opensourceorg / licenses Goto Github PK

The entry for the OSET Foundation Public License (OPL-2.1) aka OSET Public License version 2.1 in the json returned by the https://api.opensource.org/licenses/ API endpoint doesn't contain a reference to this page on the OSI site https://opensource.org/licenses/OPL-2.1 in it's "links" field.

I'm posting this report here because this OSI blog post https://opensource.org/node/822 said that the API uses your data as the source.

Is my understanding correct or are this two separate licenses?

Great project! Is there any interest in either standardizing or maybe some meta data annotation the placeholders that are present in the full text of several of the licenses? Some of the licenses use square brackets, some use angle brackets, some use an underscore, etc. Identifying the placeholders is one way to automatically infer the license from the full text. Or maybe there is another approach that I am missing.

Unable to access https://api.opensource.org/

Error 1016 Ray ID: 70b29532094d91f9 • 2022-05-14 09:24:47 UTC
Origin DNS error

Cloudflare is currently unable to resolve your requested domain (api.opensource.org).

The following SPDX identifiers are not in this repo/JSON file but are listed on the OSI website:

• 0BSD
• BSD-2-Clause-Patent
• BSD-1-Clause
• BSD-3-Clause-LBNL
• CAL-1.0
• EPL-2.0
• EUPL-1.2
• CECILL-2.1
• OLDAP-2.8
• PHP-3.01
• MIT-0

The SPDX license ID on the website is incorrect for the following:

• Licence Libre du Québec – Réciprocité forte (LiLiQ-R+) version 1.1 (LiliQ-R+) - should be (LiLiQ-Rplus-1.1)
• Licence Libre du Québec – Réciprocité (LiLiQ-R) version 1.1 (LiliQ-R) - should be (LiLiQ-R-1.1)
• Licence Libre du Québec – Permissive (LiLiQ-P) version 1.1 (LiliQ-P) - should be (LiLiQ-P-1.1)
• Universal Permissive License (UPL) - should be (UPL-1.0)

The following licenses are listed by name on the OSI website but are missing the SPDX identifiers:

• CERN Open Hardware Licence Version 2 - Permissive (CERN-OHL-P-2.0)
• CERN Open Hardware Licence Version 2 - Weakly Reciprocal (CERN-OHL-S-2.0)
• CERN Open Hardware Licence Version 2 - Strongly Reciprocal (CERN-OHL-W-2.0)
• Mulan Permissive Software License v2 (MulanPSL-2.0)
• OSET Public License version 2.1 (OSET-PL-2.1)
• Upstream Compatibility License v1.0 (UCL-1.0)
• The Unlicense (Unlicense)
• Unicode Data Files and Software License (Unicode-DFS-2016)

Although not an inconsistency between the website and this file, I would also like to add some additional SPDX identifiers to the GPL family of licenses. Per request from the Free Software Foundation a couple years ago, we added license identifiers with a suffix "-or-later" to the GPL and LGPL family of licenses. If would be nice if we added those identifiers to this JSON representation. It may also make sense to add them to the website.

Often the question comes up if two licenses are work together or not. It would be nice if this can be requested. One common example is that GPL-2.0 and GPL-3.0 are not compatible with each other.
If there are godd refererences to compatible/notcampatible would be nice to request.

• Schema.org uses keywords instead of tags.
• media_type would technically be more correct than content_type (Content-Type is just an HTTP Header, but media type is how IANA, etc. refer to these).
• Not sure if name (under text) should be title instead (i.e. Dublin Core's term).

In compile.py

Per issue #66 we need to update the API and license metadata so that previously approved but superseded versions of license can be handled.

(Mostly SPDX, except for a few)

There are some licenses on the OSI website which are not present in the metadata (e.g. 0BSD).

I noticed a folder licenses/autogenerated that contain metadata for other licenses on the OSI website. Is there a script that generates these licenses from the OSI website I should run and check before adding the data in the licenses/manual folder?

Should I also copy the raw text into the texts folder?

Once I understand the steps, I can create a PR to add the documentation to the CONTRIBUTING.md file.

Get rid of ID, use Version

Perhaps scrape the existing set of links

I had not looked at the OSI license page in some time at https://opensource.org/licenses/ but I see it has a new table format. Happy to see the SPDX id column, but many SPDX ids are missing. The SPDX License List has long had a policy of adding any OSI-approved license (all ever approved). Since 2011, the OSI adopted and displayed the SPDX ids. I'm not sure why it seems this transition has dropped so many, but it'd be good to have that fixed!

eCos License version 2.0 and Free Public License 1.0.0 (aka Zero Clause BSD License; 0-BSD) are listed on the OSI site https://opensource.org/licenses/alphabetical, but it appears that they are absent from your database.

