THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Old/Sandbox for Sharing Examples/How to Handle Licenses in SPDX"

From SPDX Wiki
Jump to: navigation, search
(Convert to MediaWiki syntax)
 
Line 1: Line 1:
<p><strong><br /></strong></p>
+
'''Handling of Licenses IDs (Short names)'''
<p><strong>Handling of Licenses IDs (Short names)</strong></p>
+
 
<ul>
+
* We have proposed using the Fedora short names
<li>We have proposed using the Fedora short names</li>
+
* We have also looked at the Debian naming scheme
<li>We have also looked at the Debian naming scheme</li>
+
* There are a couple of key differences
<li>There are a couple of key differences</li>
+
* '''Version handling'''
<li><strong>Version handling</strong></li>
+
 
</ul>
+
1. Fedora builds versions into the short name, but it is done in a non-standardized way that seems to vary from license to license, eg
<p style="padding-left: 30px;">1. Fedora builds versions into the short name, but it is done in a non-standardized way that seems to vary from license to license, eg</p>
+
 
<ol> </ol>
+
* ASL 1.0 (for Apache 1.0)
<ul>
+
* AGPLv1 (for Affero GPL v1)
<li>ASL 1.0&nbsp; (for Apache 1.0)</li>
+
* CeCill (for both Cecill v1.1 and v2)
<li>AGPLv1&nbsp; (for Affero GPL v1)</li>
+
 
<li>CeCill (for both Cecill v1.1 and v2)</li>
+
2. Debian proposes a standard way – “license name-version”, eg
</ul>
+
 
<p style="padding-left: 30px;">2. Debian proposes a standard way – “license name-version”, eg</p>
+
* GPL-2
<ol> </ol>
+
* Apache-2
<ul>
+
 
<li>GPL-2</li>
+
3. Both Fedora and Debian also use standard way to deal with the “and later” version options by using a “+”, eg
<li>Apache-2</li>
+
 
</ul>
+
* GPL-2+ (debian)
<p style="padding-left: 30px;">3. Both Fedora and Debian also use standard way to deal with the “and later” version options by using a “+”, eg</p>
+
* GPLv2+ (Fedora)
<ol> </ol>
+
 
<ul>
+
'''4. Suggested Solution for SPDX'''
<li>GPL-2+ (debian)</li>
+
 
<li>GPLv2+ (Fedora)</li>
+
* I believe we should have a standard way to handle versions for SPDX. I would suggest going with the Debian approach or something similar. This would entail slightly modifying the Fedora short names where they do not follow the standard
</ul>
+
* I’m not sure if there is some reason why Fedora hasn’t standardized this.
<p style="padding-left: 30px;"><strong>4.&nbsp;&nbsp;&nbsp; </strong><strong>Suggested Solution for SPDX</strong></p>
+
 
<ol> </ol>
+
'''Handling of “standard” exceptions is different'''
<ul>
+
 
<li>I believe we should have a standard way to handle versions for SPDX.&nbsp; I would suggest going with the Debian approach or something similar.&nbsp; This would entail slightly modifying the Fedora short names where they do not follow the standard</li>
+
# Fedora just uses a term that is “with exceptions” They don’t tell you which exceptions. The result is that a short name “'''GPLv3 with exceptions'''” is used for both the classpath and font exceptions. This seems to create ambiguity.
<li>I’m not sure if there is some reason why Fedora hasn’t standardized this.</li>
+
# Debian proposes naming the common exception – with the following syntax
</ul>
+
 
<p><strong>Handling of “standard” exceptions is different</strong></p>
+
* GPL-2+ with classpath exception
<ol>
+
* GPL-2+ with font exception
<li>Fedora just uses a term that is “with exceptions”&nbsp; They don’t tell you which exceptions.&nbsp; The result is that a short name “<strong>GPLv3 with exceptions</strong>&nbsp; is used for both the classpath and font exceptions.&nbsp; This seems to create ambiguity.</li>
+
 
