THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Legal Team/Minutes/2012-05-16

From SPDX Wiki
Jump to: navigation, search

Attendees

  • Jilayne Lovejoy, OpenLogic
  • Peter Williams, OpenLogic
  • Michael Herzog, NexB
  • Mark Gisi, WindRiver
  • Paul Madick, HP
  • Jason, Cisco
  • Tom Incorvia, Micro Focus

SPDX total vision

review Adam's proposed text to discuss on next call - done on Business Team call last week - any need to further discuss here, or leave to that next call?

→ did not discuss, leaving it to business calls (and general group) at this point

Legal Group vision/description

draft vision/goals statement for legal group and discuss

PAUL's proposed text:

"The SPDX Legal Team supports the SPDX working groups by providing recommendations to the SPDX working groups regarding licensing issues for the specification itself; providing input that will result in increased legal certainty of the licensing attributes of open source projects; maintain the SPDX License List; and to promote the SPDX specification to the legal community at-large."

  • "increased legal certainty of the licensing attributes of open source projects" - what is this trying to say? Seems to - when attorneys using this info to license a project in a certain way, these are the kind of things lawyers will be looking at to determine the license
    • "provide certainty as to what licenses are for identification purposes"
    • "increased certainty of the licensing origins of open source projects"
    • "increased certainty about how open source projects license their project"
    • "increased certainty of the licensing of open source projects"
    • "increased certainty as to being able to identify the licensing info for open source projects"
    • how about just delete the phrase altogether? - Got inward looking, concrete (License List) and outward looking - what else is there?
    • Going forward: re-send with revisions and meeting notes; send to general group and then vet at next legal call

REVISED VERSION:

"The SPDX Legal Team supports the SPDX working groups by providing recommendations to the SPDX working groups regarding licensing issues for the specification itself; providing input that will result in increased legal certainty of the licensing attributes of open source projects; maintain the SPDX License List; and to promote the SPDX specification to the legal community at-large."

  • Other tangent dicussion to this:
    • how to identify the license for an open source project - ex. Within the file versus whether there's a copying file on top of the directory → license in the file is more determinate than the license in the directory o notion of license at package level and at file level - SPDX producer takes liberties to determine this o but this isn't what the legal is doing, is it? Should we? Should the legal group come up with a group of guidelines and provide some influence on that?
  • → add to to-do list for discussion at later date

SPDX License List description

draft vision/goals statement for license list and discuss

JILAYNE's proposed text:

"The SPDX License List is a list of commonly found open source software licenses for the purposes of being able to easily and efficiently identify such licenses in an SPDX document. The SPDX License List includes a standardized short identifier and full name for each license, as well as other basic information. By providing a short identifier, SPDX creators (as well as others beyond SPDX) can efficiently refer to a license without having to redundantly reproduce the full license. The SPDX website (spdx.org) maintains the full text of each license on the SPDX License List. In keeping with the overall goal of the SPDX project, no interpretation of the licenses has been made and the SPDX Licenses List endeavors to only provide a factual list of licenses and short identifiers that can be consistently relied upon by users of the list."

  • add "vetted license text" to second sentence
  • add something about canonical reference, i.e. consistent and reliable maintained url for each license
  • remove last sentence as it's more of a counterpoint - good info to have, but probably belongs more in the FAQ section; can't cover every scenario in statement, better to keep it a statement of what it is (not what it isn't)
  • also probably don't need spdx.org website sentence
  • Going forward: re-send with revisions and meeting notes; send to general group and then vet at next legal call

REVISED VERSION:

"The SPDX License List is a list of commonly found open source software licenses for the purposes of being able to easily and efficiently identify such licenses in an SPDX document. The SPDX License List includes a standardized short identifier, full name for each license, vetted license text, other basic information, and a canonical permanent URL. By providing a short identifier, users can efficiently refer to a license without having to redundantly reproduce the full license."

Review current to-do list

Jilayne updated last night, see Legal_Team/Priorities - anything missing? prioritization?

  • license list to-do's - some stuff in progress; will need to deal with "issues" on their, but probably easier to do that once v1.16 is uploaded (goal to have done by next call..??)
  • Website updates and refresh - started listing areas that need work on current site, other things?
    • should we have something on website re: how we are dealing with other license lists and efforts involved around that? or on website FAQ as we deal with those along the way
    • refresh/tracking over to new pages - need update from MARK as to where we are on that and what needs to be done
  • Coordinating with other license lists
    • FSF list needs someone else to go through, may not necessarily add all the licenses they have on list (why licenses are on their list may be different reasons - i.e. for compatibility - not commonly used); come up with list of what we don't have versus what they have and then decide as group as to what to add -
      • PAUL (Jilayne to send him work to date on that)
    • Fedora list - Jilayne has to do to look into that more and follow up
    • Gentoo and Debian - will need others to take lead on these

TO-DO'S and NEXT CALL 5/30

  1. Send revised Legal Work Group mission statement to group - JILAYNE (Review, finalize, and post next call - ALL)
  2. Send revised SPDX License List descriptive statement to group for review - JILAYNE (Review, finalize, and post next call - ALL)
  3. FSF License list - needs to finish going through and make list of license on FSF list, but not on SPDX list and decide on whether to add to SPDX list - PAUL (Jilayne started going through, will send Paul info)
  4. update to-do list as per discussions on this call - JILAYNE