THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Legal Team/Current Projects and Issues"

From SPDX Wiki
Jump to: navigation, search
Line 1: Line 1:
<big>'''SPDX Legal Team projects for 2014'''</big>  
+
<big>'''SPDX Legal Team projects for 2015'''</big>  
  
 
This page will be updated throughout the year.  We will try to not delete items, but mark them as "DONE" to serve as a record of progress over the course of the year.
 
This page will be updated throughout the year.  We will try to not delete items, but mark them as "DONE" to serve as a record of progress over the course of the year.
  
LAST UPDATED: 17 Jan 2014
+
LAST UPDATED: 5 May 2015
  
 
== Licenses Under Review ==
 
== Licenses Under Review ==
This is an on-going task, which is tracked here:  http://wiki.spdx.org/view/Legal_Team/License_List/Licenses_Under_Consideration
+
Owner: Dennis Clark
Owner for updating/tracking: Dennis
+
Timeframe: On-going
However, this list highlights the immediate or more complex tasks that need to be tackled
+
* New license or exception requests are tracked here:  https://docs.google.com/spreadsheets/d/11AKxLBoN_VXM32OmDTk2hKeYExKzsnPjAVM7rLstQ8s/edit?pli=1#gid=695212681
  
=== Various outstanding issues: ===
+
== Update & Maintain SPDX License List ==
# Ruby License issue - Jilayne sent a detailed email to Sam from the Ruby project (also copying the SPDX Legal List and Bob Gobielle of FOSSology) on Jan 4th, with no response as of yetSee: http://article.gmane.org/gmane.comp.licenses.spdx.legal/796/
+
Owner: Jilayne Lovejoy
## Next step:  Legal Team to come up with definitive naming proposal? 
+
Timeframe: On-going
## ''need to resolve immediately and for v1.20 release of License List''
+
* Add new licenses or make other changes to license list and associated web pages as neededPush changes to Git repository and coordinate with Gary to make sure new versions are tagged and uploaded to spdx.org
# add older Do What the F*ck You Want license - short identifier issue
+
  
=== Fedora List ===
+
== Standard Headers ==
Owner: Zac
+
Owner: ??
Under review via Google doc, here: https://docs.google.com/spreadsheet/ccc?key=0AmVnI0dGKEo1dENVVHFNeG5hQjAyYjQ3bm1VVUdjOFE#gid=1 (if you don't have access, just ask)
+
Timeframe: resolve for ??? release
# overriding principle: inclined to add Fedora "good" licenses to SPDX License List, unless very compelling reason not to; and create short-name comparison matrix (to track where short identifiers may not align)
+
* the move to v2.0 creates some issues for the Standard Header field of the SPDX License List:
# we need to step the pace on this - how?
+
# for the GNU family of licenses, the "or later" determination is made in the header text; pre-2.0, the GNU licenses were listed as two line items each, so the difference in the header (e.g., presence or absence of "or later') was accommodated in the Standard Header field for each license.  As of 2.0 and with the addition of the SPDX License Expression syntax the 'or later' option is exercised via the + operator.  In light of this, what do about the standard header?
## ''could we get through "good" list by first week of Feb?''
+
# Some Standard Headers have replaceable text. While the License Matching Guidelines are stated to apply to the Standard Headers, there is no markup in the Standard Headers - should there be?
 +
# Some licenses have more than one suggestion for a Standard Header - how do we accommodate this?
  
== License Matching Guidelines - create license templates ==
+
== Fedora / OSI outstanding issues ==
Owner: Jilayne
+
Owner: Jilayne Lovejoy
# go through licenses to determine which ones need markup as per License Matching Guidelines and provide information to Daniel so he can create actual template file
+
Timeframe: complete by end of 2015
## ''discuss any issues or questions to this end on Jan 16 and Feb 6 call as needed''
+
# Jabber Open Source License v1.0 – archived text here (http://archive.jabber.org/core/JOSL.pdf) is not the same as the OSI has on their site (it was OSI approved). What do we do about this? need to resolve with OSI (with goal of having on list b/c it was OSI approved and we endeavored to have all OSI licenses on SPDX list, even if old). license text also can be found at: http://code.google.com/p/jabber-net/wiki/FAQ_License
## ''goal to complete by early February and release full set of templates with v1.20 of SPDX License List'' 
+
# various OSI approved (but old or deprecated) licenses don't have corresponding link on OSI site; OSI to update and then SPDX to add link to SPDX-LL - check this??
 +
# other issues with Fedora list, identified when we went through that
  
