spdx-spec icon indicating copy to clipboard operation
spdx-spec copied to clipboard
verified publisher icon spdx

Meta-issue: track Licensing for 3.0

Open swinslow opened this issue 5 years ago • 3 comments

This is a meta-issue to track all the licensing-related issues for the 3.0 spec release. Not all of these issues are agreed to be added to the spec; many require further discussion and consideration.

Comments on the issues below should be handled in the applicable threads, NOT in this meta-issue. Feel free to comment here re: issues that are missing from this tracking list.

Main issue

  • [ ] Consolidate fields for license profile, #385

Fields for licensing profile

  • [ ] FOSSology requests:
    • [ ] SPDX coverage from what FOSSology covers, #112
    • [ ] Obligations, Risks, Restrictions part of the software delivery in B2B case, #111
    • [ ] Adding attribute of distribution relevance at license findings / files / folders, #92
  • [ ] Introduce CopyrightText at all levels and relax cardinality, #36

License expression syntax changes

  • [ ] Expand License namespaces available, #113
  • [ ] Support creation of custom exception using "ExceptionRef", #153
  • [ ] Consider whether '+' should work for Exception IDs too, #346
  • [ ] License expression semicolon operator, #123
    • [ ] Related: Multiple licenses: unclear specification, #124
  • [ ] Simplify license expression grammar in Appendix IV, #62
  • [ ] Add "NOASSERTION" to the license expression syntax, #50
  • [ ] Add "NONE" to the license expression syntax, #49

Spec syntax / appendix changes

  • [ ] Incompatibility in comment property for license between JSON and RDF/XML, #158
  • [x] ~~Rename SPDX-License-Identifier to SPDX-License-Expression?~~, no changes, see #82
  • [ ] Add appendix describing SPDX Listed License fields, #46
  • [ ] Make the matching template formats of license part of the spec - add matching guidelines annotation to SPDX licenses and to NON-SPDX licenses, #32

License List changes

  • [ ] Add false "isFsfLibre" value, #93
  • [ ] Need to be able to describe relationships between SPDX license-list files (new element?), #13

Relationship / Annotation changes

  • [ ] Expand §8.3.4 Annotation Type with new values (LICENSE, PATENT, COPYRIGHT, EXPORT, TRADEMARK) and change cardinality, #35

License for SPDX data

  • [x] ~~Re-evaluating CC0-1.0 as DataLicense for SPDX 3.0~~, no changes, see #159

swinslow avatar May 31 '20 19:05 swinslow

#82 is now closed

jlovejoy avatar Jul 01 '20 21:07 jlovejoy

I just found this meta issue, and was wondering whether #502 and #464 (a PR but actually an open issue/discussion) would also fit on this list. If I remember correctly, both topics were planned for 3.0 when I was in one of the calls.

mxmehl avatar Nov 24 '21 08:11 mxmehl

Yes, #502 and #464 should be added to the list.

As soon as the tech team, gets the core profile stabilized, we'll be doing another pass on the licensing profile, and these pending topics will be discussed. If a subteam wants to meet to discuss the licensing issues, in parallel, that would be welcome.

kestewart avatar Jan 26 '22 15:01 kestewart

@swinslow - Can you take a pass at this list and see if we got everything?

goneall avatar Apr 04 '24 17:04 goneall

@goneall Yes, thanks -- please see my edits in the tracking comment above, and in a number of the linked issues that I've commented on or closed.

I believe everything is now addressed that is going to be addressed for 3.0.

There are 4 issues noted above that are likely still to be discussed for 3.1 (though I'm not sure what the timeframe for 3.1 is expected to be, but leaving those open for now).

I'm going to go ahead and close this tracker since it's keyed to 3.0, but feel free to re-open or let me know if you have any questions.

swinslow avatar Apr 07 '24 14:04 swinslow