spdx-spec
spdx-spec copied to clipboard
spdx
Is `DataLicense` wrong more often than it’s right?
This PR removed the following text from chapters/document-creation-information.md:
By using this document, or any portion hereof, you hereby agree that any copyright rights (as determined by your jurisdiction) in any SPDX-Metadata, including without limitation explanatory text, shall be subject to the terms of the Creative Commons CC0 1.0 Universal license. For SPDX-Metadata not containing any copyright rights, you hereby agree and acknowledge that the SPDX-Metadata is provided to you "as-is" and without any representations or warranties of any kind concerning the SPDX-Metadata, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non-infringement, or the absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
The DataLicense field still has to be “CC0-1.0”. I have some questions about this change:
- How likely is it that CC0-1.0 truly applies to some specific metadata created using using SPDX v2.2 (which included that language)? I would think that that depends on what jurisdiction the specific metadata was created in.
- How likely is it that CC0-1.0 truly applies to some specific metadata created using using SPDX v2.2.1 (which didn’t include that language)?
- Is there any way to tell the difference between a document created using SPDX v2.2 and a document created using SPDX v2.2.1?
I bring up those questions to make a point: it seems like the DataLicense field might wrong more often than it’s right. If it is wrong more often than not, then I don’t think that it makes sense to force DataLicense to be “CC0-1.0”. It just seems misleading that way.
I don't understand the question. All SPDX data are under CC0-1.0. Why would you think that the license would be wrong ("more often than not", even!).
All SPDX data are under CC0-1.0.
What causes all SPDX data to be under CC0?
Why would you think that the license would be wrong ("more often than not", even!).
Originally, I assumed that the part that says “any SPDX-Metadata, including without limitation explanatory text, shall be subject to the terms of the Creative Commons CC0 1.0” was responsible for making CC0 apply to all SPDX data. Now that it’s been removed, I’m not sure if that assumption was correct.
What causes all SPDX data to be under CC0?
The SPDX specification, which, since the beginning, 10+ years ago, said that the data license is CC-1.0.
Even without the wording, the DataLicenseis defined to be CC-1.0. If it's not, is not valid SPDX. This remains valid in SPDX 3.0.
What causes all SPDX data to be under CC0?
The SPDX specification, which, since the beginning, 10+ years ago, said that the data license is CC-1.0.
OK, so what part of the specification says that? The way I read it, version 2.2.1 removed the part of the specification that said that.
Even without the wording, the
DataLicenseis defined to be CC-1.0.
I agree. Version 2.2.1 says that the DataLicense field must be set to the string “CC0-1.0”. Does that mean that the answer to these two questions is “100% likely”?
How likely is it that CC0-1.0 truly applies to some specific metadata created using using SPDX v2.2 (which included that language)?
How likely is it that CC0-1.0 truly applies to some specific metadata created using using SPDX v2.2.1 (which didn’t include that language)?
This has been resolved with the recent change proposal on datalicense which is implemented in the 3.0 spec.
