Legal Team/Minutes/2019-02-21

From SPDX Wiki
Jump to: navigation, search


  • Paul Madick
  • Dennis Clark
  • Brad Edmondson
  • John Horan
  • Steve Winslow
  • Mark Baushke
  • Jilayne Lovejoy
  • Philippe Ombrdanne


1) Open Source Leadership Summit agenda

  • SPDX f2f time is Monday afternoon 1-5pm
  • open agenda with all of SPDX team; rough agenda to cover:
    • next release of spec and related topics there
    • Mark Atwood’s proposal for non-open source licenses and standardized way to identify
    • review from last OSLS discussion on better presentation of SPDX License List as a whole, have we done any of those things, and what still needs to be done
  • anything else we should cover?
    • should we consider expanding scope of “open source” as a guidance for adding to the list? same problem of doing this still exists - current request relates to a new variant of Creative Commons license - maybe explain the historical context of including all CC licenses and log this somewhere for reference? There is also always the issue of how to find, where to draw line, and the labor involved (no one who asks for this has ever had this answer or has offered)
    • we could do better on LicenseRef- option - ReUse guidelines recommends this use - Mark’s proposal may also help to this end

2) Next release due for end of March - that means we’ll do a freeze as of March 21 meeting. Given current number of issues (some of which need discussion), anything new that isn’t easily resolved will get pushed to next release at this point.

3) Issues for 3.5: Steve discussed a few he has updated:

  • Twente license: submitted to OSI and SPDX at same time; MIT variation where they added a few things; concept of derivatives and require list for Data Controllers (seems like they are aiming for GDPR compliance). OSI has been going back and forth and some edits have been made. Submitter has been responsive - Steve asked if text has stabilized and if it’s used - projects waiting to switch to it, but waiting for SPDX identifier.
    • we want to wait until OSI finished their process and makes a decision
    • we want to have a SPDX short identifier so this if OSI approves, the identifier has already been chosen
  • note about NPM: if don’t have an SPDX identifier for your license, NPM throws up warning. Whenever the SPDX License List is updated, NPM doesn’t automatically pick it up, but they usually do, then has to go into next release of NPM client tool and users have to update NPM client tool (long lag time). There is some room for better coordination there ** should we have some kind of advice or write-up that suggests a way to notify when new SPDX License List is release? (kind of like when Gary wrote up paper on programmatically accessing the license list, instead of scraping the website)
  • HPND variation - Steve looked at from last call, now submitted a PR
  • MIT-CMU / Pillow license - same with templating or new license? discussed and decided to template MIT-CMU