Legal Team/Minutes/2018-11-29

From SPDX Wiki
Jump to: navigation, search

Attendees

  • Jilayne Lovejoy
  • Bradley Kuhn
  • Alexios Zavras
  • Karen Copenhaver
  • Steve Winslow
  • Karen Sandler
  • Richard Fontana
  • Gary O’Neall
  • Paul Madick
  • Brad Edmondson


Agenda

1) discussion of “license exceptions” description and particular requests for additions - see https://lists.spdx.org/g/Spdx-legal/message/2445 for some background

  • discussed Linux kernel enforcement statement - https://github.com/spdx/license-list-XML/issues/655 and GPL Cooperation Commitment - https://github.com/spdx/license-list-XML/issues/714
    • By putting kernel enforcement statement on SPDX list helps to shows that it’s out there and enables use via identifier. Acknowledged that enforcement statement is copyright holder-specific, but it's people might do vetting and figure out what files the enforcement statement applies to across the board (where all copyright holders have signed enforcement statement). At this point, there are big chunks of code that could be under license with kernel enforcement statement, so may not be so hard to determine that. As more kernel copyright holders sign-up, this will get easier, so good to have identifier for that eventuality
    • question as to if kernel enforcement statement "changes" the license or just about how certain copyright holders enforce the license?
      • it’s an additional permission, it uses contractual language; then GPL Cooperation Commitment follows with more explicit language
      • problem with "change" is can be interpreted as changing the entire license or changing an aspect (modifying, excepting, augmenting, additional permission) but not changing the over-arching license. Exceptions - as on SPDX License List thus far - are the latter. Description does state that these things are not stand alone licenses.
  • Regarding GPL CC: drafted for projects to be used by new projects or existing projects where adoption of commitment can be done for apply as of date
    • question as to whether language for corporate and individual versions are similar enough to project version that we can accommodate with matching markup and use one identifier. This needs to be investigated as part of implementation.
      • Richard to help provide diff; Alexios to help with SPDX markup potential, so all can then review/discuss
  • implementation of adding kernel enforcement statement question: how to handle list of names (not part of statement?); and preamble/information part at start?
    • probably best to do markup as straw man, then discuss on Github issue as to specifics

2) discussion on potential changes to existing explanation for License Exceptions on https://spdx.org/licenses/exceptions-index.html

  • Jilayne had proposed changing from "exceptions" to "modifiers", but all on call agreed we didn't actually have to edit this language now; as it stands, the kernel enforcement statement and GPL Cooperation Commitment fit the description
  • exceptions or "modifiers" are things that could have legal impact on original/over-arching license
  • we might want to add a point that any exception needs to fit the license inclusion principles just as licenses do; so long as any additional term doesn't take a license out of the open source definition, then could still include it
  • Google patent grant may stretch this definition a bit and no one from Google on call, so tabled discussion on that issue