== Legal Team recruitment ==
+
== Fedora / SPDX short identifiers comparison and review ==
 +
Owner: Jilayne Lovejoy
 +
Timeframe: complete by end of 2015
 +
* Need to finish creating spreadsheet with comparison chart and then send to / confer with Tom Calloway at Fedora
 +
 
 +
== Composite Licenses ==
 +
Owner: Sam Ellis?
 +
Timeframe: future
 +
* some licenses currently on the SPDX License List are actually composite licenses or license stacks; should these be broken apart and the SPDX License Expression used? Some discussion on this issue took place earlier this year, see: http://wiki.spdx.org/view/Legal_Team/Minutes/2015-01-08
 +
* determined that this would require a case-by-case review and should be targeted for post-2.0 timeframe
 +
 
 +
== Add a Suggested Header field to SPDX License List ==
 +
Owner: Mark Gisi
 +
Timeframe: future
 +
* proposal to add a field for a recommended header for licenses that do not have a Standard Header. Some discussion here: http://wiki.spdx.org/view/Legal_Team/Minutes/2015-04-30
 +
 
 +
== Community Outreach ==
 +
* what would this look like?
 +
 
 +
== Other projects from 2014 list ==
 +
=== Legal Team recruitment and initiation ===
 
* how do we get more people involved?
 
* how do we get more people involved?
 +
* when new people join, should we assign them an SPDX "buddy' to help answer questions and otherwise shepherd them into the group?
 
* who to target and how to reach them?
 
* who to target and how to reach them?
 
* ask for help from LF or via grassroots effort or both? other ideas?
 
* ask for help from LF or via grassroots effort or both? other ideas?
  
==License Expression Review & GPL exceptions ==
+
=== Alignment with other license lists ===
Owner: Mark Gisi & Tom Vidal
+
* Review of how SPDX spec deals with expressing various licensing scenarios in totality; e.g. using "and" and "or" for conjunctive and disjunctive license; how short identifiers play into this; revisit "or later" / "only" version issue and license exceptions
+
* We don't have all or the GPL exceptions - need to add to SPDX-LL. There are also the issue of inconsistencies "in the wild" among named exceptions and actual text (i.e. not all exceptions found called Foo exception have the exact same text; how do we deal with this?)
+
* Mark Gisi to schedule special call for initial discussion
+
 
+
== Alignment with other license lists ==
+
 
Coordinate with various other license lists to make sure SPDX has licenses from these lists and check short name matching (or create "translation" document if different)
 
Coordinate with various other license lists to make sure SPDX has licenses from these lists and check short name matching (or create "translation" document if different)
 
Here are some other lists we may want to look at once Fedora is completed:
 
Here are some other lists we may want to look at once Fedora is completed:
  
===FOSSology===  
+
==== FOSSology====  
 
owner: TBD assigned  
 
owner: TBD assigned  
 
* coordinate with Bob Gobeille, see http://www.fossology.org/projects/fossology/wiki/MatchSPDXLicenceIDs
 
* coordinate with Bob Gobeille, see http://www.fossology.org/projects/fossology/wiki/MatchSPDXLicenceIDs
  
===Gentoo===  
+
====Gentoo====  
 
owner: TBD assigned  
 
owner: TBD assigned  
  
===Suse===  
+
====Suse====  
 
owner: TBD assigned
 
owner: TBD assigned
* list found here: https://docs.google.com/spreadsheet/pub?key=0AqPp4y2wyQsbdGQ1V3pRRDg5NEpGVWpubzdRZ0tjUWc (courtesy of Ciaran Farrell from 6/27/12 email list thread)
+
* list found here: https://docs.google.com/spreadsheet/pub?key=0AqPp4y2wyQsbdGQ1V3pRRDg5NEpGVWpubzdRZ0tjUWc (courtesy of Ciaran Farrell)
 
+
=== Other "side" projects ===
+
 
+
== Moving SPDX License List to Git repository ==
+
* to work on after release of v1.20
+
* Jilayne to coordinate with Gary
+
 
+
== OSI outstanding issues ==
+
# zlib/ libpng license clarification
+
# Jabber Open Source License v1.0 – archived text here (http://archive.jabber.org/core/JOSL.pdf) is not the same as the OSI has on their site (it was OSI approved). What do we do about this? need to resolve with OSI (with goal of having on list b/c it was OSI approved and we endeavored to have all OSI licenses on SPDX list, even if old). license text also can be found at: http://code.google.com/p/jabber-net/wiki/FAQ_License
+
# various OSI approved (but old or deprecated) licenses don't have corresponding link on OSI site; OSI to update and then SPDX to add link to SPDX-LL - check this??
+
 
+
== License Ref short identifiers ==
+
better way to identify licenses not on SPDX-LL (spec issue) or to reference other external license list that have greater set of licenses than SPDX-LL
+
  
== Recommendations or guidance on how to best determine license for a particular file==
+
=== Recommendations or guidance on how to best determine license for a particular file ===
 
'how to identify the license for an open source project - ex. Within the file versus whether there's a copying file on top of the directory ? provide guidance/suggstion (industry practice?) that license in the file is more determinate than the license in the directoryShould the legal group aggregate industry best practices and come up with a group of guidelines and provide some influence on that?
 