<li>Debian proposes naming the common exception – with the following syntax</li>
+
'''3. Suggested Solution for SPDX'''
</ol>
+
 
<ul>
+
* I believe we should use the Debian approach for common “approved” exceptions such as the 2 mentioned for GPL
<li>GPL-2+ with classpath exception</li>
+
 
<li>GPL-2+ with font exception</li>
+
'''Spaces in short name'''
</ul>
+
 
<p style="padding-left: 30px;"><strong>3.&nbsp;&nbsp;&nbsp; </strong><strong>Suggested Solution for SPDX</strong></p>
+
# Fedora has spaces in the short names
<ol> </ol>
+
# Debian does not (they do have spaces when they do “with exceptions”
<ul>
+
 
<li>I believe we should use the Debian approach for common “approved” exceptions such as the 2 mentioned for GPL</li>
+
'''3. Suggested Solution for SPDX'''
</ul>
+
 
<p><strong>Spaces in short name</strong></p>
+
* I would ask the technical people if this will be problematic having spaces when we want to automatically parse these files.
<ol>
+
 
<li>Fedora has spaces in the short names</li>
+
'''Handling of multiple licenses'''
<li>Debian does not&nbsp; (they do have spaces when they do “with exceptions”</li>
+
 
</ol>
+
# Both Fedora and Debian use “ands” and “ors” when there are multiple licenses associated with a pkg.
<p style="padding-left: 30px;"><strong>3.&nbsp;&nbsp;&nbsp; </strong><strong>Suggested Solution for SPDX</strong></p>
+
 
<ul>
+
* “and” when you must comply with the terms of all the licenses because parts of the package or file are under difference licenses
<li>I would ask the technical people if this will be problematic having spaces when we want to automatically parse these files.&nbsp; </li>
+
** artistic-1 and gpl-2
</ul>
+
** “or” when you get to choose a license
<p>&nbsp;</p>
+
*** artistic-1 or gpl-2
<p><strong>Handling of multiple licenses</strong></p>
+
 
<ol>
+
2. Both Fedora and Debian address the combining of ors and ands.
<li>Both Fedora and Debian use “ands” and “ors” when there are multiple licenses associated with a pkg.&nbsp; </li>
+
 
</ol>
+
* ** Use parentheses when needed
<ul>
+
** (artistic-1 or gpl-2) and lgpl=1.1
<li>“and” when you must comply with the terms of all the licenses because parts of the package or file are under difference&nbsp; licenses      
+
** “and” takes precedence
<ul>
+
** GPL-2+ with font exception
<li>artistic-1 and gpl-2</li>
+
 
<li>“or” when you get to choose a license      
+
'''3. Suggested Solution for SPDX'''
<ul>
+
 
<li>artistic-1 or gpl-2</li>
+
* Follow the same rules
</ul>
+
 
</li>
+
'''Handling of license variations'''
</ul>
+
 
</li>
+
# There are several licenses that have “variations”. MIT and BSD are examples of this. These situations are handled differently by Fedora and Debian.
</ul>
+
# Fedora
<p style="padding-left: 30px;">2. Both Fedora and Debian address the combining of ors and ands.</p>
+
 
<ol> </ol>
+
* For MIT, Fedora treats a bunch of the MIT variations as “functionally equivalent” and uses the short name “MIT” to refer to all of them. They have a page listing all of the MIT variants and the actual text. https://fedoraproject.org/wiki/Licensing/MIT
<ul>
+
* For BSD, Fedora seems to have different short names for each of the variants, eg
<li>&nbsp;     
+
** BSD License (original) = short name “BSD with advertising”
<ul>
+
** BSD License (no advertising) which is a 3 clause version and BSD License (two clause) both = short name of “BSD”
<li>Use parentheses when needed </li>
+
** BSD Protection License = short name of “BSD Protection”
<li>(artistic-1 or gpl-2) and lgpl=1.1</li>
+
** Academy of Motion Picture Arts and Sciences BSD = “AMPAS BSD”
<li>“and” takes precedence</li>
+
 
