Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarifications needed with regards to licensing of the "licenses.json" file #6

Open
lelutin opened this issue Jul 4, 2020 · 2 comments
Open

Clarifications needed with regards to licensing of the "licenses.json" file #6

lelutin opened this issue Jul 4, 2020 · 2 comments

Comments

@lelutin
Copy link

lelutin commented Jul 4, 2020

Hello!

I'm working on packaging this library to debian as a dependency to another project, and one thing that I need to clarify for the package is whether the vendored "licenses.json" file from SPDX has a different license from the rest of the code.

Judging from #2, the switch to using the json file directly was done in order to remove the need to include the full license for the code building the license list. But the resulting json file on SPDX's website still seems to fall into a license defined by them.

From what I was able to find so far:

If I'm interpreting the information from those two sites forrectly, the file would be licensed under Creative Commons Attribution 3.0 License -- which would require the license attribution mention somewhere in this project.

Did someone in this project already figured all this out with SPDX to make sure the file needs a special attribution?

I've tried asking them already but as of now I've received no feedback: spdx/license-list-XML#986

cheers!
@domcleal
Copy link
Owner

domcleal commented Jul 4, 2020
edited

My reading of the trademark document is that only the specifications are CC-BY 3.0 and that the licence list (which is not a SPDX Specification itself and is under a different part of their website) is not necessarily licensed that way. Though Appendix I does happen to contain the list, albeit not the JSON file.

licence-list-data refers to licence-list-XML, which appears to be CC0/public domain though only certain source files. The GitHub issue seems to say that the intention was for the source XML files to be CC0, if there even is anything copyrightable there.

The impression I get is that it's regarded as generated, unoriginal content and they don't intend to claim any copyright for it, but some clarity from SPDX would be welcome.

Sorry I don't have any further information. Happy to amend the licence/documentation etc of this gem if it can be nailed down.

@lelutin
Copy link
Author

lelutin commented Jul 4, 2020

thanks for all your analysis!

ok so I guess we'll have to push some more on the SPDX issue I've linked to in my original comment and hopefully we'll end up getting some feedback.

I'll let you know if I can get some bits of information from them

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lelutin @domcleal