> On May 22, 2019, at 3:10 PM, John Sullivan <johns@xxxxxxx> wrote: > > J Lovejoy <opensource@xxxxxxxxxxx> writes: > >> Richard, >> >> As you raised this concern and yet I’m noticing you continue to review >> the patches and sign off, am I correct to assume that you don’t think >> this is a big concern? >> > > I was late to subscribe and am just catching up on the conversation > here, so apologies if I missed earlier explanation, but I remember > discussing this issue a while back on either -legal or -general (I'll > look when I have a few more moments). On https://spdx.org/ids-how it > currently says: > >> When a license defines a recommended notice to attach to files under >> that license (sometimes called a "standard header"), the SPDX project >> recommends that the standard header be included in the files, in >> addition to an SPDX ID. > >> Additionally, when a file already contains a standard header or other >> license notice, the SPDX project recommends that those existing notices >> should not be removed. The SPDX ID is recommended to be used to >> supplement, not replace, existing notices in files. > >> Like copyright notices, existing license texts and notices should be >> retained, not replaced ‐ especially a third party's license notices. > > - John, that text is from the SPDX website and is very generalized, conservative and non-contextual. The reality we live in today is that people are choosing to use the SPDX identifiers in their files instead of the full license text (for MIT) or the standard license notice (for Apache-2.0 or GPL), etc. - this is good because SPDX identifiers are more concise and easier for tooling to parse. Even when there is a standard license header recommended, like the GPL has done, it doesn’t get faithfully reproduced which causes headaches for tooling to parse even when the intent is clear. This is what Thomas is dealing with and you can see the many examples of this on the many other emails on this list. The question Richard was posing (if I may paraphrase) if someone would have a viable argument for non-compliance with section 1 just for replacing a messy, but clear (in terms of what license variant applies) with an SPDX identifier. Considering that Stallman encouraged the use of the SPDX identifiers we adopted based on his concern for lack of clarity, I can hardly think that the FSF is now going to go back on that sentiment? Thanks, Jilayne
