 53f410f780bf5659aa100aa0161c2d5229944d2b > LicenseInfoInFile: NONE > LicenseConcluded: NOASSERTION > FileLicenseDeclared: DEFAULT Expressing that: - no license is included with the file - the SPDX creator has not yet made a conclusion about the license - the IPR holder declared a license connected to the overall declared license At this moment the standard does not prescribe declaring licenses on a file level, "FileLicenseDeclared" nor the keyword DEFAULT exist. With kind regards, Nuno Brito --- email: nuno.br...@triplecheck.de phone: +49 615 146 03187 twitter: @triplechecked _______________________________________________ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech _______________________________________________ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech