THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Legal Team/Minutes/2017-09-28

From SPDX Wiki
Jump to: navigation, search

Attendees

  • Bradlee Edmondson
  • Gary O’Neall
  • Alexios Zavras
  • Steve Winslow
  • Karen Copenhaver
  • Dennis Clark
  • Matija
  • Trevor
  • Richard Fontana
  • Mike Dolan
  • Paul Madick
  • Bradley Kuhn
  • John Sullivan
  • Philippe Ombredanne
  • Mark Gisi
  • Alan Tse

NOTE: had to use alternative dial-in due to number limit on the regular one

Agenda

1) only / or later clarification and proposal:

Proposal:

SPDX will incorporate modifiers (as described below) to be used with license identifiers (and expressions). The guidance from SPDX as to the use of the modifiers will be as follows:

  1. The modifiers can be used with any license identifier and we encourage people to use them where doing so provides clarity as needed.
  2. Specifically, with the GNU family of licenses, you MUST use one of the modifiers; use of the plain license identifier (e.g., “GPL-2.0”) will be considered an invalid license expression going forward.

GNU family of licenses = all versions of GPL, LGPL, AGPL, FDL (SPDX will list all license identifiers to be clear)

Modifiers: There are two sets listed: one that involves a single character (to be consistent with existing +) and one that is more human-readable:

  • + = "or later” - same meaning as now
  • # = "only" - this will be a new modifier to indicate ‘this version only’. Need further input as to one character configuration, if needed
  •  ? = “unclear version” - this will be a new modifier to indicate there is a lack of clarity as to the license version regarding if any version, or later, or only applies, e.g., I found the text of GPLv2, but I’m not sure if it’s “only “ or “or later” because there is no other information. Need further input on the exact word to use here, i.e, “unclear” “maybe” “ambiguous"

Discussion on call:

  • discussion about required use of operator for GNU licenses and how to implement "invalidity":
    • Philippe: ok to have a warning when bare identifier is ok, but an error is a problem b/c that has been practice now for years

don’t want to gate on trying to make everything right now, license identifier has already been used for many years; when doing validation of license expression - and have just GPL-2.0, this should not be a validation error, but a warning so it doesn’t stop of flow of process

    • Kate: could do transition for a year and then make it an error. also have factor of license list version - so can say for this point forward
    • Philippe: not everyone may be tracking which version of license list they are using
    • Trevor: could just make it a warning, don’t have to decide when to have it an error, but can do in future
    • John: would want to see timeline for this transition
    • Mark wants to version the list and be able to continue to use 2.0 version until can use new version as he sees fit
  • Gary: issue with using # in tag value. Trevor: might be easier to use words. Bradley agreed.
  • Dennis: under what circumstance would I declare / use GPL-2.0?
  • Kate: commented on wide range of how people declare GPL applies as she’s seen in kernel
  • Mark: why not be no assertion
  • J: should GPL-2.0? be used in “concluded field” ever?
  • Kate: we have concluded and detected - should we say that ? can only be used in detected fields?
  • Alexios: if don’t have + or only, then it’s unqualified and unclear
  • Mark: on first round, we took real world examples - we should have very clear source code examples; Mark to send out examples from when we did operators to begin with
  • Bradley: might not always use it in context of SPDX, might want to have that ambiguity; he had assumed there were clear conclusions
  • Matija: what if someone writes code and says, “this is under GPL”. someone else forks it and copies into difference project with GPLv2
  • Paul: what if we put all three on license list, would that fix the issue? (asks FSF)
  • John: idea of ? is to satisfy what others have raised not what FSF has raised
  • Bradley: his concern, this seems clean, but problem is that 2.0 did mean only, so ...
  • Mark: 2.0 means - what the text say