'how to identify the license for an open source project - ex. Within the file versus whether there's a copying file on top of the directory ? provide guidance/suggstion (industry practice?) that license in the file is more determinate than the license in the directoryShould the legal group aggregate industry best practices and come up with a group of guidelines and provide some influence on that?
  
 
[[Category:Legal]]
 
[[Category:Legal]]

Revision as of 23:29, 5 May 2015

SPDX Legal Team projects for 2015

This page will be updated throughout the year. We will try to not delete items, but mark them as "DONE" to serve as a record of progress over the course of the year.

LAST UPDATED: 5 May 2015

Licenses Under Review

Owner: Dennis Clark Timeframe: On-going

Update & Maintain SPDX License List

Owner: Jilayne Lovejoy Timeframe: On-going

  • Add new licenses or make other changes to license list and associated web pages as needed. Push changes to Git repository and coordinate with Gary to make sure new versions are tagged and uploaded to spdx.org

Standard Headers

Owner: ?? Timeframe: resolve for ??? release

  • the move to v2.0 creates some issues for the Standard Header field of the SPDX License List:
  1. for the GNU family of licenses, the "or later" determination is made in the header text; pre-2.0, the GNU licenses were listed as two line items each, so the difference in the header (e.g., presence or absence of "or later') was accommodated in the Standard Header field for each license. As of 2.0 and with the addition of the SPDX License Expression syntax the 'or later' option is exercised via the + operator. In light of this, what do about the standard header?
  2. Some Standard Headers have replaceable text. While the License Matching Guidelines are stated to apply to the Standard Headers, there is no markup in the Standard Headers - should there be?
  3. Some licenses have more than one suggestion for a Standard Header - how do we accommodate this?

Fedora / OSI outstanding issues

Owner: Jilayne Lovejoy Timeframe: complete by end of 2015

  1. Jabber Open Source License v1.0 – archived text here (http://archive.jabber.org/core/JOSL.pdf) is not the same as the OSI has on their site (it was OSI approved). What do we do about this? need to resolve with OSI (with goal of having on list b/c it was OSI approved and we endeavored to have all OSI licenses on SPDX list, even if old). license text also can be found at: http://code.google.com/p/jabber-net/wiki/FAQ_License
  2. various OSI approved (but old or deprecated) licenses don't have corresponding link on OSI site; OSI to update and then SPDX to add link to SPDX-LL - check this??
  3. other issues with Fedora list, identified when we went through that

Fedora / SPDX short identifiers comparison and review

Owner: Jilayne Lovejoy Timeframe: complete by end of 2015

  • Need to finish creating spreadsheet with comparison chart and then send to / confer with Tom Calloway at Fedora

Composite Licenses

Owner: Sam Ellis? Timeframe: future

  • some licenses currently on the SPDX License List are actually composite licenses or license stacks; should these be broken apart and the SPDX License Expression used? Some discussion on this issue took place earlier this year, see: http://wiki.spdx.org/view/Legal_Team/Minutes/2015-01-08
  • determined that this would require a case-by-case review and should be targeted for post-2.0 timeframe

Add a Suggested Header field to SPDX License List

Owner: Mark Gisi Timeframe: future

Community Outreach

  • what would this look like?

Other projects from 2014 list

Legal Team recruitment and initiation

  • how do we get more people involved?
  • when new people join, should we assign them an SPDX "buddy' to help answer questions and otherwise shepherd them into the group?
  • who to target and how to reach them?
  • ask for help from LF or via grassroots effort or both? other ideas?

Alignment with other license lists

Coordinate with various other license lists to make sure SPDX has licenses from these lists and check short name matching (or create "translation" document if different) Here are some other lists we may want to look at once Fedora is completed:

FOSSology

owner: TBD assigned

Gentoo

owner: TBD assigned

Suse

owner: TBD assigned

Recommendations or guidance on how to best determine license for a particular file

'how to identify the license for an open source project - ex. Within the file versus whether there's a copying file on top of the directory ? provide guidance/suggstion (industry practice?) that license in the file is more determinate than the license in the directoryShould the legal group aggregate industry best practices and come up with a group of guidelines and provide some influence on that?