- Mark Gisi, Windriver
- Peter Williams, OpenLogic
- Paul Madick, HP
- Michael Herzog, NexB
- Adam Cohn, Cisco
The meeting discussion was focused on the SPDX "license list".
- The attendees agreed that the proposed process for adding new licenses to the list should be forwarded to the wider team for review. That proposal is attached below.
- We also discussed, but did not resolve:
- how license submissions should handle so-called "license headers" (AKA, "notices"), and
- how license submissions should handle headers/modifiers which permit multiple license options, such as "license version X or later," or where an option is given to a user to pick and choose among different licenses.
After some robust discussion of these points, it was agreed that we needed greater cross-team consensus on what problems, exactly, the license list is designed to solve. There is high-level agreement of the benefit of having a canonical list of key licenses, but when it comes down to making specific tradeoff decisions such as those above, it would be helpful to have additional guiding principles. The attendees agreed that these guiding principles should not be owned by the legal team, but should be agreed across the three teams.
The attendees also agreed that it would be valuable to start collecting “use cases” that serve as examples of real life scenarios in which SPDX will have to function. For example, if a product has several nested components, some of which are licensed under GPLv3, and some of which are marked with a license header allowing choice between MIT and GPLV2 or later, the SPDX license list needs to both capture this information and enable the user to take action and pass along an SPDX accurately reflecting these choices to the next link in the chain.
- Legal team will circulate the proposed process for submitting new licenses for input from the other teams (see below)
- Initiate discussion in the general meeting on creating new “guiding principles” to assist and guide all teams. Attendees today agreed to come prepared to next meeting with ideas for guiding principles to start discussion.
- Legal team to start collecting use cases and add them to the list being compiled by the technical team.
Proposed process for submitting new licenses
- Submit via SPDX-legal email address.
- Provide a functioning URL reference to the license text, either from the license author or a or community recognized source for the license text (License URL):
- Create and attach a formatted text file with the license text from the URL posted above
- Proofread license text file to ensure that:
- information has not been lost or modified
- formatting is clean and consistent with the License URL
- only appropriate headers and information are included in the text file [link to protocol]
- Indicate if the license is OSI approved [Yes/No]. If yes, provide link to OSI license, verify that it is the same text as supplied in #1 above.
- Briefly explain the need for this license to be included, including identifying at least one program that uses this license or a prior version of this license.
- Please provide a proposed Full Name for the license, in line with the SPDX naming guidelines [LINK]
- Please provide a proposed License Identifier, in line with the SPDX naming guidelines
- Tools: Guidelines for the tools group to match this license [need to flesh this out]
Method of approval:
- Legal Team meets every 2 weeks to review submissions of new licenses. If volume of license submissions becomes too great for Legal Team, we would create a separate Subteam to handle these reviews.
- License submissions that meet requirements above reviewed and approved at next available Team/Subteam meeting. If further information is required, Team/Subteam responds to requestor to re-submit.
- Publish recommended new license on the license list page as “proposed”, wait 2 weeks for review and comment then approval at next Legal Team/Subteam, following which the license gets posted as final.