Subject: Re: Unique identifier for licenses
From: "Mathieu Gervais (IDEAS)" <Mathieu.Gervais@morganstanley.com>
Date: Mon, 2 May 2011 11:26:49 -0400
Mon, 2 May 2011 11:26:49 -0400
Many thanks. This proposed course of action makes sense to me.
I think establishing such identifiers would be helpful for the community and
a small but good addition to OSI's offering.

-mathieu

On Sun, May 1, 2011 at 22:41, Karl Fogel <kfogel@red-bean.com> wrote:

> "Mathieu Gervais (IDEAS)" <Mathieu.Gervais@morganstanley.com> writes:
> >Right. I was hoping OSI would just seed with the initial SPDX list..
> >and then take it from there (and then SPDX have the wisdom to leverage
> >whatever addition OSI did so there is no fork).
> >Maybe I'm dreaming :)
> >Do you know where I should ask?
>
> You're asking in the right place, at least for OSI.  Here's what I'd
> like to do:
>
>  1) For every license for which there is a SPDX identifier, make sure
>     that http://opensource.org/licenses/IDENTIFIER exists and is
>     canonical (i.e., does not redirect).  In some cases, we will need
>     to redirect existing pages to the new page, of course.
>
>  2) For any OSI-approved license for which there is no SPDX identifier,
>     create one using the same algorithm SPDX used.  Also, at least try
>     to contact them and get them to sign off on the acronym choice :-).
>
> Regarding (1), my only caveat is that I don't yet know if OSI considers
> some of its abbreviations to be canonical -- i.e., shouldn't redirect.
> Does anyone here know the answer to that?
>
> (Descriptions of licenses would, of course, also reference the canonical
> abbreviation, and distinguish it from colloquial abbrevations -- though
> should list them all, being a primary reference.)
>
> Assuming there's no reason *not* to be in sync, then SPDX and OSI should
> stay in sync.  But it would be premature to commit to this until we
> actually have that conversation.  I'll try to start that conversation
> (or maybe there already is one, in which case I'll try to find it :-) ).
>
> There's no reason any of this needs to bottleneck OSI's license approval
> process.  Approving a license need not be simultaneous with establishing
> a canonical abbreviation for it, although in practice they probably can
> be (and ideally would be) simultaneous.
>
> -Karl
>
> >On Mon, Apr 18, 2011 at 12:30, David Dillard
> ><david dillard@symantec.com> wrote:
> >
> >
> >        Actually, you’d still have a problem.  When the OSI approved a
> >    new license that license would not have an identifier until the
> >    SPDX group gave it one unless there was an agreement that the OSI
> >    would create identifiers that SPDX would use and assuming OSI was
> >    willing to take on that task.
> >
> >
> >
> >    I’m somewhat skeptical that either organization would agree to
> >    something like that, but it doesn’t hurt to ask :-)
> >
> >
> >
> >
> >
> >        From: Mathieu Gervais (IDEAS)
> >    [mailto:Mathieu.Gervais@morganstanley.com]
> >    Sent: Monday, April 18, 2011 12:17 PM
> >    To: David Dillard
> >    Cc: license-discuss@opensource.org
> >    Subject: Re: Unique identifier for licenses
> >
> >
> >
> >
> >
> >    Many thanks for the reply. That's an interesting suggestion.
> >    On the other hand, I'm a bit worried that these short form names
> >    don't appear anywhere on opensource.org.
> >    Any chances OSI could add them to
> >    http://www.opensource.org/licenses/alphabetical ? i.e. after the
> >    license name, have "(short-form = XXX)"
> >    That would eliminate the reliance on another party that might
> >    diverge or just not be updated when there is a license added by
> >    OSI.
> >    I know this creates an admin burden, but given these guys seems to
> >    have done most of the legwork, I think it would actually be a
> >    worthy addition to OSI's offering (small, but with value).
> >    (should I send this request to another particular group? I'm
> >    hoping OSI folks are reading this list...)
> >
> >    Thanks,
> >
> >    -mathieu
> >
> >
> >        On Mon, Apr 18, 2011 at 12:09, David Dillard
> >    <david dillard@symantec.com> wrote:
> >
> >
> >        You might try using the short form identifiers for licenses as
> >    found in the SPDX spec (see Appendix I).
> >
> >
> >
> >    http://spdx.org/system/files/spdx-v1beta.draft20100807 1.pdf
> >
> >
> >
> >
> >
> >
> >
> >        From: Mathieu Gervais (IDEAS)
> >    [mailto:Mathieu.Gervais@morganstanley.com]
> >    Sent: Monday, April 18, 2011 9:14 AM
> >    To: license-discuss@opensource.org
> >    Subject: Unique identifier for licenses
> >
> >
> >
> >
> >    Hi,
> >
> >    We are improving internal tooling to keep track of open source
> >    libraries licenses.
> >    What do you recommend in order to uniquely identify licenses?
> >
> >    We want to leverage OSI's catalogue of licenses in order to not
> >    reinvent the wheel, but it doesn't look like a slam dunk since the
> >    naming is not that consistent.
> >    For example, for BSD the name seen on these 2 pages is different:
> >
> >            http://www.opensource.org/licenses/alphabetical
> >
> >            http://www.opensource.org/licenses/bsd-license
> >    (I prefer the one on the alphabetical list, since it does hint
> >    which flavor of BSD we are talking about -- "new and simplified").
> >
> >    So the question is, what would be the best/recommended (short)
> >    identifier that is likely to stay stable?
> >    I see the following choices:
> >     a) name as listed on
> >    http://www.opensource.org/licenses/alphabetical
> >     b) name as listed on the license page itself: e.g.
> >    http://www.opensource.org/licenses/bsd-license
> >
> >         ( this seems a non starter given that not all page have the
> >    same format, some of them have the license name written as "Open
> >    Source Initiative OSI - license name:Licensing" (see bsd), some
> >    have just the license name (e.g. AGPL)
> >
> >     c)use the short name in the url of the license itself, i.e.:
> >
> >        http://www.opensource.org/licenses/bsd-license   => use
> >    license name="bsd-license"
> >
> >        http://www.opensource.org/licenses/mit-license   => use
> >    license name="mit-license"
> >
> >        http://www.opensource.org/licenses/gpl-2.0    => use license
> >    name="gpl-2.0"
> >
> >
> >    Although we could use full URLs, I'd prefer using a short,
> >    meaningful name. (the full URL would really amount to option c
> >    anyway).
> >
> >    I'm not going to hold it against you if this ever changes, but I'd
> >    like to know that I at least have a shot at using something that
> >    is likely to be relatively stable for the foreseeable future.
> >    It also seems to me adding this to the FAQ could make sense since
> >    I'm certainly not the only one trying to refer to licenses in your
> >    catalogue.
> >
> >    I understand this is a bit nitpicking, but since we are doing
> >    this, we might as well try to do it right.
> >
> >    Let me know if my question is not clear and thanks in advance for
> >    your help.
> >
> >    -mathieu
> >
> >    PS: ultimately we do store and refer to the actual license txt
> >    included in the distribution of each library, but this is for the
> >    purpose of categorization in our internal repository.
> >
> >
>


