THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Legal Team/Minutes/2013-04-25
From SPDX Wiki
Contents
Attendees
- Jilayne Lovejoy, OpenLogic
- Tom Incorvia, Micro Focus
- Dennis Clark, NexB
- Jason Buttura, Cisco
- Zac White, Entente Software
- Jack Manbeck, TI
- Kirstin Newcomer, Black Duck
- Tom Vidal,
- Paul Madick, HP
Agenda
LF Collab Summit update
highlights from everyone who was there:
- technical sessions and working on 2.0 specification for model, seemed to make a lot of progress; including making it compatible and upgradeable
- there will be a 1.2 version of spec that will clarify a few things and update
- package license field issue (came up during bakeoff) - one of tools rolled up all licenses found from file level (concluded field) and then listed as licenses for package level; spec only allows "and" or "or" - does this best capture what someone may want to make as a conclusion for the license package (although listing all does fit how attribution notices are done now, e.g., "we use all of these" without commentary on whether licenses are compatible or not); probably need to not force the "relationship" between licenses because not realistic; what is intended for concluded license field at package level (and provide guidance)
- enlightened and surprised by lack of knowledge and education around open source software (as seen from legal track talks, anecdotes, comments in discussions, etc.) in the enterprise, developers, at university level (agreed by others as well and noted)
- liked the proposal about ways to tag license text in files by developers at time of development- tag beginning and end of header or license text, so know where it begins and ends; might make it easier to start adopting SPDX by FOSS projects
- but could this be problematic? could changing the file also change your obligations under the license?
- more about helping an author do that from get-go, not necessarily changing existing files
- Yocto is going to start generating SPDX documents with help from Matt at UNO
- GitHub presentation re: how few licenses are attached to projects on GitHub; interesting stuff
- AGPL panel also enlightening in terms of seeing how much disagreement there is even amongst people close to the license in terms of meaning and interpretation
- Jilayne still owes Tom V. a beer
License Matching Guidelines
notes/minutes have been posted under 4/16 on-going discussion about implementation - may need another call with Legal and Tech Team to finalize
- comment that where we ended up at end of meeting (to use double curly brackets and "omit: ___") was a good, simple solution - easy to implement; issue of difficulty of implementing anything too complicated amongst limited volunteers in timely manner...
- Daniel German made further suggestion with example - see email to list serve from 4/17
- please make comments and suggestions via email so we can continue discussion there; we will schedule joint legal/tech team call if needed.
Current Priorities and projects update
2013 accomplishments thus far:
- completion of the license inclusion guidelines
- released v1.18 of the license list, with ?# new licenses and a bunch of updates from OSI
- some decisions on license matching guidelines
- public domain explanation web page posted
2013 projects still on list:
- SPDX license list tracking page - Jack to create template by next call
- OSI outstanding issues - Jilayne will continue to correspond with OSI folks on remaining issues
- GPL exceptions - Tom Vidal to start working on this in earnest
- Better system for saving/updating SPDX License List (will probably happen organically with license matching guidelines work)
- Other community lists - Fedora is next up; Paul is about half-way through the list of 250 licenses
- should we start going through what he's gone through so far or wait until he's gone through all? probably wait - that way license matching markup will be sorted out and can implement from the get-go with any of these additional licenses
- Update to page re: how to request a new license page - Jason to do this; Jack and Jilayne will coordinate to create attachment of the sample spreadsheet on that page
anything else/missing?
- a couple discussions been going on that may need some time:
- if license is not on list, we call it "License Ref1" and so forth which is a reference within that SPDX document; desire to be able to use more "friendly" identifiers that are easier to identify
- since SPDX-LL doesn't cover every license, could we have domain for other lists to use as a short identifier
Action Items for next call
- Jack to make the license tracking table page for review on next call
- Jason to review request-new-license page
- Jilayne to update the current priorities page
- everyone: weigh-in on license matching markup implementation via email; will review next call and decide on whether a co-call is needed btw legal and tech teams