THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Legal Team/Minutes/2011-08-24"

From SPDX Wiki
Jump to: navigation, search
 
Line 1: Line 1:
<p><strong>SPDX Legal Team Meeting Minutes - 24-August-2011&nbsp;</strong></p><p>Attendees:</p><p><br />Esteban Rockett, Motorola Mobility<br />Kim Wiens, OpenLogic<br />Michael Herzog, NexB<br />Phil Odence, BlackDuck<br />Mark Gisi, WindRiver<br />Tom Incorvia, Microfocus<br />Nichlos (protocode)<br />Paul Maddock, HP<br />Jilayne Lovejoy, OpenLogic<br />Karen Copenhaver, Choate<br />Adam Cohen, Cisco</p><p>- Linux Summit Vancouver Summary was presented.</p><p>- SPDX Official launch went well.</p><p>- BOF revealed issues with PDDL acceptance, because it is not another license for project to have to be concerned about. &nbsp;Alternative suggestions were entertained. &nbsp;Karen agreed to draft a modified MIT license as a potential alternative, and circulate before next meeting.</p><p>Update on how LinuxCon went - announcement on Wednesday; session on Thursday and birds of a feather on Thursday evening</p><p>-Announcement and press release on Wednesday with quotes, etc.</p><p>-Informational session on Thursday went well, no major difficult questions</p><p>-hot issues: how will we provide metadata and licensing of metadata (PddL) at BOF</p><p>oissue described as how metadata can be used while keeping it in public domain</p><p>oconcerns stem from European database law</p><p>oshould we be concerned with this?</p><p>oStill need ability to be confidentiality, while preparing and potentially&nbsp;</p><p>oAt BOF: core team and active members, but also some peripheral from community/developer side - got negative reaction to idea of PddL&nbsp;</p><p>ofrom perspective of community developer - new license I'm not familiar with, don't care about licensing, rebeling as a result</p><p>ofeedback from professor, and importance of attribution and PddL doesn't allow attribution</p><p>ooriginal thing we were trying to avoid, was database law to claim rights in an SPDX file and no one else can use it. Avoid this by using trademark license to enforce use of PddL. &nbsp;But nefarious actors can still circumvent</p><p>ois this really a concern?</p><p>oIs this really a risk overall, i.e. do we need a license at all</p><p>oConfidentiality is bigger issue</p><p>oReality that next year at LinuxCon, issue will probably be open data; we have opportunity to start clean pipeline and data can be re-used any way you want</p><p>oIdea is if I get an SPDX that this license applies to the data</p><p>oIf want to drive this up to project level, they don't understand the data laws and will ask why isn't this the CC license</p><p>οLittle bit of a battle b/w CC license, but CC has not issued a license yet that deals with the data issue</p><p>oIf we only had PddL as default, could result in SPDX files under other licenses and more confusion</p><p>oWhat if we used one of the public domain CC licenses, how concerned are we with the EU data laws</p><p>oAlso still need a disclaimer - example, MIT license - familiar and leaves open to adopt something later; easier to get buy-in</p><p>οHave to use "to the extent that there are any rights…" b/c don't want to acknowledge that there are any rights</p><p>οSimple approach of using (modified) MIT, step in right direction</p><p>oHave to accept reality that software - data, not same thing</p><p>οKaren to write something up and circulate</p><p>οNeed to make decision, do it immediately, and stick with it? (or at least try)</p><p>oOnly way to get absoluteness is to prevent use of SPDX trademark at all unless used in line with trademark license</p><p>oAs long as we allow others to use specification in non-compliant form, increases matter of percentage, but never 100 %</p><p>oCould spin out v1.1 release quickly and have this be only change</p><p>oCan we also tackle confidentiality issue at same time?</p><p>οKaren to circulate proposal - some things to consider/include:</p><p>oSpec under CC-BY 3.0 clarification</p><p>oExempt any copyrightable materials included in SPDX (i.e. license text) ; can use field names to exempt</p><p>oThis is really a disclaimer</p><p>oNo mention of comments copyright-able-ness?</p><p>oIs this consistent with previous PddL approach around confidentiality</p><p>oSeems like this MIT-style would make this even easier?</p><p>oTechnical team will be asked to look at pending proposal for proposed confidentiality field (as discussed earlier) and hope to wrap that up together</p><p>οLegal call next week (instead of two weeks) to review what Karen circulates and try to wrap this up</p>
