THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Legal Team/Minutes/2015-09-17"

From SPDX Wiki
Jump to: navigation, search
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
== Attendees ==
 
== Attendees ==
* Jilayne
+
* Kate Stewart
* Kris
+
* Sam Ellis
* Dennis
+
* Mary Hardy
* Phil
+
* Dennis Clark
* Alan
+
* Mark Gisi
* Gary
+
* Jilayne Lovejoy
* Brad
+
  
 
== Agenda ==
 
== Agenda ==
'''1) LinuxCon Europe update:'''
 
* A Beautiful Build, Bradley Kuhn - helpful advice and tips on how to meet the “complete corresponding source” requirement of GPL. slides not posted yet, but will be here: http://ebb.org/bkuhn/talks/ - talk was recorded, so may see it on Linux Foundation YouTube channel
 
* FOSSology - X-Ray for Software, Michael Jaeger - Overview FOSSology, an open source license scanning tool, with a demo of upcoming 3.0 release changes.  FOSSology was developed by HP and is now being transferred to the Linux Foundation. Siemens has been very active in the transition and development.  The new features are very exciting, including SPDX 2.0 generation. (Contributions welcome!) - should see v3.0 available any day now.
 
* Developer's Care About the License, Jilayne - had a really good turnout! (50-60 people) and only 3 people raised their hands that didn’t know anything about SPDX. Slides can be found here: http://events.linuxfoundation.org/sites/events/files/slides/DevelopersCare_JLovejoy_LinuxConEu_2015_final-static.pdf - talk was recorded, so may see it on Linux Foundation YouTube channel
 
* Supply Chain Mini-Summit - update from Kate:
 
** overview of SPDX and OpenChain by Phil and Dave Marr
 
** talk on Debsources by Stefano from Debian, see slides here: http://upsilon.cc/~zack/talks/2015/20151008-lf-debsources.pdf
 
** talk on Dosocs by Uday from UNO, see project here: https://github.com/DoSOCSv2
 
** Some work on OpenChain and Miriam from JBB explained and showed a demo of FOSS management web-based questionnaire for suppliers
 
** free-form talk and brainstorming in afternoon. Will probably organize another session focus on tooling in spring, so keep an eye out for that
 
  
 +
'''1) Announcements/updates:'''
 +
* a) formatting issue with standard headers on HTML pages for license list has now been fixed (thanks, Gary!)
 +
* b) LinuxCon Europe is in a few weeks:
 +
** talks related to SPDX by Jilayne http://sched.co/3xVB  and Phil Odence and Dave Marr - http://sched.co/4GGz
 +
** there will be a Supply Chain Mini-Summit on the Thursday, see more info here: http://events.linuxfoundation.org/events/linuxcon-europe/extend-the-experience/supply-chain-summit - anyone going? Jilayne, Kate
 +
- participating via phone or conference might be hard, but Kate will look into getting a phone in the room. considering it is challenging to follow along remotely.  Otherwise, we’ll take notes.
 +
* c) Working on proposal for pull request process for license list templates (and possibly other aspects of changes to license list) - will submit a full proposal to legal team when something more concrete is ready (see http://wiki.spdx.org/view/Legal_Team/Minutes/2015-08-06 for initial discussion/reference)
  
