1. Forum
  2. Usenet
  3. LINUX.DEBIAN.LEGAL

  • question about licensing for ruby-spdx-licenses

    From Gabriel Filion@21:1/5 to All on Sat Feb 29 23:50:02 2020
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5YKta6Vopby7UOLEU3hFzyUhbTSX4Sl5X
    Content-Type: text/plain; charset=utf-8
    Content-Language: en-US
    Content-Transfer-Encoding: quoted-printable

    Hello,

    I'm working on a package for a ruby library, ruby-spdx-licenses, for
    which I had some questions pop to mind about licensing:

    The code ships a json file that contains information about all of the
    licenses that the library helps with identifying. This json file was
    copied from the SPDX web site:

    https://github.com/domcleal/spdx-licenses#spdx-licenses

    From what I could gather, the website specifies that all content is
    covered by CC-BY 3.0:

    https://spdx.org/Trademark
    https://www.linuxfoundation.org/terms/

    However, I'm not completely sure that the information I found is precise enough..


    Then, I also found some mentions about some terms related to the use of
    the SPDX name, which would be present in the package name and in the description, and this is where I feel like I'm in uncertain waters (at
    least for me):

    https://spdx.org/frequently-asked-questions-faq-0

    "Can I use the SPDX trademark?
    Yes. It is a registered trademark so don't forget the (r)."

    Do I need to add (r) after the name "SPDX" in the package description?
    Is it an issue if the name "SPDX" is used in the package name itself?

    Cheers!


    --5YKta6Vopby7UOLEU3hFzyUhbTSX4Sl5X--

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEwcx6S3++jtN8APi1woWSSWurwSIFAl5a5+oACgkQwoWSSWur wSKZ3xAA3bGofyr4EvM0P/4uLCwyLO+vK+jWH5/Zbmamkr0ckuEH5pluvr3QcSvO nmR3AipQfC5TyKjTRMdXN6HXp9Q3F8zEvMoBG9y8LyQd/c1UFJfkrGr/qwNU+Q1F UwVl5a31iPeMZCqByqScQl4iZWowR5cadsmzoH50nsH9Imk1L2gAnbuYcPWq0ZXx eH76q/msYXXPoTpd1uFMNefH6U1RG7t+hmyJl61NjJVBzaC/56hFcDdsSbuxT5do 2gLEqWd0OC9USKbdrMfL393tbE374c6wXRsfKskUpTIJdpa3Ybt0PDE4dxG2MvX1 nAyBXH1ntm3/MArvPsS69zsckVQFoADvTz8lMRdJ+cRIoMdadz6VT6Z+Aazrztbl E1f6JvBFKHJ2S+yvrnAMTND7GSXVBsBYHBglX/cnOi6lrQTOn08oBwdAY6+YSc0L X4RL8mGSRh099hmSoYu5MegAyUzHcUQEdC/d1fdDAI2368KdTgwoqNvUGgTj3t7G 53BAYNiMHXUL3GqKErose8B7mPcw2loFt1y+KWOOa5SnwzTbp4YT6tflRe7tPGsi J/nY4SPPVkYk2IKehnjh4rV9clSPcnPlvo7rAvxaFzHceMAJjlHMxU7q6BX5bUrc W2Ayzrn9XDCzyaY4lUYWX4ag8x0sevrdGnGhJDeO+FSeogXErTg=
    =SO7f
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Florian Weimer@21:1/5 to All on Sun Mar 1 11:30:02 2020
    * Gabriel Filion:

    From what I could gather, the website specifies that all content is
    covered by CC-BY 3.0:

    https://spdx.org/Trademark
    https://www.linuxfoundation.org/terms/

    However, I'm not completely sure that the information I found is precise enough..

    The upstream repository appears to be:

    <https://github.com/spdx/license-list-XML>

    Curiously, its XML files lack SPDX tags, and there is no licensing
    information.

    I'd suggest to contact the primary contribtors and ask them to clarify
    the licensing situation.

    The data may not be copyrightable in the United States, but it looks
    like it could be protected elsewhere.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gabriel Filion@21:1/5 to Florian Weimer on Mon Mar 2 01:30:01 2020
    Copy: debian-legal@lists.debian.org

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --B1woi9jnTP21BVDb2PHtxvNdZhGohRl1j
    Content-Type: text/plain; charset=utf-8
    Content-Language: en-US
    Content-Transfer-Encoding: quoted-printable

    On 2020-03-01 5:25 a.m., Florian Weimer wrote:
    * Gabriel Filion:

    From what I could gather, the website specifies that all content is
    covered by CC-BY 3.0:

    https://spdx.org/Trademark
    https://www.linuxfoundation.org/terms/

    However, I'm not completely sure that the information I found is precise
    enough..

    The upstream repository appears to be:

    <https://github.com/spdx/license-list-XML>

    Ah thanks for this URL, I hadn't stumbled upon it yet.

    Curiously, its XML files lack SPDX tags, and there is no licensing information.

    I'd suggest to contact the primary contribtors and ask them to clarify
    the licensing situation.

    The data may not be copyrightable in the United States, but it looks
    like it could be protected elsewhere.

    ok good idea. I will open an issue on the github repository above to ask
    for some clarifications.


    --B1woi9jnTP21BVDb2PHtxvNdZhGohRl1j--

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEwcx6S3++jtN8APi1woWSSWurwSIFAl5cUWEACgkQwoWSSWur wSIIRQ//Wn+8X0/R5TY9cQic3Q1qr4xCMO8gVM76nytc3Cd9uOXujwW7zRdalJFC N/fVgPBWmKq00egBKiWMYwVcagJcHYmpE3MEUN6oHurDL10WGHwzfPXXB3IJXhvN Em3YaEgVoWRJvKvxR0pIkQOaQ0uP2j0oRIU/i+xmWZwFY76IQi+UNIUE71GuaTVi EhqbEZXHCD1aj4Rasd93qBRO0vZS5kNdTAXz/GoJ7awYDP9qx6p3OEECxSt2mzVT 3JxAll0VKClP4D1aArK1Ue3CrzrIldZGnkX5Se3VXpMSPj7Jh0MmoexJuFA2muKU +9HtR6KokGnf6WG5u67LrS5OhsV8WaqSeFMvTB52GSO1gWHLm2RZP6WwkbVCCq/A R1/X+7lUvLTloB9oDpYOeIc8HQtG3RrJdJ7wvS6cyucZsRyq1ramHKluP1QQkhHx zcsEjD4wVRL7bAWWHRf50ug8sltONr/myRG3RUio77E5lGxsXeYzJR9f3m4vRwdt jJNNmTtj2OhWe78ezTTdoplAYqtw4dS1L+2HE2pDaP9ev0+K8ejnGTGikbEudxcs NS8xz3Tx+cUv6e3cQYdOqugKMCYmlJ2dk7y+Xg0V0bbYVsh0Hw03u4PMIWkSmdGR SWJFcnvYbEn9GbpUcXsh9YvfB9J5+FFJ5/rGNFtfBOyJcBUIrBE=
    =cSx1
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)