Hi Tanjong, Thanks for sending this to the SPDX legal team and sorry for the delayed response.
This looks good, but I have one main concern: how will people know when to submit a license to the namespace repository versus submitting a license for inclusion in the SPDX License List? Also, who will curate the submissions to the namespace list (or will this all be automated)? We have a legal team call tomorrow (Thursday) at noon US eastern time - if that’s not too last minute, maybe we can discuss. Another idea might be to do a joint legal/tech team call, as I see Gary already suggested a discussion on the tech team call, maybe we could combine efforts. thanks, Jilayne SPDX legal team co-lead > On Jul 8, 2019, at 4:15 AM, Smith Tanjong Agbor <[email protected]> > wrote: > > Hi all, > > This is a follow-up email to inquire whether you read my previous email. > > Please it is important that the legal team do read up on this. > > Best regards, > > On Mon, Jul 1, 2019, 1:50 PM Smith Tanjong Agbor <[email protected] > <mailto:[email protected]>> wrote: > Hello all, > > I beg your indulgence in reading this email. It is long, but the purpose is > worth it > > I am Tanjong Agbor Smith; contributor of SPDX for the project: Registry and > repository of License List Namespaces. > > Given that the legal team will be the main people to use the application I am > building, my mentors thought it wise to involve you more into this. > > So, I will start by describing the project, then the approach I am using to > develop this, the work done so far, and I will conclude by indicating the > future work to be done. > > 1. Project description: Can be found in details on this link. > <https://wiki.spdx.org/view/GSOC/GSOC_ProjectIdeas#Registry_and_Repository_of_License_List_Namespaces> > > SPDX provides a license list for commonly used open source license - the SPDX > License List. SPDX also supports defining licenses within the SPDX document > using a LicenseRef syntax defined in section 6 of the SPDX specification. In > the next release of SPDX, we plan to introduce a mechanism for other > organizations or individuals to maintain lists of licenses outside of the > SPDX license list, but allow those licenses to be valid without requiring the > text to be in the SPDX document itself. This enhancement has been documented > in the SPDX specification issues list. This project automates the > registration and management of the namespaces. > > 2. Approach: > Given that the spdx legal team are already at ease in using SPDX Online tools > to submit license requests, we thought it wise to include the functionalities > of this project in SPDX online tools too. > This shall provide a single application to perform the tasks of submitting > license requests, submitting license namespace requests, etc. > > 3. Work done so far: > So far, (though you all might not see these in your instance of spdx online > tools), I have added the necessary models for namespace submission, and pull > requests of license namespaces are done automatically on this repository: > repo <https://github.com/tjasmith/license-namespace-list>. > You can see examples of license namespace issues submitted with our tool on > this link <https://github.com/tjasmith/license-namespace-list/issues>. > Below is an image of the form that has to be filled on spdx online tools to > be able to create the necessary requests(issue) on the repository: > > <license namespace request form.png> > NB: you can share your views on this form and request changes. ☺ > > 4. Features to implement: > - namespace validation > - single place to store organisations names(possibly a json file?) > - URL validation (as mentioned by one of my Mentors; Tushar) > - pop-up display after successful submission of a namespace > - prefill submitter's email(if logged in) > - A committer to the namespace repository accepts the pull request > - When accepted, the namespace is published to a known website > - REST based API's are available to query the namespace repository > - See if the license text for a license matches license text for other > licenses within other repositories > - Maintain a list of license aliases, preferably as a file in a github > repositories.The aliases would include all license ID's for licenses with the > same text. > - Provide a service that allows for text to be compared against all existing > licenses. > - Promote a license to the license list - this would call the REST API's for > the online tool to add a license to the SPDX license list.a.If the > verification of whether the license is already present prior to adding it, I > shall write an API that will perform this check to avoid duplicates. > - Remove a license repository. This would also update the license aliases.a.I > will write a django REST API that will expose a function which will remove a > license reference and update the aliases. > - Provide metrics on use for licenses to help the SPDX legal team propose > licenses which should be on the SPDX license list > > Thank you for your patience. > > Please feel free to provide suggestions to this email, as your ideas could be > valuable. > > Best regards, > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3743): https://lists.spdx.org/g/Spdx-tech/message/3743 Mute This Topic: https://lists.spdx.org/mt/32271307/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
