Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-evaluating CC0-1.0 as DataLicense for SPDX 3.0 #159

Closed
swinslow opened this issue Dec 5, 2019 · 5 comments
Closed

Re-evaluating CC0-1.0 as DataLicense for SPDX 3.0 #159

swinslow opened this issue Dec 5, 2019 · 5 comments
Labels
profile: licensing Licensing profile and related matters
Milestone
3.0

Comments

@swinslow
Copy link
Member

swinslow commented Dec 5, 2019

The SPDX 3.0 discussions have included questions being raised about whether CC0-1.0 should be retained as the mandatory DataLicense field for SPDX documents.

The SPDX legal team is gathering details about the historical rationales for why the CC0-1.0 license was initially chosen, and how that is seen as operating in SPDX documents. (Much of these rationales are currently present in the existing spec and on the SPDX wiki.)

For those folks who have asked to make a change to the current CC0-1.0 DataLicense, in order to help evaluate this request, I'd ask that they add comments to this issue explaining specifically:

  1. why they believe that CC0-1.0 is not satisfactory for their anticipated use cases for 3.0, in light of the existing rationales in the spec; and
  2. what specific alternative they would want to see (e.g. DataLicense as a field that can take any license expression, or remove the field altogether, etc.)
@swinslow swinslow added this to the 3.0 milestone Dec 5, 2019
@swinslow swinslow mentioned this issue Apr 10, 2020
Closed
@swinslow swinslow added the profile: licensing Licensing profile and related matters label May 31, 2020
@swinslow swinslow mentioned this issue May 31, 2020
Closed
22 tasks
@kestewart
Copy link
Contributor

@iamwillbar, @pombredanne - if you have examples, can you share your use cases here, so we can justify doing this. Thanks!

@jlovejoy
Copy link
Member

jlovejoy commented Jul 1, 2020

I think I posted this on the mailing list but putting link here too, to make sure folks have the background. We had a write-up explaining the rationale for CC-0 - https://wiki.spdx.org/images/SPDX-TR-2014-1.v1.1.pdf

Also, don't forget the preamble (which should be somewhere besides this...) https://wiki.spdx.org/view/Legal_Team/Decisions/SPDX_Metadata_License:_Preamble_and_CC0_1.0_Universal

@swinslow
Copy link
Member Author

I've raised this on a few prior tech team calls requesting input, and haven't seen any feedback in response to the questions raised above to the folks seeking a license change. So I am inclined to close this issue and stick with CC0-1.0 as the document DataLicense.

@swinslow
Copy link
Member Author

swinslow commented Aug 6, 2020

No responses, so closing issue.

@swinslow swinslow closed this as completed Aug 6, 2020
@zvr zvr mentioned this issue Dec 16, 2020
Closed
@swinslow swinslow mentioned this issue Feb 7, 2023
Closed
7 tasks
@MarkAtwood
Copy link

I would like to reopen this issue. Amazon has severe resevations about being required to tag the SBOMs of our internal services and delivered products as CC0, even if there is also an NDA in place. We especially don't want to have "you put a CC0 on it" when someone else publishes something that was provided to them by someone breaking their NDA. The other SBOM standards do not require a CC0 or other license tag.

@MarkAtwood MarkAtwood mentioned this issue May 4, 2023
Closed
@Pizza-Ria Pizza-Ria mentioned this issue May 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
profile: licensing Licensing profile and related matters
Projects
None yet
Milestone
3.0
Development

No branches or pull requests
4 participants
@swinslow @jlovejoy @kestewart @MarkAtwood