Hi Tony; delighted to see Bazel’s interest in SPDX. Please keep in mind that actual licenses of software components are *license expressions*, not single licenses; a typical example might be “MPL-2.0 OR EPL-2.0”. As such, in your design, the license field might not have a direct correspondence to a single license_kind. The GDoc you shared seems to only mention that a license can be a “concatenation” of license texts, which is effectively an AND expression.
-- zvr From: [email protected] <[email protected]> On Behalf Of Tony Aiuto via lists.spdx.org Sent: Friday, 17 April, 2020 21:12 To: [email protected] Subject: [spdx-tech] Support for SPDX in Bazel Hello all: I have a question, but first let me give you some background so I can pinpoint in. I work on Bazel, Google's OSS version of their build tool. https://bazel.build/. I've been leading a project to replace the license compatibility checking baked into our internal tool 10+ years ago with a system that allows more flexibility. The new design is OSS friendly and we have just released the first preview of it at https://github.com/bazelbuild/rules_license. More about the project: License Checking with Bazel<https://docs.google.com/document/d/1uwBuhAoBNrw8tmFs-NxlssI6VRolidGYdYqagLqHWt8/edit> I am sure you will agree that for OSS license declarations to work, all projects that call something, say, Apache-2.0 use the same identifier for Apache-2.0. I do not want to invent a new namespace of identifiers for the Bazel community, so I am planning to recommend that Bazel users use the SPDX identifier space. Towards that end, I am about to add placeholder declarations to our project that effectively encourage people to align with the SPDX names. You can see the details in https://github.com/bazelbuild/rules_license/pull/3. The important part is that we add a file licenses/spdx/BUILD (attached) that contains many stanza of the form license_kind( name = "0BSD", conditions = [], url = "https://spdx.org/licenses/0BSD.html";, ) This is mechanically built from the SPDX JSON data file<https://github.com/spdx/license-list-data/raw/master/json/licenses.json>. So, now the questions. * The input file is under CC0-1.0 (according to your docs) * That is input to a tool of mine, which produces this BUILD file. * From my understanding, CC0 implies that I need no attribution alongside the generated file. That seems to be the rationale as described in https://wiki.spdx.org/images/SPDX-TR-2014-1.v1.1.pdf * Is that right? My objective is to encourage Bazel users to use SPDX identifiers whenever possible, but I also must ensure that any use of our tool does not add new license compliance issues to their products. In general, this is not an issue, as Bazel is never linked into anyone's project. It is merely used to orchestrate the build. But, since this is all about licenses, it can't hurt to double check. Cheers, Tony Intel Deutschland GmbH Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de Managing Directors: Christin Eisenschmid, Gary Kershaw Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3861): https://lists.spdx.org/g/Spdx-tech/message/3861 Mute This Topic: https://lists.spdx.org/mt/73090505/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
