Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update SPDX License List in Appendix 1 #6

Closed
tsteenbe opened this issue Jul 18, 2017 · 10 comments
Closed

Update SPDX License List in Appendix 1 #6

tsteenbe opened this issue Jul 18, 2017 · 10 comments

Comments

@tsteenbe
Copy link
Member

tsteenbe commented Jul 18, 2017

The following table contains the full names and short identifiers for the SPDX License List, v2.5 which was released July 2016. For the full and most up-to-date version of the SPDX License List as well as other related information, please see http://spdx.org/licenses/

Should we upgrade to v2.6 in the next fix release

@tsteenbe tsteenbe added the bug Things that do not work as expected or as documented label Jul 18, 2017
@tsteenbe tsteenbe added this to the 2.1.1 milestone Jul 18, 2017
@kestewart
Copy link
Contributor

Discussed on SPDX Tech call. Please update to the next rev of the license list to go along with the next 2.1.1 rev of the spec (along with any necessary bug fixes and links). Kate to let Jilayne know we'll be doing this, and make sure she's ok.

@wking
Copy link
Contributor

wking commented Jul 18, 2017

I've filed a script to automate this and bumped the Markdown in #10.

@tsteenbe tsteenbe modified the milestones: 2.1.1, 2.2 Dec 19, 2017
@kestewart kestewart added enhancement and removed bug Things that do not work as expected or as documented labels Dec 19, 2017
@wking
Copy link
Contributor

wking commented Jan 2, 2018

After some discussion with @mlinksva here, I'd like to re-raise dropping the license-list appendix in favor of an external link (which I'd mentioned briefly here; @goneall seemed ambivalent). If we do that, we'd want to either transition LicenseListVersion from optional to required or define its default more clearly. As it stands, it's not clear to me what the license-list version defaults to when LicenseListVersion is not set. Is it 2.5 since that's the version in the 2.1 spec's appendix I? Is it the most-recently released license list? Without these changes, it is unclear to me how the 3.0 license-list release is expected to impact spec consumers. For example, are package.json authors expected to wait until npm updates the docs before they start using license-list 3.0 identifiers or can they start using them now? Is npm blocked on a new spec release or can they update those docs now to specify the 2.1 spec with the 3.0 license list?

@mlinksva
Copy link

mlinksva commented Jan 3, 2018

I don't care that much, but my bias is against making LicenseListVersion required.

It seems the license list has a de facto (possibly I've missed explicit or contrary) backwards-compatibility policy, that is deprecating rather than removing license identifiers. This makes knowing what version of the license list a producer is working with a lot less critical.

Required fields often aren't provided anyway, which makes requiring ones that aren't absolutely critical somewhat pointless. I'm not sure whether being a tutorial file makes it more or less on point, but skimming, I lost count (something like 10) of the number of mandatory fields missing from https://github.com/david-a-wheeler/spdx-tutorial/blob/master/LICENSE.spdx

@wking
Copy link
Contributor

wking commented Jan 3, 2018 via email

@goneall
Copy link
Member

goneall commented Jun 12, 2018

Discussed on tech call 12 June 2018: For 2.2, we will update the appendix to the latest license list version. For 3.0, there is a proposal to remove the appendix and just reference the license list by URL. Since some of the proposal has backwards compatibility issues (e.g. making LicenseListVersion required), this is more of a 3.0 topic.

@goneall
Copy link
Member

goneall commented Jun 12, 2018

Suggest doing a PR after version 3.2 of the license list is released.

@wking
Copy link
Contributor

wking commented Jun 14, 2018

For 3.0, there is a proposal to remove the appendix and just reference the license list by URL. Since some of the proposal has backwards compatibility issues (e.g. making LicenseListVersion required), this is more of a 3.0 topic.

Whether we require LicenseListVersion or not is orthogonal to whether we inline or reference a given version of the list. For example, see the wording I floated in my previous comment. If there is a consensus around incorporating the license list by reference, I don't see any problems with doing that as part of 2.2.

@kestewart
Copy link
Contributor

see: #151

@iamwillbar
Copy link
Collaborator

Closing since #151 has been merged into the upcoming 2.2 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants