From SPDX Wiki
The meeting was attended by:
- Jilayne Lovejoy
- Kate Stewart
- Tom Incorvia
- Esteban Rockett
- Kim Weins
- We revisited the issue of the Python license. Tom had done some additional tracking down of licensing info on the Python website (see attached jpg). Based on that, the new proposal is that we have 2 Python licenses in the list
- Python License Stack
- This consists of the entire stack of licenses that are needed for the Python language. The last language in the stack is Python Software Foundation license, which applies to the newer portions of Python. Other licenses in the stack apply to earlier poritions of the code. We noted that this "license stack" is referred to by the OSI as the Python Software Foundation (PSF) License. This is not entirely correct, since the PSF license is one element of the license stack.
- Python Software Foundation License
- This will encompass only the PSF license. We are separating this out since other projects may use the PSF license without the rest of the Python License Stack
- As a follow up, Tom volunteered to validate this approach with the legal person at the PSF (a contact Kate will provide). He will also find out why the OSI also lists the Python CNRI License (ONE of the licenses in the Pthon License Stack) as a separate license on the list.
- Jilayne had pointed out that in some cases we had older versions of a license on our list, but were missing the earlier versions. Examples included EUPL v1.0, MPL v1.0, NPL v1.0, other OSL versions, AFL, etc. We decided to add those earlier versions to the list as well, unless we got into a situation where they were too numerous.
- The OSI site lists a zlib/libpng license. However the text listed by OSI is the zlib license. There is a separate libpng license as well with different terms. We believe that these should be separate licenses in our list. Jilayne is going to do further research, including reaching out to zlib developers and OSI to try and determine why they are together. Once we get that info, back we will determine how to handle.
- Jilayne has added several standard exceptions to the GPLv2 and GPLv3 listings. If anyone knows of additional exceptions, they can provide these to Jilayne along with a link to the "canonical source" for the license on the web.
GPLv3 Section 7
- Mark Radcliffe had brought up the issue of GPLv3 section 7 on the mailing list. That section allows for other specific variations to be added to GPLv3. The primary goal of this clause was to allow compatibility with other licenses, such as Apache. However, theoretically someone could simply add these variations to the GPLv3. No one on the call had ever seen these variations in the real world yet, so the proposal is to simply list GPLv3 for now. Any variations would be handled as a "non standard license". If we begin to see these licenses appearing in the real world, we can then determine how to handle them. Jilayne will circulate this proposal to the mailing list for further comment.
Finalizing the license list
- Prior to release of SPDX 1.0 Release Candidate (RC), we will need to get all of the licenses from this list into the license repository. Here are the tasks
- Technical team to finalize the techncial design of that repo.
- Set up and Implement the blank repo (technical team?)
- Load (automated hopefully) of the data from the license list into the repo
- Add any manual data (such as license template info or notes).
- Validation and verification of all data in the repo (at least 2 different people)
- Ready to go live
- Define and document update processes for adding new licenses
- Open process for addition of new licenses
- Aside from the remaining items listed here, we are planning to close off addition of any new licenses to the list until after the license repo is up, unless we find an egregious item that is missing. Once the repo is up with this base list, we can then open the process for adding new items.
- The remaining items associated with the list will now roll into the legal workstream and be handled in the legal meetings.