On 2020-06-23 01:22, Ralph Schaffner wrote:
On Mon, 2020-06-22 at 22:51 -0400, Tom Lane wrote:
"Philip Paeps" <philip@trouble.is> writes:
Unfortunately, I don't think it's practical to retroactively apply a CC0 tag. Formally, you'd need each individual contributor to agree. Given the age of the tz project, this may be impossible.
Yeah, that. FWIW, we've had roughly comparable discussions in the Postgres project. The existing PG copyright is a mess: it's sloppily worded and it protects nobody except the University of California. But we've concluded that changing it is effectively impossible, because there's no way to get the concurrence of every past contributor. And that conclusion was arrived at in 2000 ... so it'd be that much worse now. In practice, the amount of interest in changing the license wording has dropped to about nothing since 2000, too. People are far more used to the concept of community-owned open source code than they were then, and the fact that the governing document is loosely phrased bothers nobody now other than perhaps some bean-counters. In short, I think politely ignoring SPDX is the right thing to do. It's trying to solve a problem that was real enough twenty years ago, but people have gotten over it.
I suspect that it may be driven by the FSF Licensing & Compliance Team or others similarly following up on GPL, and possibly other, licence violations, like not including copies of licences or not making all open source available.
Actually, the point of SPDX is to create unique tags for existing licenses, not to create or change the licenses that a project is released under. This is meant to make identification of licenses used easier to identify in a more consistent way. Think automation.
As a matter of fact Postgresql already has a SPDX tag. :) https://spdx.org/licenses/PostgreSQL.html
For an example of how SPDX might be used you can look at Opensuse. The rpm spec files are expected to have an SPDX tag for the License value.
https://en.opensuse.org/openSUSE:Packaging_guidelines#Spec_Files
As the Packaging Guidelines state, the SPDX is "relatively" new so there aren't valid tags for all licenses yet. It looks like currently Opensuse marks the timezone rpms as "BSD-3-Clause AND SUSE-Public- Domain"
https://build.opensuse.org/package/view_file/Base:System/timezone/timez one.spec?expand=1
CC0 could be better but I have the same reservations about the effectiveness and validity of making such changes as stated above. This project could add a comment SPDX-License-Identifier: BSD-3-Clause when date.c, newstrftime.3, or strftime.c are modified, and as SUSE-Public-Domain is not listed at the SPDX site, on a similar basis, add comment SPDX-License-Identifier: LicenceRef-IANA-TZ-Public-Domain, as any other files are modified in this project. The project repos and tzcode sources should probably also include or reference a copy of the BSD-3-Clause licence. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in IEC units and prefixes, physical quantities in SI.]