Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Individual values for NONE and NOASSERTION licenses #456

Merged
merged 5 commits into from
Sep 1, 2023
Merged

Update Individual values for NONE and NOASSERTION licenses #456

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2c2c064
Add Individual values for NONE and NOASSERTION licenses
goneall Jul 31, 2023
fe6eaa0
Change type of None and NoAssertion License to AnyLicenseInfo
goneall Aug 4, 2023
b6a691d
Update model/ExpandedLicensing/Vocabularies/NoAssertionLicense.md
goneall Aug 1, 2023
1c5c6a4
Move individuals back to individuals directory
goneall Aug 6, 2023
e5aeae9
Move the concluded and declared license doc to Licensing profile
goneall Aug 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions model/ExpandedLicensing/Individuals/NoAssertionLicense.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,21 @@ SPDX-License-Identifier: Community-Spec-1.0
# NoAssertionLicense

## Summary
An Individual Value for License when no assertion can be made about its actual value.

Individual representing an absence of an assertion about license information.

## Description

A NoAssertionLicense is the value that is used to indicate that the data creator
is making no assertion about the license information for the corresponding software artifact.
NoAssertionLicense should be used if the SPDX creator has attempted to but cannot reach a reasonable objective determination;
the SPDX creator has made no attempt to determine this field; or
the SPDX creator has intentionally provided no information (no meaning should be implied by doing so).

## Metadata

- id: NoAssertionLicense
- name: NoAssertionLicense
- type: /SimpleLicensing/AnyLicenseInfo

## Serialization
## Property Values

- name: "NOASSERTION"

- text: "NOASSERTION"
12 changes: 6 additions & 6 deletions model/ExpandedLicensing/Individuals/NoneLicense.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,18 @@ SPDX-License-Identifier: Community-Spec-1.0

## Summary

Individual representing an assertion that no license information is present, as applicable.
An Individual Value for License where the SPDX data creator determines that no license is present.


## Description

A NoneLicense is the value that is used to indicate
the absence of license information from a software artifact.
NoneLicense should be used if the SPDX creator determines there is no license available for this Artifact.

## Metadata

- id: NoneLicense
- name: NoneLicense
- type: /SimpleLicensing/AnyLicenseInfo

## Serialization
## Property Values

- text: "NONE"
- name: "NONE"
100 changes: 100 additions & 0 deletions model/Licensing/Licensing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
SPDX-License-Identifier: Community-Spec-1.0

# Licensing

## Summary

The Licensing Profile defines a minimum set of license information required to comply with typical license compliance use cases.

## Description

The Licensing profile only contains the additional requirement that any Software Artifact must have a concludedLicense Relationship.

Classes and Property restrictions are defined in the SimpleLicensingProfile
(Classes and Properties associated with string license expressions) and in the ExpandedLicensingProfile (Classes and Properties used for a
fully parsed syntax tree of license expressions).

There are 2 licensing related relationship types - declaredLicense and concludedLicense.

A declaredLicense identifies the license information actually found in the Software Artifact,
for example as detected by use of automated tooling.

This field is not intended to capture license information obtained from an
external source, such as a package's website. Such information can be
included, as needed, in a concludedLicense field.

A declaredLicense may be expressed differently in practice for different
types of Software Artifacts. For example:

* for Packages:
* would include license info describing the license of the Package as a
whole, when it is found in the Package itself (e.g., LICENSE file,
README file, metadata in the repository, etc.)
* would not include any license information that is not in the Package
itself (e.g., license information from the project’s website or from a
third party repository or website)
* for Files:
* would include license info found in the File itself (e.g., license
header or notice, comments, SPDX-License-Identifier expression)
* would not include license info found in a different file (e.g., LICENSE
file in the top directory of a repository)
* for Snippets:
* would include license info found in the Snippet itself (e.g., license
notice, comments, SPDX-License-Identifier expression)
* would not include license info found elsewhere in the File or in a
different File (e.g., comment at top of File if it is not within the
Snippet, LICENSE file in the top directory of a repository)

A declaredLicense is related to a NoneLicenseindicates that the
corresponding Package, File or Snippet contains no license information
whatsoever.

A declaredLicense related to aNoAssertionLicense
indicates that one of the following applies:
* the SPDX data creator has attempted to but cannot reach a reasonable
objective determination;
* the SPDX data creator has made no attempt to determine this field; or
* the SPDX data creator has intentionally provided no information (no meaning
should be implied by doing so).

If a declaredLicense relationship is not present, no conclusion can be drawn.
Note that a missing declaredLicense is not the same as a relationship to a NoAssertionLicense
since the latter is a "known unknown" whereas no conclusion can be drawn
from a missing declaredLicense relationship.



A concludedLicense is the license identified by the SPDX data creator,
based on analyzing the license information in the Software Artifact
and other information to arrive at a reasonably objective
conclusion as to what license governs it.

A concludedLicense related to a NoneLicense indicates that the
SPDX data creator has looked and did not find any license information for this
Software Artifact.

A concludedLicense related to a NoAssertionLicense
indicates that one of the following applies:
* the SPDX data creator has attempted to but cannot reach a reasonable
objective determination;
* the SPDX data creator has made no attempt to determine this field; or
* the SPDX data creator has intentionally provided no information (no
meaning should be implied by doing so).

If a concludedLicense is not present, no conclusion can be drawn.
Note that a missing or null concludedLicense is not the same as a relationship to a NoAssertionLicense
since the latter is a "known unknown" whereas no conclusion can be drawn
from a missing or null value.

A written explanation of a relationship to a NoAssertionLicense MAY be
provided in the comment field for the relationship.

If the concludedLicense for a Software Artifact is not the
same as its declaredLicense, a written explanation SHOULD be provided in
the concludedLicense relationship comment field.


## Metadata

- id: https://rdf.spdx.org/v3/Licensing
- name: Licensing