Hello all:

I have a question, but first let me give you some background so I can
pinpoint in.

I work on Bazel, Google's OSS version of their build tool.
https://bazel.build/.

I've been leading a project to replace the license compatibility checking
baked into our internal tool 10+ years ago with a system that allows more
flexibility. The new design is OSS friendly and we have just released the
first preview of it at https://github.com/bazelbuild/rules_license.

More about the project: License Checking with Bazel
<https://docs.google.com/document/d/1uwBuhAoBNrw8tmFs-NxlssI6VRolidGYdYqagLqHWt8/edit#>

I am sure you will agree that for OSS license declarations to work, all
projects that call something, say, Apache-2.0 use the same identifier for
Apache-2.0. I do not want to invent a new namespace of identifiers for the
Bazel community, so I am planning to recommend that Bazel users use the
SPDX identifier space.

Towards that end, I am about to add placeholder declarations to our project
that effectively encourage people to align with the SPDX names. You can see
the details in  https://github.com/bazelbuild/rules_license/pull/3. The
important part is that we add a file  licenses/spdx/BUILD (attached) that
contains many stanza of the form

license_kind(

    name = "0BSD",

    conditions = [],

    url = "https://spdx.org/licenses/0BSD.html";,

)


This is mechanically built from the SPDX JSON data file
<https://github.com/spdx/license-list-data/raw/master/json/licenses.json>.

So, now the questions.

   - The input file is under CC0-1.0 (according to your docs)
   - That is input to a tool of mine, which produces this BUILD file.
   - From my understanding, CC0 implies that I need no attribution
   alongside the generated file. That seems to be the rationale as described
   in https://wiki.spdx.org/images/SPDX-TR-2014-1.v1.1.pdf
   - Is that right?

My objective is to encourage Bazel users to use SPDX identifiers whenever
possible, but I also must ensure that any use of our tool does not add new
license compliance issues to their products. In general, this is not an
issue, as Bazel is never linked into anyone's project. It is merely used to
orchestrate the build.  But, since this is all about licenses, it can't
hurt to double check.

Cheers,
Tony

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#3860): https://lists.spdx.org/g/Spdx-tech/message/3860
Mute This Topic: https://lists.spdx.org/mt/73090505/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub  
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Attachment: BUILD
Description: Binary data

Reply via email to