THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Legal Team/Minutes/2011-08-24

From SPDX Wiki
< Legal Team‎ | Minutes
Revision as of 20:03, 16 December 2011 by Jlovejoy (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

SPDX Legal Team Meeting Minutes - 24-August-2011 

Attendees:


Esteban Rockett, Motorola Mobility
Kim Wiens, OpenLogic
Michael Herzog, NexB
Phil Odence, BlackDuck
Mark Gisi, WindRiver
Tom Incorvia, Microfocus
Nichlos (protocode)
Paul Maddock, HP
Jilayne Lovejoy, OpenLogic
Karen Copenhaver, Choate
Adam Cohen, Cisco

- Linux Summit Vancouver Summary was presented.

- SPDX Official launch went well.

- BOF revealed issues with PDDL acceptance, because it is not another license for project to have to be concerned about.  Alternative suggestions were entertained.  Karen agreed to draft a modified MIT license as a potential alternative, and circulate before next meeting.

Update on how LinuxCon went - announcement on Wednesday; session on Thursday and birds of a feather on Thursday evening

-Announcement and press release on Wednesday with quotes, etc.

-Informational session on Thursday went well, no major difficult questions

-hot issues: how will we provide metadata and licensing of metadata (PddL) at BOF

oissue described as how metadata can be used while keeping it in public domain

oconcerns stem from European database law

oshould we be concerned with this?

oStill need ability to be confidentiality, while preparing and potentially 

oAt BOF: core team and active members, but also some peripheral from community/developer side - got negative reaction to idea of PddL 

ofrom perspective of community developer - new license I'm not familiar with, don't care about licensing, rebeling as a result

ofeedback from professor, and importance of attribution and PddL doesn't allow attribution

ooriginal thing we were trying to avoid, was database law to claim rights in an SPDX file and no one else can use it. Avoid this by using trademark license to enforce use of PddL.  But nefarious actors can still circumvent

ois this really a concern?

oIs this really a risk overall, i.e. do we need a license at all

oConfidentiality is bigger issue

oReality that next year at LinuxCon, issue will probably be open data; we have opportunity to start clean pipeline and data can be re-used any way you want

oIdea is if I get an SPDX that this license applies to the data

oIf want to drive this up to project level, they don't understand the data laws and will ask why isn't this the CC license

οLittle bit of a battle b/w CC license, but CC has not issued a license yet that deals with the data issue

oIf we only had PddL as default, could result in SPDX files under other licenses and more confusion

oWhat if we used one of the public domain CC licenses, how concerned are we with the EU data laws

oAlso still need a disclaimer - example, MIT license - familiar and leaves open to adopt something later; easier to get buy-in

οHave to use "to the extent that there are any rights…" b/c don't want to acknowledge that there are any rights

οSimple approach of using (modified) MIT, step in right direction

oHave to accept reality that software - data, not same thing

οKaren to write something up and circulate

οNeed to make decision, do it immediately, and stick with it? (or at least try)

oOnly way to get absoluteness is to prevent use of SPDX trademark at all unless used in line with trademark license

oAs long as we allow others to use specification in non-compliant form, increases matter of percentage, but never 100 %

oCould spin out v1.1 release quickly and have this be only change

oCan we also tackle confidentiality issue at same time?

οKaren to circulate proposal - some things to consider/include:

oSpec under CC-BY 3.0 clarification

oExempt any copyrightable materials included in SPDX (i.e. license text) ; can use field names to exempt

oThis is really a disclaimer

oNo mention of comments copyright-able-ness?

oIs this consistent with previous PddL approach around confidentiality

oSeems like this MIT-style would make this even easier?

oTechnical team will be asked to look at pending proposal for proposed confidentiality field (as discussed earlier) and hope to wrap that up together

οLegal call next week (instead of two weeks) to review what Karen circulates and try to wrap this up