THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Legal Team/Current Projects and Issues"

From SPDX Wiki
Jump to: navigation, search
 
(21 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<p><strong>Current issues/topics (this is a general list and may not touch upon everything).</strong></p>
+
<big>'''SPDX Legal Team projects for 2015'''</big>  
  
<p>LAST UPDATED: 7 Jan 2013</p>
+
We will try to not delete items, but mark them as "DONE" to serve as a record of progress over the course of the year.
  
<p><strong>1) License List</strong>
+
LAST UPDATED: 5 May 2015
<br />A) Licenses to add? <em>(GROUP)</em>
+
<ol>
+
    <li>"old" MIT? see http://blog.gmane.org/gmane.comp.licenses.spdx.legal/day=20121201</li>
+
    <li>FLORA License - decided not to add at this point in time, pending guidelines mentioned in #3 below. see http://blog.gmane.org/gmane.comp.licenses.spdx.legal/month=20121101 for most recent thread on the topic</li>
+
    <li>Unlicense - see thread here: http://search.gmane.org/?query=unlicense&group=gmane.comp.licenses.spdx.legal</li>
+
    <li>add US Gov't works - add short identifier to list; see email from David Wheeler</li>
+
    <li>add in Notes field for all GNU licenses that short identifier "GPL-2.0" = GPL v2 only and vice versa - more discussion on this?</li>
+
</ol>
+
  
<p>B) OSI outstanding issues: <em>(Jilayne)</em></p>
+
== Licenses Under Review ==
<ol>
+
* Owner: Dennis Clark
    <li>Artistic license issue</li>
+
* Timeframe: On-going
    <li>futher clarification on a few previous issues (were APSL-1.0, APSL-1.1, and GPL-2.0 ever approved?)</li>
+
* New license or exception requests are tracked here:  https://docs.google.com/spreadsheets/d/11AKxLBoN_VXM32OmDTk2hKeYExKzsnPjAVM7rLstQ8s/edit?pli=1#gid=695212681
    <li>zlib/ libpng license clarification</li>
+
</ol>
+
  
<p>C) GPL exceptions: <em>(ASSIGN)</em>
+
== Update & Maintain SPDX License List ==
<br>We don't have them all, there is also the issue of inconsistencies "in the wild" among named exceptions and actual text (i.e. not all exceptions found called Foo exception have the exact same text; how do we deal with this?
+
* Owner: Jilayne Lovejoy
<br>someone needs to take this on as a project...</p>
+
* Timeframe: On-going
 +
* Add new licenses or make other changes to license list and associated web pages as needed. Push changes to Git repository and coordinate with Gary to make sure new versions are tagged and uploaded to spdx.org
  
<P>D) Better system for saving/updating SPDX License List <em>(Jilayne to coordinate with Gary)</em>
+
== Standard Headers ==
<br>Currently the SPDX-LL is kept and updated by Jilayne. This is not an optimal system (hit by a bus factor not accounted for).  Need to change to some kind of respository that tracks changes and can be viewed by all (But not edited by all). </p>
+
* Owner: ??
 +
* Timeframe: resolve for ??? release
 +
* the move to v2.0 creates some issues for the Standard Header field of the SPDX License List:
 +
# for the GNU family of licenses, the "or later" determination is made in the header text; pre-2.0, the GNU licenses were listed as two line items each, so the difference in the header (e.g., presence or absence of "or later') was accommodated in the Standard Header field for each licenseAs of 2.0 and with the addition of the SPDX License Expression syntax the 'or later' option is exercised via the + operator. In light of this, what do about the standard header?
 +
# Some Standard Headers have replaceable text. While the License Matching Guidelines are stated to apply to the Standard Headers, there is no markup in the Standard Headers - should there be? 
 +
# Some licenses have more than one suggestion for a Standard Header - how do we accommodate this?
  
<p><strong>2) Community outreach and list coordination</strong>
+
== Fedora / OSI outstanding issues ==
<ol>
+
* Owner: Jilayne Lovejoy
    <li>FSF license list match-up; found here:&nbsp;http://www.gnu.org/licenses/license-list.html -- licenses that need to be added? -- in progress DONE?</li>
+
* Timeframe: complete by end of 2015
    <li>Fedora license list -- Jilayne has begun discussion with Tom Calloway, needs follow-up - <em>(ASSIGN)</em></li>
+
# Jabber Open Source License v1.0 – archived text here (http://archive.jabber.org/core/JOSL.pdf) is not the same as the OSI has on their site (it was OSI approved). What do we do about this? need to resolve with OSI (with goal of having on list b/c it was OSI approved and we endeavored to have all OSI licenses on SPDX list, even if old). license text also can be found at: http://code.google.com/p/jabber-net/wiki/FAQ_License
    <li>Fossology - coordinate with Bob Gobeille, see http://www.fossology.org/projects/fossology/wiki/MatchSPDXLicenceIDs - ASSIGN
+
# various OSI approved (but old or deprecated) licenses don't have corresponding link on OSI site; OSI to update and then SPDX to add link to SPDX-LL - check this??
    <li>Gentoo - <em>(ASSIGN)</em></li>
+
# other issues with Fedora list, identified when we went through that
    <li>Suse list found here: https://docs.google.com/spreadsheet/pub?key=0AqPp4y2wyQsbdGQ1V3pRRDg5NEpGVWpubzdRZ0tjUWc (courtesy of Ciaran Farrell from 6/27/12 email list thread) - <em>(ASSIGN)</em>
+
    <li>add page to wiki that outlines progress to this end and other lists we have or have yet to coordinate with - ASSIGN</li>
+
</ol>
+
  