'''2) Improving templates / markup for licenses ''' see: http://wiki.spdx.org/view/Legal_Team/Templatizing
+
'''2) SPDX License List v2.2 is scheduled to be released at the end of this month! ''' 
* we can always add more markup, but want to first consider if we should change the format of the markup
+
* a) Additions to license list. We got some answers back from Fedora on licenses on their list we wanted to add, but couldn’t find text for, etc. Original question/issue and response listed here, with decision from today's call:
* Kris recommended moving what is currently used (kind of custom for SPDX) to XML b/c of availability of tools to parse it
+
** Interbase Public License / Interbase - http://www.borland.com/devsupport/interbase/opensource/IPL.html - link broken, can’t find license. Does Fedora have it archived somewhere? Is this still used / do we need to add to SPDX-LL? FEDORA: Here is an archived copy: https://web.archive.org/web/20060319014854/http://info.borland.com/devsupport/interbase/opensource/IPL.html Firebird is still under this license, still used in Fedora.
* what is use case of goal of markup?
+
*** DECISION: to add. no markup needed.
** original goals, use-cases: comparing two licenses to determine if it is a match & comparing any text to entire list to see if there is a match to any license. We prioritized the former, thinking there was already tools for the latter.  
+
** Sendmail License / Sendmail /  http://www.sendmail.org/ftp/LICENSE - link from Fedora site does not go to license. We intend to add, but wanted to confirm that we have the correct license that you meant due to broken link - can you confirm that this the correct license here: http://www.sendmail.com/pdfs/open_source/sendmail_license.pdf FEDORA: That is the correct sendmail license. We have updated our link.
** concerns about performance issues with latter
+
*** DECISION: to add. no markup needed.
** matching guidelines purpose, as stated, does not really specify which use case it is aimed at (but could be interpreted as either or both)
+
** Crystal Stacker License / Crystal Stacker -  https://fedoraproject.org/wiki/Licensing/CrystalStacker - license on Fedora site does not match license in download. (full explanation was in previous email thread) - please review and see if you agree with the recommendation at the end of the email here http://article.gmane.org/gmane.comp.licenses.spdx.legal/779/match=crystal FEDORA: Updated the Crystal Stacker entry in the Fedora license list to add the missing disclaimer text. License now matches license in download. I do not believe there is a different source license vs binary license here.
** if extend markup - could we create a set of regular expressions to apply to licenses and make sure they perform reasonably well
+
*** DECISION: add it as Fedora has it. 
** would need to revise current markup to properly anchor regular expression so it performs well. now useless due to being unconstrained
+
** can use or not use regular expressions or XML (could replace current markup with XML without impacting anything)
+
* b) To continue (pick back up) our momentum for adding license exceptions, please review the 5 license exceptions highlighted in light green here: https://docs.google.com/spreadsheets/d/11AKxLBoN_VXM32OmDTk2hKeYExKzsnPjAVM7rLstQ8s/edit?pli=1#gid=0 for potentially adding to v2.2 (see spreadsheet for full info, summary here:)
** some guidelines may not lend themselves to database, but need programming logic??
+
** DigiRule-FOSS-exception - ADD
* high-level: what is goal of matching and guidelines? do we want to expand the goal? if so, what form or format should
+
** Fawkes exception - ADD
** ex. if we switch to XML format, changes work flow of maintaining license list
+
** Oracle FOSS exception - there are two-ish.  Sam has info that the one in row 1 is the short form of the long form in row 7 (from Sam’s email in July 2, 2015). need to review further, on hold
** if we make this change, will it get uptake
+
** Franz Lisp - don’t add, old and no one has seen it in the wild
** Kris to do proposal and example (on wiki)  
+
** OpenVPN OpenSSL - ADD
** have discussion on next legal call on Oct 29 (make sure FOSSology folks, Sam Ellis can join)
+
** Also discussed whether all exceptions on this list should be added.  Many of these were from research done to collect various exceptions and not necessarily requested by anyone.  As such, we have tried to add the most common ones, but people should review list and if they want to champion something that we didn’t add, then please do so.
* markup on licenses or markup in meantime (e.g., standard headers)?  probably okay to do so, as can simply convert
+
* would be good to line up for v2.1 aiming to have that ready for Collab Summit
+
* c) Also, let’s discuss a couple items related to existing exceptions that we didn’t quite get to for v2.1:
 +
** WxWindows - the text in the exception we have versus what is on the OSI site is not the same!! The only differences are: we have "3.1" instead of "3.0" in the first clause; and "your" instead of "the user's" in the second clause. See http://opensource.org/licenses/WXwindows and http://spdx.org/licenses/WxWindows-exception-3.1.html - what we have is consistent with what is here: https://www.wxwidgets.org/about/licence/ - should we accommodate this difference somehow?
 +
*** DECISION: leave as we have it, since it’s current with the Wx website. let OSI know there is discrepancy and see what they have to say
 +
** Classpath-exception-2.0 - why do we have 2.0 and the note saying it’s typically used with GPL-2.0? the Fedora example has it being used with all GPL versions and there doesn’t seem to have other versions. worth removing the “2.0” in the short identifier?
 +
*** DECISION: remove note about “typically used with GPLv2”, leave short identifier as is
 +
 