I have a rather old request to use this API as a source for the OSI approved flag in the SPDX license list.

After looking closely at the data, there are some inconsistencies between the website and the datafile.

If this is being maintained, I can work on a pull request.

BTW - it would be fantastic if there was an authoritative machine readable format for the OSI license information.

The BSD 4-Clause License is absent form the lists published on the OSI site https://opensource.org/licenses/alphabetical https://opensource.org/licenses/do-not-use and it's page on the site https://opensource.org/licenses/BSD-4-Clause is broken (if it ever existed at all), but is present in your database and tagged as "osi-approved".

The Academic Free Licenses versions 1.0, 1.1, 2.0, and 2.1 are marked as OSI approved in the SPDX license list, however, these licenses do not show up on the OSI list of approved licenses nor in this repo.

This was discussed in the SPDX license list issue #1327

Based on this comment, earlier versions were approved by OSI.

Based on this comment, OSI does not "unapproved" licenses once approved.

Suggest we add the older versions of AFL to this repo to be consistent with SPDX.

I don't know if the OSI has an existing policy on this, but it would be nice to have entries for licenses which have been considered by the OSI but rejected as non-open. Bonus points for listing the points from the OSD which were used as the grounds for rejection (or other reason, e.g. if it was rejected as a vanity/duplicate license), if the board comes to a consensus on that. The main reason for this would be to automatically list licenses from another list (e.g. the FSF's list) which had not been considered by the OSI. Currently you can use this API to filter out licenses which have been approved by the OSI, but you cannot distinguish between “not (yet) considered” and “considered and rejected”.

Hi. Your README says that this is not an authoritative source of information. I think you might have forgot to update the status after this got published. Note that the page contains two links to this repository in the last and second to last paragraphs.

If the files from this PR is used to generate the website in the future, note that is is missing the "notes" text:

Note: Despite its name, Zero-Clause BSD is an alteration of the ISC license, and is not textually derived from licenses in the BSD family. Zero-Clause BSD was originally approved under the name "Free Public License 1.0.0".

If this text is supposed to be in the JSON file, please let me know which field(s) need to be updated so I can add those in the future.

Originally posted by @goneall in #65 (comment)

https://github.com/OpenSourceOrg/licenses/blob/master/wikipedia/wikipedia.json is a start

The SPDX license data is now available in JSON format. The HTML for the SPDX website is subject to change and may break the current implementation.

spdx.org/licenses/licenses.json contains a summary table of contents for all SPDX licenses.

There is one JSON file for every license on the website in the form spdx.org/licenses/spdx-id.json.

These license JSON files contain all the metadata and text that is tracked in the SPDX text.

All tag names match the SPDX tag/value definitions in the SPDX 2.0 specification.

and deal with the fallout, I guess

The Motosoto license is missing some text. You can see that https://opensource.org/license/motosoto-php/ and in texts/plain/Motosoto.

I assume the issue originates from an encoding problem with one character in the license text. Compare the Jabber Open Source License, version 1.0 on which Motosoto is said to be based: the copy at OSI looks OK (perhaps offending character removed?), and the copy in the FSF Directory has a “Õ” in the place where the Motosoto license text ends.

Given the text of the Jabber Open Source License, version 1.0, I assume that the Motosoto license is missing several paragraphs.

The problem has always been there, see commit 7f06e6a, which added the Motosoto license text.

The official text version of the MPL adds

---

• emphasis *

---

to Sections 6 and 7, to avoid the use of ALL CAPS. (rationale)

I'm not quite sure how best to capture this in the OSI repo - thoughts?

validictory was deprecated circa 2018, James suggested https://github.com/python-jsonschema/jsonschema in its place, which I think is a good idea.

This is causing a local failure for me under Python 3.11; this is likely a good starter task for someone if it doesn't become critical and force an update by someone :)

This was discovered in #84

the contents of texts/plain/BSD-4 is semantically identical to texts/plain/BSD-3 - only copyright holder and non-verbatim stuff vary.

See

This line appears to be from version 2.0 of the license - not version 2.1

Note that the website text appears to be the correct version.