<li>GPL-2+ with font exception    
+
3. Debian
<ul>
+
 
</ul>
+
* For MIT, Debian says that it is “problematic” and hasn’t addressed it . They have no short name for MIT yet.
</li>
+
* For BSD, Debian has a short name for BSD, but it’s unclear how the variants are handled
</ul>
+
 
</li>
+
'''4. Suggested Solution for SPDX'''
</ul>
+
 
<p style="padding-left: 30px;"><strong>3.&nbsp;&nbsp;&nbsp; </strong><strong>Suggested Solution for SPDX</strong></p>
+
* This one is a little complicated. I think for any situation where we have different variants of a license, they should have different short names. Fedora has done this to some extent, but in some cases (like BSD 2 and 3-clause) they have combined it to use one short name. This would require us to stray from the short names of Fedora.
<ol> </ol>
+
* The other question is what do you do with “other” variants that don’t have a unique short name. Some people use “BSD-like” or terms such as that. I know some people don’t like that. It seems that for now the most accurate approach would be either to give a variant it’s own short name, or tag it as an “Other” license.
<ul>
+
 
<li>Follow the same rules</li>
+
[[Category:Technical]]
</ul>
+
[[Category:Archived]]
<p>&nbsp;</p>
+
<p>&nbsp;</p>
+
<p><strong>Handling of license variations</strong></p>
+
<ol>
+
<li>There are several licenses that have “variations”.&nbsp; MIT and BSD are examples of this.&nbsp; These situations are handled differently by Fedora and Debian.</li>
+
<li>Fedora</li>
+
</ol>
+
<ul>
+
<li>For MIT, Fedora treats a bunch of the MIT variations as “functionally equivalent” and uses the short name “MIT” to refer to all of them.&nbsp; They have a page listing all of the MIT variants and the actual text. <a href="https://fedoraproject.org/wiki/Licensing/MIT">https://fedoraproject.org/wiki/Licensing/MIT</a> </li>
+
<li>For BSD, Fedora seems to have different short names for each of the variants, eg      
+
<ul>
+
<li>BSD License (original) = short name “BSD with advertising”</li>
+
<li>BSD License (no advertising) which is a 3 clause version and BSD License (two clause)&nbsp; both = short name of “BSD”</li>
+
<li>BSD Protection License = short name of “BSD Protection”</li>
+
<li>Academy of Motion Picture Arts and Sciences BSD = “AMPAS BSD”</li>
+
</ul>
+
</li>
+
</ul>
+
<p style="padding-left: 30px;">3. Debian</p>
+
<ol> </ol>
+
<ul>
+
<li>For MIT, Debian says that it is “problematic”&nbsp; and hasn’t addressed it .&nbsp; They have no short name for MIT yet.</li>
+
<li>For BSD, Debian has a short name for BSD, but it’s unclear how the variants are handled</li>
+
</ul>
+
<p style="padding-left: 30px;"><strong>4.&nbsp;&nbsp;&nbsp; </strong><strong>Suggested Solution for SPDX</strong></p>
+
<ol> </ol>
+
<ul>
+
<li>This one is a little complicated.&nbsp; I think for any situation where we have different variants of a license, they should have different short names.&nbsp; Fedora has done this to some extent, but in some cases (like BSD 2 and 3-clause) they have combined it to use one short name.&nbsp;&nbsp; This would require us to stray from the short names of Fedora.</li>
+
<li>The other question is what do you do with “other” variants that don’t have a unique short name.&nbsp; Some people use “BSD-like” or terms such as that.&nbsp; I know some people don’t like that.&nbsp;&nbsp; It seems that for now the most accurate approach would be either to give a variant it’s own short name, or tag it as an “Other” license.</li>
+
</ul>
+
<p>&nbsp;</p>
+
<p>&nbsp;</p>
+

