Hi Richard, On Wed, Aug 12, 2015 at 9:23 AM, Philippe Ombredanne <[email protected]> wrote:
> On Wed, Aug 12, 2015 at 4:05 PM, Richard Hughes <[email protected]> > wrote: > > Hi all, > > > > I've been using SPDX for years in the AppStream specification to > > describe applications that can be installed in software centers. I'm > > using the AND, OR extensions, and am soon to include the WITH > > exception support too[2]. > Very cool. > > Very nice! About the dead link, I am not sure exceptions have been > published > yet, though it could be a bug too. > typo? Is at: http://spdx.org/licenses/exceptions-index.html Its available from the http://spdx.org/licenses/ page > > > AppStream can be used to describe free > > software, but is increasing being used for other things too, for > > instance, in the LVFS[2] firmware update service. In this we describe > > firmware licensing using SDPX tags, but I'm not sure what to do about > > non-free firmware. OpenHardware firmware is fine, and we can use all > > the existing IDs to represent that correctly. > > > > At the moment I've asked vendors to use: > > <project_license>proprietary</project_license> to indicate it's > > nonfree, but this obviously isn't a SPDX ID and probably will make the > > specification people quite upset. What should I be using? Syntax in the specification right now [1] for things not included in the SPDX license list is to refer to them as: "LicenseRef-"<insert your favorite identifier for it here> Possibly look at adding to the AppStream format, something like section 5 from the SPDX format [1] to permit the arbitrary use of licenses not in the SPDX license list. (and translation to other formats ;-) )? So in the example - using something like "LicenseRef-proprietary" is fine as an identifier, (as would be LicenseRef-proprietary-1, or License-Ref-ACME-proprietary-firmware, etc.) as long as there's the definition somewhere of what LicenseRef-proprietary maps to. In the spdx spec see: 5 Other Licensing Information Detected .....48 5.1 License Identifier................................... 48 5.2 Extracted Text....................................... 48 5.3 License Name....................................... 49 5.4 License Cross Reference ..................... 50 5.5 License Comment.................................50 In the RDF - the class for this is ExtractedLicensingInfo > Dropping the > > <project_license> tags for non-free firmware is fine, but it's then > > confusing the "explicitly nonfree" firmware with the "unspecified" > > firmware and makes validation hard. It also means there's no clickable > > link explaining what proprietary means, unlike all the other SPDX IDs. > > Is there already an ID I can use for this? > > IMHO using your own ID extensions is quite fine, there is nothing > upsetting about it, especially since it provides valuable indication to > downstream users about the licensing terms, even if this is not precisely > pointing to a unique license text. > Agree - if you can line up with using "LicenseRef-" prefix infront of any you need to create, it will permit more automatic recognition down the road. > The alternative could to have also a catch-all "non-free" or "proprietary" > license ID in SPDX indeed. Probably this is a discussion for the legal list, as to whether they want to permit this? Concern point is that it won't give enough information when there are multiple non-free licenses present. Hope this helps, Kate [1] http://spdx.org/sites/spdx/files/SPDX-2.0.pdf <http://spdx.org/sites/spdx/files/SPDX-2.0.pdf> section 5
_______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx
