THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Legal Team/Minutes/2011-08-24

From SPDX Wiki
Jump to: navigation, search

Attendees

  • Esteban Rockett, Motorola Mobility
  • Kim Wiens, OpenLogic
  • Michael Herzog, NexB
  • Phil Odence, BlackDuck
  • Mark Gisi, WindRiver
  • Tom Incorvia, Microfocus
  • Nichlos (protocode)
  • Paul Maddock, HP
  • Jilayne Lovejoy, OpenLogic
  • Karen Copenhaver, Choate
  • Adam Cohen, Cisco

Agenda

  1. Linux Summit Vancouver Summary was presented.
  2. SPDX Official launch went well.
  3. BOF revealed issues with PDDL acceptance, because it is not another license for project to have to be concerned about. Alternative suggestions were entertained. Karen agreed to draft a modified MIT license as a potential alternative, and circulate before next meeting.

Minutes

Update on how LinuxCon went - announcement on Wednesday; session on Thursday and birds of a feather on Thursday evening

  • Announcement and press release on Wednesday with quotes, etc.
  • Informational session on Thursday went well, no major difficult questions
  • hot issues: how will we provide metadata and licensing of metadata (PddL) at BOF
    • issue described as how metadata can be used while keeping it in public domain
    • concerns stem from European database law
    • should we be concerned with this?
    • Still need ability to be confidentiality, while preparing and potentially
    • At BOF: core team and active members, but also some peripheral from community/developer side - got negative reaction to idea of PddL
      • from perspective of community developer - new license I'm not familiar with, don't care about licensing, rebeling as a result
      • feedback from professor, and importance of attribution and PddL doesn't allow attribution
    • original thing we were trying to avoid, was database law to claim rights in an SPDX file and no one else can use it. Avoid this by using trademark license to enforce use of PddL. But nefarious actors can still circumvent
      • is this really a concern?
  • Is this really a risk overall, i.e. do we need a license at all
    • Confidentiality is bigger issue
    • Reality that next year at LinuxCon, issue will probably be open data; we have opportunity to start clean pipeline and data can be re-used any way you want
      • Idea is if I get an SPDX that this license applies to the data
      • If want to drive this up to project level, they don't understand the data laws and will ask why isn't this the CC license
        • Little bit of a battle b/w CC license, but CC has not issued a license yet that deals with the data issue
      • If we only had PddL as default, could result in SPDX files under other licenses and more confusion
      • What if we used one of the public domain CC licenses, how concerned are we with the EU data laws
      • Also still need a disclaimer - example, MIT license - familiar and leaves open to adopt something later; easier to get buy-in
        • Have to use "to the extent that there are any rights‚" b/c don't want to acknowledge that there are any rights
        • Simple approach of using (modified) MIT, step in right direction
          • Have to accept reality that software - data, not same thing
        • Karen to write something up and circulate
        • Need to make decision, do it immediately, and stick with it? (or at least try)
          • Only way to get absoluteness is to prevent use of SPDX trademark at all unless used in line with trademark license
          • As long as we allow others to use specification in non-compliant form, increases matter of percentage, but never 100 %
          • Could spin out v1.1 release quickly and have this be only change
          • Can we also tackle confidentiality issue at same time?
      • Karen to circulate proposal - some things to consider/include:
        • Spec under CC-BY 3.0 clarification
        • Exempt any copyrightable materials included in SPDX (i.e. license text) ; can use field names to exempt
        • This is really a disclaimer
        • No mention of comments copyright-able-ness?
        • Is this consistent with previous PddL approach around confidentiality
        • Seems like this MIT-style would make this even easier?
        • Technical team will be asked to look at pending proposal for proposed confidentiality field (as discussed earlier) and hope to wrap that up together
  • Legal call next week (instead of two weeks) to review what Karen circulates and try to wrap this up