 +
'''3) License matching templates/markup: ''' We have a task to add markup to some of the standard headers and have also had input to add/edit markup on existing licenses.  As a result of the latter, it has been raised that perhaps the markup could be improved. Before adding more markup (to standard headers, license text or both), it seemed prudent to start a discussion as to whether the existing markup is effective.  Please ponder the following questions:
 +
* a) have you used the existing markup for matching purposes? if no, why not? if yes, has it been helpful/effective?  Could it be improved, and if so, how? (this will likely involve putting forward a proposal for review)
 +
* there were already various emails with feedback to this end, but we did not have time to discuss further on this call.  We will pick this up on the next call and will also raise this discussion at the Supply Chain Mini-Summit in Dublin, Thursday afternoon, Oct 8
 +
** Please also add thoughts (preferably in a new section or with your initials if added to others) here: http://wiki.spdx.org/view/Legal_Team/Templatizing
 +
 
 +
'''other notes:'''
 +
* Jilayne needs to use headphones on calls (otherwise there is an annoying echo for everyone else)

Latest revision as of 18:58, 17 October 2015

Attendees

  • Kate Stewart
  • Sam Ellis
  • Mary Hardy
  • Dennis Clark
  • Mark Gisi
  • Jilayne Lovejoy

Agenda

1) Announcements/updates:

- participating via phone or conference might be hard, but Kate will look into getting a phone in the room. considering it is challenging to follow along remotely. Otherwise, we’ll take notes.

  • c) Working on proposal for pull request process for license list templates (and possibly other aspects of changes to license list) - will submit a full proposal to legal team when something more concrete is ready (see http://wiki.spdx.org/view/Legal_Team/Minutes/2015-08-06 for initial discussion/reference)

2) SPDX License List v2.2 is scheduled to be released at the end of this month!  

  • b) To continue (pick back up) our momentum for adding license exceptions, please review the 5 license exceptions highlighted in light green here: https://docs.google.com/spreadsheets/d/11AKxLBoN_VXM32OmDTk2hKeYExKzsnPjAVM7rLstQ8s/edit?pli=1#gid=0 for potentially adding to v2.2 (see spreadsheet for full info, summary here:)
    • DigiRule-FOSS-exception - ADD
    • Fawkes exception - ADD
    • Oracle FOSS exception - there are two-ish. Sam has info that the one in row 1 is the short form of the long form in row 7 (from Sam’s email in July 2, 2015). need to review further, on hold
    • Franz Lisp - don’t add, old and no one has seen it in the wild
    • OpenVPN OpenSSL - ADD
    • Also discussed whether all exceptions on this list should be added. Many of these were from research done to collect various exceptions and not necessarily requested by anyone. As such, we have tried to add the most common ones, but people should review list and if they want to champion something that we didn’t add, then please do so.
  • c) Also, let’s discuss a couple items related to existing exceptions that we didn’t quite get to for v2.1:
    • WxWindows - the text in the exception we have versus what is on the OSI site is not the same!! The only differences are: we have "3.1" instead of "3.0" in the first clause; and "your" instead of "the user's" in the second clause. See http://opensource.org/licenses/WXwindows and http://spdx.org/licenses/WxWindows-exception-3.1.html - what we have is consistent with what is here: https://www.wxwidgets.org/about/licence/ - should we accommodate this difference somehow?
      • DECISION: leave as we have it, since it’s current with the Wx website. let OSI know there is discrepancy and see what they have to say
    • Classpath-exception-2.0 - why do we have 2.0 and the note saying it’s typically used with GPL-2.0? the Fedora example has it being used with all GPL versions and there doesn’t seem to have other versions. worth removing the “2.0” in the short identifier?
      • DECISION: remove note about “typically used with GPLv2”, leave short identifier as is

3) License matching templates/markup:  We have a task to add markup to some of the standard headers and have also had input to add/edit markup on existing licenses.  As a result of the latter, it has been raised that perhaps the markup could be improved. Before adding more markup (to standard headers, license text or both), it seemed prudent to start a discussion as to whether the existing markup is effective.  Please ponder the following questions:

  • a) have you used the existing markup for matching purposes? if no, why not? if yes, has it been helpful/effective?  Could it be improved, and if so, how? (this will likely involve putting forward a proposal for review)
  • there were already various emails with feedback to this end, but we did not have time to discuss further on this call. We will pick this up on the next call and will also raise this discussion at the Supply Chain Mini-Summit in Dublin, Thursday afternoon, Oct 8

other notes:

  • Jilayne needs to use headphones on calls (otherwise there is an annoying echo for everyone else)