Latest revision as of 15:35, 6 March 2013

Handling of Licenses IDs (Short names)

  • We have proposed using the Fedora short names
  • We have also looked at the Debian naming scheme
  • There are a couple of key differences
  • Version handling

1. Fedora builds versions into the short name, but it is done in a non-standardized way that seems to vary from license to license, eg

  • ASL 1.0 (for Apache 1.0)
  • AGPLv1 (for Affero GPL v1)
  • CeCill (for both Cecill v1.1 and v2)

2. Debian proposes a standard way – “license name-version”, eg

  • GPL-2
  • Apache-2

3. Both Fedora and Debian also use standard way to deal with the “and later” version options by using a “+”, eg

  • GPL-2+ (debian)
  • GPLv2+ (Fedora)

4. Suggested Solution for SPDX

  • I believe we should have a standard way to handle versions for SPDX. I would suggest going with the Debian approach or something similar. This would entail slightly modifying the Fedora short names where they do not follow the standard
  • I’m not sure if there is some reason why Fedora hasn’t standardized this.

Handling of “standard” exceptions is different

  1. Fedora just uses a term that is “with exceptions” They don’t tell you which exceptions. The result is that a short name “GPLv3 with exceptions” is used for both the classpath and font exceptions. This seems to create ambiguity.
  2. Debian proposes naming the common exception – with the following syntax
  • GPL-2+ with classpath exception
  • GPL-2+ with font exception

3. Suggested Solution for SPDX

  • I believe we should use the Debian approach for common “approved” exceptions such as the 2 mentioned for GPL

Spaces in short name

  1. Fedora has spaces in the short names
  2. Debian does not (they do have spaces when they do “with exceptions”

3. Suggested Solution for SPDX

  • I would ask the technical people if this will be problematic having spaces when we want to automatically parse these files.

Handling of multiple licenses

  1. Both Fedora and Debian use “ands” and “ors” when there are multiple licenses associated with a pkg.
  • “and” when you must comply with the terms of all the licenses because parts of the package or file are under difference licenses
    • artistic-1 and gpl-2
    • “or” when you get to choose a license
      • artistic-1 or gpl-2

2. Both Fedora and Debian address the combining of ors and ands.

  • ** Use parentheses when needed
    • (artistic-1 or gpl-2) and lgpl=1.1
    • “and” takes precedence
    • GPL-2+ with font exception

3. Suggested Solution for SPDX

  • Follow the same rules

Handling of license variations

  1. There are several licenses that have “variations”. MIT and BSD are examples of this. These situations are handled differently by Fedora and Debian.
  2. Fedora
  • For MIT, Fedora treats a bunch of the MIT variations as “functionally equivalent” and uses the short name “MIT” to refer to all of them. They have a page listing all of the MIT variants and the actual text. https://fedoraproject.org/wiki/Licensing/MIT
  • For BSD, Fedora seems to have different short names for each of the variants, eg
    • BSD License (original) = short name “BSD with advertising”
    • BSD License (no advertising) which is a 3 clause version and BSD License (two clause) both = short name of “BSD”
    • BSD Protection License = short name of “BSD Protection”
    • Academy of Motion Picture Arts and Sciences BSD = “AMPAS BSD”

3. Debian

  • For MIT, Debian says that it is “problematic” and hasn’t addressed it . They have no short name for MIT yet.
  • For BSD, Debian has a short name for BSD, but it’s unclear how the variants are handled

4. Suggested Solution for SPDX

  • This one is a little complicated. I think for any situation where we have different variants of a license, they should have different short names. Fedora has done this to some extent, but in some cases (like BSD 2 and 3-clause) they have combined it to use one short name. This would require us to stray from the short names of Fedora.
  • The other question is what do you do with “other” variants that don’t have a unique short name. Some people use “BSD-like” or terms such as that. I know some people don’t like that. It seems that for now the most accurate approach would be either to give a variant it’s own short name, or tag it as an “Other” license.