[tz] Use or Apply for SPDX Licence
Brian.Inglis at SystematicSw.ab.ca
Tue Jun 23 15:39:14 UTC 2020
On 2020-06-23 01:22, Ralph Schaffner wrote:
> On Mon, 2020-06-22 at 22:51 -0400, Tom Lane wrote:
>> "Philip Paeps" <philip at trouble.is> writes:
>>> Unfortunately, I don't think it's practical to retroactively apply
>>> a CC0
>>> tag. Formally, you'd need each individual contributor to
>>> agree. Given
>>> the age of the tz project, this may be impossible.
>> Yeah, that.
>> FWIW, we've had roughly comparable discussions in the Postgres
>> The existing PG copyright is a mess: it's sloppily worded and it
>> protects nobody except the University of California. But we've
>> concluded that changing it is effectively impossible, because there's
>> no way to get the concurrence of every past contributor. And that
>> conclusion was arrived at in 2000 ... so it'd be that much worse now.
>> In practice, the amount of interest in changing the license wording has
>> dropped to about nothing since 2000, too. People are far more used to the
>> concept of community-owned open source code than they were then, and the
>> fact that the governing document is loosely phrased bothers nobody now
>> other than perhaps some bean-counters.
>> In short, I think politely ignoring SPDX is the right thing to do.
>> It's trying to solve a problem that was real enough twenty years
>> ago, but people have gotten over it.
I suspect that it may be driven by the FSF Licensing & Compliance Team or others
similarly following up on GPL, and possibly other, licence violations, like not
including copies of licences or not making all open source available.
> Actually, the point of SPDX is to create unique tags for existing
> licenses, not to create or change the licenses that a project is
> released under. This is meant to make identification of licenses used
> easier to identify in a more consistent way. Think automation.
> As a matter of fact Postgresql already has a SPDX tag. :)
> For an example of how SPDX might be used you can look at Opensuse. The
> rpm spec files are expected to have an SPDX tag for the License value.
> As the Packaging Guidelines state, the SPDX is "relatively" new so
> there aren't valid tags for all licenses yet. It looks like currently
> Opensuse marks the timezone rpms as "BSD-3-Clause AND SUSE-Public-
CC0 could be better but I have the same reservations about the effectiveness
and validity of making such changes as stated above.
This project could add a comment SPDX-License-Identifier: BSD-3-Clause when
date.c, newstrftime.3, or strftime.c are modified, and as SUSE-Public-Domain is
not listed at the SPDX site, on a similar basis, add comment
SPDX-License-Identifier: LicenceRef-IANA-TZ-Public-Domain, as any other files
are modified in this project.
The project repos and tzcode sources should probably also include or reference a
copy of the BSD-3-Clause licence.
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in IEC units and prefixes, physical quantities in SI.]
More information about the tz