On 2020-06-20 15:02, Paul Eggert wrote:
On 6/20/20 1:45 PM, Paul.Koning@dell.com wrote:
Why is anything needed here?
I guess it's for some sort of packaging software that wants to see a LICENSE file containing a bunch of strings like "CC-PDDC" and "BSD-3-Clause". Or maybe these strings would need to be in every source file? It's not clear.
See https://spdx.dev/about/ "The Software Package Data Exchange® (SPDX®) specification is a standard format for communicating the components, licenses and copyrights associated with software packages. The SPDX standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance. The SPDX specification is developed by the SPDX workgroup, which is hosted by the Linux Foundation. The grass-roots effort includes representatives from more than 20 organizations—software, systems and tool vendors, foundations and systems integrators—all committed to creating a standard for software package data exchange formats." also https://wiki.spdx.org/view/Legal_Team/Decisions/Dealing_with_Public_Domain_w... "The rules around “Public Domain” often vary or are unspecified jurisdiction to jurisdiction. Adding to the confusion, some jurisdictions may not even recognize the concept of “Public Domain” (or similar). As such, a license may nevertheless be required or implied in these cases. Even in the U.S., there is no clear, officially-sanctioned procedure for affirmatively placing copyright-eligible works into the “Public Domain” aside from natural statutory expiration of copyright. The bottom-line is, there are few if any objective, brightline rules for proactively placing copyright-eligible works into the Public Domain that we can broadly rely on." Public domain is not a legal concept in many countries outside the U.S., may not be recognized in some countries, is not a licence, conveys no rights, or may require payment of fees to the state or authors' societies (in Africa and South America, some of which have abolished them; recently proposed by Germany for Europe); see: https://en.wikipedia.org/wiki/Paying_public_domain [OT: I'm surprised more countries do not, although a number do have a private copying levy or royalty on sales of blank media and/or recording equipment (in some places, any device containing memory), as some percentage is deemed to be sold for use to copy published works; see https://en.wikipedia.org/wiki/Private_copying_levy ] Please consider the problems tz has using the definitive and timely IERS leap-seconds.list, due to lack of any explicit licence, having to wait until NIST generates their derivative release, as that is a US government derived product in the public domain.
It would be helpful to know more details. What is the packaging software? How does that software work with tzdb now? Why would the change (whatever it is) save everybody time?
SPDX is under the Linux Foundation, and Linux has now been plastered with SPDX labels in all source files, and other projects are adding them, to reduce the effort of replying to compliance/risk management and other queries from supply chain managers: keeping product acquisition staff busy working from home.
If the IETF has a task force on this topic, perhaps we should wait for it to come to a conclusion before worrying about the issue.
See: https://trustee.ietf.org/trust-legal-provisions.html https://trustee.ietf.org/license-info/IETF-TLP-5.htm https://trustee.ietf.org/copyright-faq.html https://tools.ietf.org/html/rfc5377 https://tools.ietf.org/html/rfc5378 and normative and informative references included therein. It appears from these documents that the IETF legal team (so far) have a narrow focus on IETF documents and U.S. Copyright law, and fail to address the situation elsewhere, beyond acknowledging consideration of the Berne convention. FAQ 1.11 "No license is needed to use or modify public domain documents. However, given the complexity of determining whether or not a particular document is in the public domain, the IETF Trust does not seek to differentiate between public domain and non-public domain documents. Thus, the same assurances are requested, and the same licenses are granted, for all documents. In the case of public domain documents, however, your rights may be greater than those granted under the IETF Trust’s outbound license." That applies only in the U.S. and not the parts of the rest of the world where PD is unrecognized. Kim Davies said only that SPDX tagging would be taken into consideration by the IETF, not that licensing of PD content would be treated any differently to other IETF content, and whether tz content may be considered IETF content (under BSD simplified), handled under an alternate stream, or considered independent, so not considered by the IETF (I'd bet on this option). It would useful to know where information about this topic by the IETF is being posted, as: https://mailarchive.ietf.org/arch/browse/tlp-interest/ shows no (relevant) activity since 2015. As there are concerns about IERS leap-seconds.list on this list, European and other country product compliance/risk management/supply chain staff have concerns about tz content. So list members involved in such concerns may want to make those known. And it is normally better to get ahead of the requests, before product compliance/risk management/supply chain folks work their way down to emailing this list. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in IEC units and prefixes, physical quantities in SI.]