+
<p><strong>SPDX Legal Team Meeting Minutes - 24-August-2011&nbsp;</strong></p><p>Attendees:</p><p>Esteban Rockett, Motorola Mobility<br />Kim Wiens, OpenLogic<br />Michael Herzog, NexB<br />Phil Odence, BlackDuck<br />Mark Gisi, WindRiver<br />Tom Incorvia, Microfocus<br />Nichlos (protocode)<br />Paul Maddock, HP<br />Jilayne Lovejoy, OpenLogic<br />Karen Copenhaver, Choate<br />Adam Cohen, Cisco</p><ol><li>Linux Summit Vancouver Summary was presented.</li><li>SPDX Official launch went well.</li><li>BOF revealed issues with PDDL acceptance, because it is not another license for project to have to be concerned about. &nbsp;Alternative suggestions were entertained. &nbsp;Karen agreed to draft a modified MIT license as a potential alternative, and circulate before next meeting.</li></ol><p>Update on how LinuxCon went - announcement on Wednesday; session on Thursday and birds of a feather on Thursday evening</p><ul><li>Announcement and press release on Wednesday with quotes, etc.</li><li>Informational session on Thursday went well, no major difficult questions</li><li>hot issues: how will we provide metadata and licensing of metadata (PddL) at BOF</li><ul><li>issue described as how metadata can be used while keeping it in public domain</li><li>concerns stem from European database law</li><li>should we be concerned with this?</li><li>Still need ability to be confidentiality, while preparing and potentially&nbsp;</li><li>At BOF: core team and active members, but also some peripheral from community/developer side - got negative reaction to idea of PddL&nbsp;</li><ul><li>from perspective of community developer - new license I'm not familiar with, don't care about licensing, rebeling as a result</li><li>feedback from professor, and importance of attribution and PddL doesn't allow attribution</li></ul><li>original thing we were trying to avoid, was database law to claim rights in an SPDX file and no one else can use it. Avoid this by using trademark license to enforce use of PddL. &nbsp;But nefarious actors can still circumvent</li><ul><li>is this really a concern?</li></ul></ul><li>Is this really a risk overall, i.e. do we need a license at all</li><ul><li>Confidentiality is bigger issue</li><li>Reality that next year at LinuxCon, issue will probably be open data; we have opportunity to start clean pipeline and data can be re-used any way you want</li><ul><li>Idea is if I get an SPDX that this license applies to the data</li><li>If want to drive this up to project level, they don't understand the data laws and will ask why isn't this the CC license</li><ul><li>Little bit of a battle b/w CC license, but CC has not issued a license yet that deals with the data issue</li></ul><li>If we only had PddL as default, could result in SPDX files under other licenses and more confusion</li><li>What if we used one of the public domain CC licenses, how concerned are we with the EU data laws</li><li>Also still need a disclaimer - example, MIT license - familiar and leaves open to adopt something later; easier to get buy-in</li><ul><li>Have to use "to the extent that there are any rights…" b/c don't want to acknowledge that there are any rights</li><li>Simple approach of using (modified) MIT, step in right direction</li><ul><li>Have to accept reality that software - data, not same thing</li></ul><li>Karen to write something up and circulate</li><li>Need to make decision, do it immediately, and stick with it? (or at least try)</li><ul><li>Only way to get absoluteness is to prevent use of SPDX trademark at all unless used in line with trademark license</li><li>As long as we allow others to use specification in non-compliant form, increases matter of percentage, but never 100 %</li><li>Could spin out v1.1 release quickly and have this be only change</li><li>Can we also tackle confidentiality issue at same time?</li></ul></ul><li>Karen to circulate proposal - some things to consider/include:</li><ul><li>Spec under CC-BY 3.0 clarification</li><li>Exempt any copyrightable materials included in SPDX (i.e. license text) ; can use field names to exempt</li><li>This is really a disclaimer</li><li>No mention of comments copyright-able-ness?</li><li>Is this consistent with previous PddL approach around confidentiality</li><li>Seems like this MIT-style would make this even easier?</li><li>Technical team will be asked to look at pending proposal for proposed confidentiality field (as discussed earlier) and hope to wrap that up together</li></ul></ul></ul><li>Legal call next week (instead of two weeks) to review what Karen circulates and try to wrap this up</li></ul>