<p><strong>3) General guidelines for what licenses are included on the SPDX License List <em>(GROUP)</em></strong>
+
== Fedora / SPDX short identifiers comparison and review ==
<br>General statement or guidelines needed in regards to the types of license that are to be included on the SPDX-LL; in particular in regards to requests for adding a new license.  e.g., only open source licenses?  what about freeware licenses?  see meeting minutes from 31-Oct and 13-Nov for background and discussion thus far. draft of guidelines began by Tom Vidal
+
* Owner: Jilayne Lovejoy
<br>see  http://spdx.org/wiki/spdx-license-list-guidelines-regarding-addition-or-rejection-licenses-proposed-add
+
* Timeframe: complete by end of 2015
for overview of issue and latest revision - To Be Continued with larger group </p>
+
* Need to finish creating spreadsheet with comparison chart and then send to / confer with Tom Calloway at Fedora
  
<p><strong>4) License Match Guidelines <em>(GROUP)</em></strong>
+
== Composite Licenses ==
    <br />not enough people on 6/27 legal call for quorum/to complete; see meeting minute for 6/27 and several prior meetings. &nbsp;Matching guidelines updated as of 6/27, see http://spdx.org/wiki/spdx-license-list-match-guidelines</p>
+
* Owner: Sam Ellis?
 +
* Timeframe: future
 +
* some licenses currently on the SPDX License List are actually composite licenses or license stacks; should these be broken apart and the SPDX License Expression used? Some discussion on this issue took place earlier this year, see: http://wiki.spdx.org/view/Legal_Team/Minutes/2015-01-08
 +
* determined that this would require a case-by-case review and should be targeted for post-2.0 timeframe
  
<p><strong>5) Website updates <em>(Jilayne)</em></strong>
+
== Add a Suggested Header field to SPDX License List ==
<ol>
+
* Owner: Mark Gisi
    <li>add page for explaining public domain discussion</li>
+
* Timeframe: future
    <li>update page re: change of "data license" from PddL to MIT</li>
+
* proposal to add a field for a recommended header for licenses that do not have a Standard Header. Some discussion here: http://wiki.spdx.org/view/Legal_Team/Minutes/2015-04-30
    <li>other past decisions further explained?</li>
+
</ol>
+
  
<p><strong>6) Formatting and "master list" for License List (i.e. actual license text files)</strong>
+
== Community Outreach ==
    <br />Currently the "master" consists of spreadsheet with list + individual .txt files for license text field = downloadable zip file.&nbsp; This is then converted into html pages for website.&nbsp; Peter, Gary, and Jilayne have had initial discussion on this issue; to be discussed further with more fleshed out proposal</p>
+
* what would this look like?
<p>A) PROPOSAL: License text files formatted in HTML instead of .txt files as default; can convert from there into text file with tool if people want that too;&nbsp; Option to use HTML to indicate some of matching rules?</p>
+
<p>B) For back-end management of License List overall: proposal to use and GIT repository in background for management &nbsp;- easier tracking of changes and gets it off Jilayne's desktop</p>
+
  
<p><strong>7) Recommendations or guidance on how to best determine license for a particular file</strong>
+
== Other projects from 2014 list ==
    <br />how to identify the license for an open source project - ex. Within the file versus whether there's a copying file on top of the directory ? provide guidance/suggstion (industry practice?) that license in the file is more determinate than the license in the directory</p>
+
=== Legal Team recruitment and initiation ===
<p>Should the legal group aggregate industry best practices and come up with a group of guidelines and provide some influence on that?</p>
+
* how do we get more people involved?
 +
* when new people join, should we assign them an SPDX "buddy' to help answer questions and otherwise shepherd them into the group?
 +
* who to target and how to reach them?
 +
* ask for help from LF or via grassroots effort or both? other ideas?
 +
 
