https://bugs.linuxfoundation.org/show_bug.cgi?id=1292
Bug #: 1292
Summary: What is the correct license expression for a project
with an additional patent license?
Product: SPDX
Version: 2.0
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Spec
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Some corporate open source releases are licensed under well-known open-source
licenses with additional patent licenses. Facebook's React, for instance, is
licensed per the terms of BSD-3-Clause with an additional, homegrown patent
grant:
https://github.com/facebook/react#license
https://github.com/facebook/react/blob/master/PATENTS
Assuming that a generic form of the Facebook Additional Grant of Patent Rights
version 2 were designated "FB-Patents-2.0", what license expression would
describe React's licensing situation?
A few candidates:
(BSD-3-Clause OR FB-Patents-2.0)
(BSD-3-Clause AND FB-Patents-2.0)
(BSD-2-Clause WITH FB-Patents-2.0)
The examples given in the spec---choice of licenses; licenses of new and linked
code; standard license with "exception"---don't seem to cover this situation.
To try and generalize the problem: How can one use license expressions to show
that a software product is licensed under two licenses that, when read
together, add up to a single grant of rights of different kinds?
Once can find "standard" or important licenses that address any subset of IP
rights that may be licensed or withheld. Depending on one's view of implied
patent rights under the academic licenses, like MIT, the only way to use SPDX
metadata to audit compliance is by requiring standard licenses that grant all
the required kinds of rights, perhaps Apache-2.0.
Sincerest and continued thanks to the SPDX working groups for much excellent
work.
--
Configure bugmail: https://bugs.linuxfoundation.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech