[tz] Use or Apply for SPDX Licence

Brian Inglis Brian.Inglis at SystematicSw.ab.ca
Tue Jun 23 15:39:14 UTC 2020 

On 2020-06-23 01:22, Ralph Schaffner wrote:
> On Mon, 2020-06-22 at 22:51 -0400, Tom Lane wrote:
>> "Philip Paeps" <philip at trouble.is> writes:
>>> Unfortunately, I don't think it's practical to retroactively apply
>>> a CC0 
>>> tag.  Formally, you'd need each individual contributor to
>>> agree.  Given 
>>> the age of the tz project, this may be impossible.

>> Yeah, that.
>> FWIW, we've had roughly comparable discussions in the Postgres
>> project.
>> The existing PG copyright is a mess: it's sloppily worded and it
>> protects nobody except the University of California.  But we've
>> concluded that changing it is effectively impossible, because there's
>> no way to get the concurrence of every past contributor.  And that
>> conclusion was arrived at in 2000 ... so it'd be that much worse now.
>> In practice, the amount of interest in changing the license wording has 
>> dropped to about nothing since 2000, too.  People are far more used to the
>> concept of community-owned open source code than they were then, and the
>> fact that the governing document is loosely phrased bothers nobody now
>> other than perhaps some bean-counters.
>> In short, I think politely ignoring SPDX is the right thing to do.
>> It's trying to solve a problem that was real enough twenty years
>> ago, but people have gotten over it.

I suspect that it may be driven by the FSF Licensing & Compliance Team or others
similarly following up on GPL, and possibly other, licence violations, like not
including copies of licences or not making all open source available.

> Actually, the point of SPDX is to create unique tags for existing
> licenses, not to create or change the licenses that a project is
> released under. This is meant to make identification of licenses used
> easier to identify in a more consistent way. Think automation.
> 
> As a matter of fact Postgresql already has a SPDX tag. :)
> https://spdx.org/licenses/PostgreSQL.html
> 
> For an example of how SPDX might be used you can look at Opensuse. The
> rpm spec files are expected to have an SPDX tag for the License value.
> 
> https://en.opensuse.org/openSUSE:Packaging_guidelines#Spec_Files
> 
> As the Packaging Guidelines state, the SPDX is "relatively" new so
> there aren't valid tags for all licenses yet. It looks like currently
> Opensuse marks the timezone rpms as "BSD-3-Clause AND SUSE-Public-
> Domain"
> 
> https://build.opensuse.org/package/view_file/Base:System/timezone/timez
> one.spec?expand=1

CC0 could be better but I have the same reservations about the effectiveness
and validity of making such changes as stated above.

This project could add a comment SPDX-License-Identifier: BSD-3-Clause when
date.c, newstrftime.3, or strftime.c are modified, and as SUSE-Public-Domain is
not listed at the SPDX site, on a similar basis, add comment
SPDX-License-Identifier: LicenceRef-IANA-TZ-Public-Domain, as any other files
are modified in this project.

The project repos and tzcode sources should probably also include or reference a
copy of the BSD-3-Clause licence.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in IEC units and prefixes, physical quantities in SI.]

More information about the tz mailing list