 +
=== Alignment with other license lists ===
 +
Coordinate with various other license lists to make sure SPDX has licenses from these lists and check short name matching (or create "translation" document if different)
 +
 
 +
==== FOSSology====
 +
owner: TBD assigned
 +
* coordinate with Bob Gobeille, see http://www.fossology.org/projects/fossology/wiki/MatchSPDXLicenceIDs
 +
 
 +
====Gentoo====
 +
owner: TBD assigned
 +
 
 +
====Suse====
 +
owner: TBD assigned
 +
* list found here: https://docs.google.com/spreadsheet/pub?key=0AqPp4y2wyQsbdGQ1V3pRRDg5NEpGVWpubzdRZ0tjUWc (courtesy of Ciaran Farrell)
 +
 
 +
=== Recommendations or guidance on how to best determine license for a particular file ===
 +
'how to identify the license for an open source project - ex. Within the file versus whether there's a copying file on top of the directory ? provide guidance/suggstion (industry practice?) that license in the file is more determinate than the license in the directoryShould the legal group aggregate industry best practices and come up with a group of guidelines and provide some influence on that?
 +
 
 +
[[Category:Legal]]

Latest revision as of 21:47, 6 January 2016

SPDX Legal Team projects for 2015

We will try to not delete items, but mark them as "DONE" to serve as a record of progress over the course of the year.

LAST UPDATED: 5 May 2015

Licenses Under Review

Update & Maintain SPDX License List

  • Owner: Jilayne Lovejoy
  • Timeframe: On-going
  • Add new licenses or make other changes to license list and associated web pages as needed. Push changes to Git repository and coordinate with Gary to make sure new versions are tagged and uploaded to spdx.org

Standard Headers

  • Owner: ??
  • Timeframe: resolve for ??? release
  • the move to v2.0 creates some issues for the Standard Header field of the SPDX License List:
  1. for the GNU family of licenses, the "or later" determination is made in the header text; pre-2.0, the GNU licenses were listed as two line items each, so the difference in the header (e.g., presence or absence of "or later') was accommodated in the Standard Header field for each license. As of 2.0 and with the addition of the SPDX License Expression syntax the 'or later' option is exercised via the + operator. In light of this, what do about the standard header?
  2. Some Standard Headers have replaceable text. While the License Matching Guidelines are stated to apply to the Standard Headers, there is no markup in the Standard Headers - should there be?
  3. Some licenses have more than one suggestion for a Standard Header - how do we accommodate this?

Fedora / OSI outstanding issues

  • Owner: Jilayne Lovejoy
  • Timeframe: complete by end of 2015
  1. Jabber Open Source License v1.0 – archived text here (http://archive.jabber.org/core/JOSL.pdf) is not the same as the OSI has on their site (it was OSI approved). What do we do about this? need to resolve with OSI (with goal of having on list b/c it was OSI approved and we endeavored to have all OSI licenses on SPDX list, even if old). license text also can be found at: http://code.google.com/p/jabber-net/wiki/FAQ_License
  2. various OSI approved (but old or deprecated) licenses don't have corresponding link on OSI site; OSI to update and then SPDX to add link to SPDX-LL - check this??
  3. other issues with Fedora list, identified when we went through that

Fedora / SPDX short identifiers comparison and review

  • Owner: Jilayne Lovejoy
  • Timeframe: complete by end of 2015
  • Need to finish creating spreadsheet with comparison chart and then send to / confer with Tom Calloway at Fedora

Composite Licenses

  • Owner: Sam Ellis?
  • Timeframe: future
  • some licenses currently on the SPDX License List are actually composite licenses or license stacks; should these be broken apart and the SPDX License Expression used? Some discussion on this issue took place earlier this year, see: http://wiki.spdx.org/view/Legal_Team/Minutes/2015-01-08
  • determined that this would require a case-by-case review and should be targeted for post-2.0 timeframe

Add a Suggested Header field to SPDX License List

Community Outreach

  • what would this look like?

Other projects from 2014 list

Legal Team recruitment and initiation

  • how do we get more people involved?
  • when new people join, should we assign them an SPDX "buddy' to help answer questions and otherwise shepherd them into the group?
  • who to target and how to reach them?
  • ask for help from LF or via grassroots effort or both? other ideas?

Alignment with other license lists

Coordinate with various other license lists to make sure SPDX has licenses from these lists and check short name matching (or create "translation" document if different)

FOSSology

owner: TBD assigned

Gentoo

owner: TBD assigned

Suse

owner: TBD assigned

Recommendations or guidance on how to best determine license for a particular file

'how to identify the license for an open source project - ex. Within the file versus whether there's a copying file on top of the directory ? provide guidance/suggstion (industry practice?) that license in the file is more determinate than the license in the directoryShould the legal group aggregate industry best practices and come up with a group of guidelines and provide some influence on that?