jlovejoy
commented
6 years ago no need to add this, as no one has requested it, and if we were to add licenses not on SPDX from the FSF list, we'd prioritize the ones they consider compatible/free
Closed wking closed 2 years ago
jlovejoy
commented
6 years ago no need to add this, as no one has requested it, and if we were to add licenses not on SPDX from the FSF list, we'd prioritize the ones they consider compatible/free
bradleeedmondson
commented
6 years ago I agree -- at least, no need to add for this release.
wking
commented
6 years ago no need to add this, as no one has requested it...
Unless we want to cover the FSF list. This issue is something of a test for that, and it sounds like the answer is "no, that's not an SPDX goal. Additions should be requested per-license".
... and if we were to add licenses not on SPDX from the FSF list, we'd prioritize the ones they consider compatible/free
They do consider Arphic free, just not GPL-compatible. But Cryptix would be an example that the FSF considers both free and GPL-compatible, and Cryptix doesn't have an SPDX ID either; should I open an issue for it? Or should we wait for someone else to ask for it?
jlovejoy
commented
6 years ago no need to open an issue for Cryptix at this point. We are aware that there are some license that are considered free and GPL-compatible and which are not on the SPDX License List. @kestewart has a comparison list, we need to work with FSF on this as to how to proceed. Won't be for this release though.
jlovejoy
commented
6 years ago I changed title of this Issue, tagged for later release as a reminder in any case.
reversi-fun
commented
5 years ago I also want to vote for this request.
However, the method is different.
Please develop a tool to quantify the similarity of the license document and automatically determine GPL-compatible. Legally, the judgment does not have to be perfect.
If you have evidence that you make the best effort to use tools to make decisions, you can reduce legal risk.
I can create a directed graph with licenses close together with high similarity between license documents, and estimate that it will be GPL-compatible for some licenses for which the FSF has not been determined. For example, like FSF / CryptixGeneralLicense, spdx / Net-SNMP and spdx / Caldera would be GPL-compatible. However, spdx / bzip2-1.0.5 does not understand because it contains the patent clause.
I am tired and I can not do anything more. I would like to meet someone who will take over.
Prease Look at the directed graph below.
https://github.com/reversi-fun/license_doc_similality1/blob/master/data/lic_graph.sfdp.svg
jlovejoy
commented
5 years ago @reversi-fun - a couple background points on this:
the FSF asked for SPDX to reflect on its list which licenses the FSF considers free. We have done that to the extent we could, but some licenses on the FSF list were more challenging to identify and so we probably don't have complete data. We need some help from FSF to complete that.
regarding license compatibility: this is a complex legal question that involves making a legal interpretation that can rely on many factors including jurisdiction. SPDX is not in the business of making legal interpretations (nor reporting them from other sources) - that is beyond the scope of the intent for the SPDX License List, so you won't see that functionally added here. But besides, as a lawyer who has looked at this kind of thing, there is no reliable way to automate the determination of GPL-compatibility.
I'm not sure the purpose of your license similarity graphs here, but that is also not going to be able to determine GPL-compatibility.
Finally, you seem to be posting a lot in our Github repo - please be sure to join the mailing list, as we do a lot of discussion more generally there. see: https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md
thanks.
reversi-fun
commented
5 years ago Thank you for teaching us that i can join the mailing list without paying a high fee.
I understand that your explanation is the difference between a license manager(with legal arguments) and a "tool maker" . I look for a "tool maker".
goneall
commented
5 years ago @reversi-fun The mailing list is completely free. The SPDX organization is a very open and collaborative group of volunteers working to make license compliance easier. In addition to the legal team, you may also be interested in joining the tech team mailing list. We discuss a number of tools related to license and security compliance.
Information on the legal team can be found at https://spdx.org/legal-team and information on the tech team can be found at https://spdx.org/WorkgroupTechnical
I took a look at your project which generates the graphs and found it to be quite interesting and useful. One of the concerns with text based tools analysis of licenses is that it misses some significant legal keywords. If I understand your code correctly, it looks like you take that into account in your analysis. Once you sign up on the mailing list, I think the legal team would benefit from more of a description on what the graphs represent. The legal team has a mix of legal and technical expertise, so a description not requiring too much computer science background would be idea.
reversi-fun
commented
5 years ago @goneall Thank you for reading my broken English.
However, it is difficult to talk to a legal expert because my text contains a programmer's dialect. So I am looking for someone who is easy to talk to.[https://github.com/nexB/scancode-toolkit/issues/1499]
it looks like you take that into account in your analysis.
My graphs shows the similarity that something is different, with only a few words added. Some people said that "hypersensitive" and, the new license I found was an existing variant.[https://github.com/spdx/license-list-XML/issues/840]
I hope that this tool's "hypersensitive or not" will be judged in the "discuss on legal call" process. You will find that some of my "New license request" are for experts to explore similarity criteria.
If you find that my graphs is not hypersensitive, you will notice when it is necessary to add many more licenses from the graph that shows the similarity between licenses. At that time,My graph will ease the task of "finding the most similar license".
jlovejoy
commented
2 years ago Given we are trying to coordinate with the FSF more generally to improve this data (the outcome of which will be announced) and this is really old and has to do with a specific license, will close and let the general discussion cover this.
The FSF considers the Arphic license (text) free but GPL-incompatible. We dont have an identifier matching that text, and Google sees no "Arphic" in the list archive. If we want to cover the FSF list (vs. just supply their metadata for licenses we already carry), we'll need to register this license.
Spun out from wking/fsf-api#4.