Revision as of 20:54, 16 December 2011

SPDX Legal Team Meeting Minutes - 24-August-2011 

Attendees:

Esteban Rockett, Motorola Mobility
Kim Wiens, OpenLogic
Michael Herzog, NexB
Phil Odence, BlackDuck
Mark Gisi, WindRiver
Tom Incorvia, Microfocus
Nichlos (protocode)
Paul Maddock, HP
Jilayne Lovejoy, OpenLogic
Karen Copenhaver, Choate
Adam Cohen, Cisco

  1. Linux Summit Vancouver Summary was presented.
  2. SPDX Official launch went well.
  3. BOF revealed issues with PDDL acceptance, because it is not another license for project to have to be concerned about.  Alternative suggestions were entertained.  Karen agreed to draft a modified MIT license as a potential alternative, and circulate before next meeting.

Update on how LinuxCon went - announcement on Wednesday; session on Thursday and birds of a feather on Thursday evening

  • Announcement and press release on Wednesday with quotes, etc.
  • Informational session on Thursday went well, no major difficult questions
  • hot issues: how will we provide metadata and licensing of metadata (PddL) at BOF
    • issue described as how metadata can be used while keeping it in public domain
    • concerns stem from European database law
    • should we be concerned with this?
    • Still need ability to be confidentiality, while preparing and potentially 
    • At BOF: core team and active members, but also some peripheral from community/developer side - got negative reaction to idea of PddL 
      • from perspective of community developer - new license I'm not familiar with, don't care about licensing, rebeling as a result
      • feedback from professor, and importance of attribution and PddL doesn't allow attribution
    • original thing we were trying to avoid, was database law to claim rights in an SPDX file and no one else can use it. Avoid this by using trademark license to enforce use of PddL.  But nefarious actors can still circumvent
      • is this really a concern?
  • Is this really a risk overall, i.e. do we need a license at all
    • Confidentiality is bigger issue
    • Reality that next year at LinuxCon, issue will probably be open data; we have opportunity to start clean pipeline and data can be re-used any way you want
      • Idea is if I get an SPDX that this license applies to the data
      • If want to drive this up to project level, they don't understand the data laws and will ask why isn't this the CC license
        • Little bit of a battle b/w CC license, but CC has not issued a license yet that deals with the data issue
      • If we only had PddL as default, could result in SPDX files under other licenses and more confusion
      • What if we used one of the public domain CC licenses, how concerned are we with the EU data laws
      • Also still need a disclaimer - example, MIT license - familiar and leaves open to adopt something later; easier to get buy-in
        • Have to use "to the extent that there are any rights‚Ķ" b/c don't want to acknowledge that there are any rights
        • Simple approach of using (modified) MIT, step in right direction
          • Have to accept reality that software - data, not same thing
        • Karen to write something up and circulate
        • Need to make decision, do it immediately, and stick with it? (or at least try)
          • Only way to get absoluteness is to prevent use of SPDX trademark at all unless used in line with trademark license
          • As long as we allow others to use specification in non-compliant form, increases matter of percentage, but never 100 %
          • Could spin out v1.1 release quickly and have this be only change
          • Can we also tackle confidentiality issue at same time?
      • Karen to circulate proposal - some things to consider/include:
        • Spec under CC-BY 3.0 clarification
        • Exempt any copyrightable materials included in SPDX (i.e. license text) ; can use field names to exempt
        • This is really a disclaimer
        • No mention of comments copyright-able-ness?
        • Is this consistent with previous PddL approach around confidentiality
        • Seems like this MIT-style would make this even easier?
        • Technical team will be asked to look at pending proposal for proposed confidentiality field (as discussed earlier) and hope to wrap that up together
  • Legal call next week (instead of two weeks) to review what Karen circulates and try to wrap this up