Many thanks. This proposed course of action makes sense to me. 
I think establishing such identifiers would be helpful for the community and a small but good addition to OSI's offering. 

-mathieu

On Sun, May 1, 2011 at 22:41, Karl Fogel <kfogel@red-bean.com> wrote:
"Mathieu Gervais (IDEAS)" <Mathieu.Gervais@morganstanley.com> writes:
>Right. I was hoping OSI would just seed with the initial SPDX list..
>and then take it from there (and then SPDX have the wisdom to leverage
>whatever addition OSI did so there is no fork).
>Maybe I'm dreaming :)
>Do you know where I should ask?

You're asking in the right place, at least for OSI.  Here's what I'd
like to do:

 1) For every license for which there is a SPDX identifier, make sure
    that http://opensource.org/licenses/IDENTIFIER exists and is
    canonical (i.e., does not redirect).  In some cases, we will need
    to redirect existing pages to the new page, of course.

 2) For any OSI-approved license for which there is no SPDX identifier,
    create one using the same algorithm SPDX used.  Also, at least try
    to contact them and get them to sign off on the acronym choice :-).

Regarding (1), my only caveat is that I don't yet know if OSI considers
some of its abbreviations to be canonical -- i.e., shouldn't redirect.
Does anyone here know the answer to that?

(Descriptions of licenses would, of course, also reference the canonical
abbreviation, and distinguish it from colloquial abbrevations -- though
should list them all, being a primary reference.)

Assuming there's no reason *not* to be in sync, then SPDX and OSI should
stay in sync.  But it would be premature to commit to this until we
actually have that conversation.  I'll try to start that conversation
(or maybe there already is one, in which case I'll try to find it :-) ).

There's no reason any of this needs to bottleneck OSI's license approval
process.  Approving a license need not be simultaneous with establishing
a canonical abbreviation for it, although in practice they probably can
be (and ideally would be) simultaneous.

