-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Submit FSL to SPDX #21
Comments
As you work toward a SPDX submission, I'd encourage you to think about properties of the license that will make it work better in the SPDX ecosystem, and/or investing in the SPDX ecosystem itself to lower adoption barriers for software (especially software where the change date has elapsed). One idea is in developing the conditional support in the license expression that I referenced in the ticket (see spdx/spdx-spec#60) As things sit right now for BUSL-1.1 (which has an identifier), I think there's not really a "clean" way to designate an artifact as being available under a FOSS license. So I think software products and services that use SPDX for License Compliance purposes will continue to flag software licensed under BUSL as a "HIGH" risk. An example is with Snyk: https://go.snyk.io/rs/677-THP-415/images/SPDX_Licenses_SuggestedSeverity_May31.pdf |
I'm making PRs to see if we can bring existing adoption up to 1.1: |
Ah! Now I remember why I was blocking this. I wanted to resolve the question of whether we are sticking with the name now that we have fair.io. Like, should we call this Fair Source License 2.0? We decided against it, because we want to use Fair Source for a wider scope that includes other licenses (BUSL most obviously), so we'll stick with Functional Source License to disambiguate. I think I'm out of blockers to submitting this! 😱 |
FSL-1.1-MIT: spdx/license-list-XML#2458 I had to work around validation for the "full name" field. |
I'm planning to join the twice-monthly call tomorrow. |
FYI we did join that call in April, further discussion in the related tickets in the SPDX repo (linked above). I've been focused on getting the wider Fair Source initiative off the ground, will aim to circle back here soon to pick up with SPDX conversation. |
I joined the call today. Details on the thread. |
Chiming in. Today I learned that Apache 2.0 is also known as ALv2 (makes sense). Would FSL-1.1-ALv2 work here? It doesn't use the Apache trademark, but it does make it clear that it converts to the ALv2 license. |
I don't think this abbreviation is in any way SPDX-official For Apache 2.0 the SPDX identifier is |
Good point — but it's clearer than the proposed "-A" alternative, imo. It is an official acronym: https://www.apache.org/legal/apply-license.html |
Reticketing from #20 (comment) ...
Once the dust settles on a likely 1.1†, and we have a few more companies on board‡, let's submit FSL to SPDX.
† "The license has identifiable and stable text; it is not in the midst of drafting."
‡ "The license has actual, substantial use such that it is likely to be encountered. Substantial use may be demonstrated via use in many projects, or in one or a few significant projects. For new licenses, there are definitive plans for the license to be used in one or a few significant projects."
https://github.com/spdx/license-list-XML/blob/main/DOCS/license-inclusion-principles.md
The text was updated successfully, but these errors were encountered: