THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Minutes/2020-08-11

From SPDX Wiki
Jump to: navigation, search

August 11, 2020

Attendees

  • Kate Stewart
  • Thomas Steenbergen
  • Steve Winslow
  • Jilayne Lovejoy
  • Steve Winslow
  • Gary O’Neall
  • Rose Judge
  • Peter Shin
  • Brad Goldring
  • John Horan
  • Rose Judge
  • Vicky Brasseur
  • William Bartolomew
  • Mark Atwood

Topics:

  • Licensing profile - consolidation of license fields

Legal Profile

  • Initial draft by Steve and Jilayne in Google Docs https://docs.google.com/document/d/1k_2tSlFXvW_SbW-I1DcSEoCNBMQJd4FEFIQr6KCJuyU/edit#
  • Note: didn't really update section numbers
  • Note: Has not been reviewed by the entire legal team – will review in upcoming legal team meeting
  • Normalized naming (e.g. references to Spdx Document rather than Spdx File) - this needs to be done across spec
  • Focus on artifact fields - consolidation of license related fields for Package, Files, and Snippets. Not much to change for Document-License List Version field or filed in Other Licensing Info section.
  • Discussion on Declared License for Package – metadata
    • Thomas raised question on if the Artifact includes the metadata or if it is different
    • Discussion on the previous discussions
      • Maven POM files was discussed previously and general agreement that the POM license info would be declared but not concluded
      • POM file license information was not always accurate
    • Different scenarios discussed, general agreement that a binary distribution would be a different artifact from the bundle of source
  • Discussion on license information that is not completely in the file (e.g. jQuery which includes a link but not the license notice)
    • Some tools will fill in the actual license referred to
  • Should we document the examples for Declared and Concluded licenses?
    • Valuable information
    • More specific would be better, but would make it larger
      • Would be nice to have some additional documentation somewhere
    • Generally agree to move from the specific fields to the intro for the section
  • Discussion on None field for license
    • Should the field be renamed NONE_FOUND?
      • Concern it would break tools
    • General agreement that NONE means someone looked really hard for a license and couldn’t find one at all
    • In the case of “No Rights Reserved”, one would create a LicenseRef-
  • Discussion cookbook
    • Could create hover over in the spec
      • Concern about accessibility
  • Replacing references to Disjunctive license with “OR”
  • Continue discussion on the Legal team this Thursday
  • What is the name of the profile for licensing?
    • “Licensing”
  • Discussion on associating copyright owner with license
    • Thomas has a requirement to associate the license with the copyright owners
    • Current SPDX does not have a mechanism to retain the associations
    • Could use snippets to retain the association between copyright owners and licenses for specific code