-Karl

>On Mon, Apr 18, 2011 at 12:30, David Dillard
><david dillard@symantec.com> wrote:
>
>
>        Actually, you’d still have a problem.  When the OSI approved a
>    new license that license would not have an identifier until the
>    SPDX group gave it one unless there was an agreement that the OSI
>    would create identifiers that SPDX would use and assuming OSI was
>    willing to take on that task.
>
>     
>
>    I’m somewhat skeptical that either organization would agree to
>    something like that, but it doesn’t hurt to ask :-)
>
>     
>
>     
>
>        From: Mathieu Gervais (IDEAS)
>    [mailto:Mathieu.Gervais@morganstanley.com]
>    Sent: Monday, April 18, 2011 12:17 PM
>    To: David Dillard
>    Cc: license-discuss@opensource.org
>    Subject: Re: Unique identifier for licenses
>
>
>
>         
>
>    Many thanks for the reply. That's an interesting suggestion.
>    On the other hand, I'm a bit worried that these short form names
>    don't appear anywhere on opensource.org.
>    Any chances OSI could add them to
>    http://www.opensource.org/licenses/alphabetical ? i.e. after the
>    license name, have "(short-form = XXX)"
>    That would eliminate the reliance on another party that might
>    diverge or just not be updated when there is a license added by
>    OSI.
>    I know this creates an admin burden, but given these guys seems to
>    have done most of the legwork, I think it would actually be a
>    worthy addition to OSI's offering (small, but with value).
>    (should I send this request to another particular group? I'm
>    hoping OSI folks are reading this list...)
>
>    Thanks,
>
>    -mathieu
>
>
>        On Mon, Apr 18, 2011 at 12:09, David Dillard
>    <david dillard@symantec.com> wrote:
>
>
>        You might try using the short form identifiers for licenses as
>    found in the SPDX spec (see Appendix I).
>
>     
>
>    http://spdx.org/system/files/spdx-v1beta.draft20100807 1.pdf
>
>     
>
>     
>
>     
>
>        From: Mathieu Gervais (IDEAS)
>    [mailto:Mathieu.Gervais@morganstanley.com]
>    Sent: Monday, April 18, 2011 9:14 AM
>    To: license-discuss@opensource.org
>    Subject: Unique identifier for licenses
>
>
>         
>
>    Hi,
>
>    We are improving internal tooling to keep track of open source
>    libraries licenses.
>    What do you recommend in order to uniquely identify licenses?
>
>    We want to leverage OSI's catalogue of licenses in order to not
>    reinvent the wheel, but it doesn't look like a slam dunk since the
>    naming is not that consistent.
>    For example, for BSD the name seen on these 2 pages is different:
>
>            http://www.opensource.org/licenses/alphabetical
>
>            http://www.opensource.org/licenses/bsd-license
>    (I prefer the one on the alphabetical list, since it does hint
>    which flavor of BSD we are talking about -- "new and simplified").
>
>    So the question is, what would be the best/recommended (short)
>    identifier that is likely to stay stable?
>    I see the following choices:
>     a) name as listed on 
>    http://www.opensource.org/licenses/alphabetical
>     b) name as listed on the license page itself: e.g.
>    http://www.opensource.org/licenses/bsd-license
>
>         ( this seems a non starter given that not all page have the
>    same format, some of them have the license name written as "Open
>    Source Initiative OSI - license name:Licensing" (see bsd), some
>    have just the license name (e.g. AGPL)
>
>     c)use the short name in the url of the license itself, i.e.:
>
>        http://www.opensource.org/licenses/bsd-license   => use
>    license name="bsd-license"
>
>        http://www.opensource.org/licenses/mit-license   => use
>    license name="mit-license"
>
>        http://www.opensource.org/licenses/gpl-2.0    => use license
>    name="gpl-2.0"
>
>
>    Although we could use full URLs, I'd prefer using a short,
>    meaningful name. (the full URL would really amount to option c
>    anyway).
>
>    I'm not going to hold it against you if this ever changes, but I'd
>    like to know that I at least have a shot at using something that
>    is likely to be relatively stable for the foreseeable future.
>    It also seems to me adding this to the FAQ could make sense since
>    I'm certainly not the only one trying to refer to licenses in your
>    catalogue.
>
>    I understand this is a bit nitpicking, but since we are doing
>    this, we might as well try to do it right.
>
>    Let me know if my question is not clear and thanks in advance for
>    your help.
>
>    -mathieu
>
>    PS: ultimately we do store and refer to the actual license txt
>    included in the distribution of each library, but this is for the
>    purpose of categorization in our internal repository.
>
>