Hi SPDX legal and tech teams, Given that the tech team spent most of the Tuesday meeting discussing the namespace proposal and we spent the entire legal team doing the same, I’m going to simply answer my own question as to priority:
Coming to a final proposal for the namespace issue should be the first priority for both the legal and tech team for (best case scenario) inclusion in v2.3. If the 2.3 inclusion ends up being a first step with later items TBD, then there should be a specific plan included owners of when and how those TBD items will be addressed. Given the discussion on this topic has been spread across Github, mailing list, and over time and also seems to diverge in terms of what is the problem that is trying to solve - I’m putting together a Google doc to lay out a more structured approach and where we can have all comments in one place. Link to come later today. We also probably ought to aim on using the upcoming tech call as a joint call with the legal team to discuss, so we don’t delay on this any more. (In the future, let’s try to remember to come together for these discussions, rather than both teams have separate but similar discussions, as that is not efficient use of time.) Can someone create an invite for that to send to the legal team? Everything else on the list below can (and will have to) wait for a later release. Thanks, Jilayne > On May 26, 2022, at 9:16 AM, J Lovejoy <[email protected]> wrote: > > Hi SPDX legal and tech teams, > > I was trying to get my head around any and all issues/PRs/topics that are > license related. Please let me know if I've missed anything on the list below! > > Given the pending 2.3 release, it feels like a bunch of stuff is attempting > to get shoe-horned into the release, which is not always a good idea. Also > given the tech team spent some time discussing the namespace proposal on > Tuesday and the legal is set to discuss it this morning, I think we ought to > prioritize what we want to work on for 2.3 versus what can be pushed out to > 3.0. We can't do everything and rushing never yields a good result. > > I have attempted to make a list below and put in order of priority with my > thoughts as to why: > > 1. License namespaces: https://github.com/spdx/spdx-spec/pull/681 > <https://github.com/spdx/spdx-spec/pull/681> > This stems from a proposal from some time ago, and has been waiting to be > finalized for awhile as well. I fear that we are getting a bit off piste from > the original proposal (Mark Atwood - can you please weigh in here and > re-center us!?!) but we should try to prioritize closing this out. > > 2. Update Matching Guidelines: (no PR yet, I'm working this in a Google doc > first) > This is may not be on anyone's radar (and has definitely fallen off the to-do > list a few time), but they are woefully out-of-date so I'm moving this up to > visibility and priority! I have begun working on a "draft" of edits in a > Google doc, to then turn into a PR. Will share soon. > > 3. Snippets and SPDX-License-Identifier tags: > https://github.com/spdx/spdx-spec/pull/464 > <https://github.com/spdx/spdx-spec/pull/464> > This seems like something that may be better discussed in the context of 3.0 ? > > 4. Adding NONE to the License Expression syntax: > https://github.com/spdx/spdx-spec <https://github.com/spdx/spdx-spec> > This has been around for awhile. Given NONE and NOASSERTION are already > defined (if people would read said definitions...) in the Spec, I see this as > a potentially simply lift and move in terms of where they "live". That being > said, it's still a fair amoutn of work ensuring the wording in several places > is right. It also opens up the pandora's box in that the Annex for license > expressions is in need of an overall update. For these reasons, this seems > like something better suited to be coupled with that effort. That's my gut > at this point. > > 5. Add profile for multiple SPDX files with short licensing/copyright info: > https://github.com/spdx/spdx-spec/issues/502 > <https://github.com/spdx/spdx-spec/issues/502> > This seems like a lighter version of what will be the licensing profile in > 3.0. As such, maybe we should expend our energy on 3.0 and the profiles, see > where that ends up. And then go back to this? > > 6. Specify which licenses are compatible with the "+" operator: > https://github.com/spdx/spdx-spec/issues/689#issuecomment-1135966938 > <https://github.com/spdx/spdx-spec/issues/689#issuecomment-1135966938> > Admittedly, I have not read through this yet, but from the title alone it may > even be a non-issue, so putting it at bottom of list > > > Thanks, > Jilayne > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4535): https://lists.spdx.org/g/Spdx-tech/message/4535 Mute This Topic: https://lists.spdx.org/mt/91356638/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
