Submit FSL to SPDX

[chadwhitacre]

Reticketing from #20 (comment) ...

Once the dust settles on a likely 1.1†, and we have a few more companies on board‡, let's submit FSL to SPDX.

† "The license has identifiable and stable text; it is not in the midst of drafting."

‡ "The license has actual, substantial use such that it is likely to be encountered. Substantial use may be demonstrated via use in many projects, or in one or a few significant projects. For new licenses, there are definitive plans for the license to be used in one or a few significant projects."

https://github.com/spdx/license-list-XML/blob/main/DOCS/license-inclusion-principles.md

[mswilson]

As you work toward a SPDX submission, I'd encourage you to think about properties of the license that will make it work better in the SPDX ecosystem, and/or investing in the SPDX ecosystem itself to lower adoption barriers for software (especially software where the change date has elapsed). One idea is in developing the conditional support in the license expression that I referenced in the ticket (see spdx/spdx-spec#60)

As things sit right now for BUSL-1.1 (which has an identifier), I think there's not really a "clean" way to designate an artifact as being available under a FOSS license. So I think software products and services that use SPDX for License Compliance purposes will continue to flag software licensed under BUSL as a "HIGH" risk. An example is with Snyk: https://go.snyk.io/rs/677-THP-415/images/SPDX_Licenses_SuggestedSeverity_May31.pdf

[chadwhitacre]

I'm making PRs to see if we can bring existing adoption up to 1.1:

• Fix the copyright notice in the license file codecrafters-io/frontend#1440
• Upgrade FSL to 1.1 AnswerOverflow/AnswerOverflow#567
• Upgrade FSL to 1.1 gitbutlerapp/gitbutler#3122

[chadwhitacre]

Ah! Now I remember why I was blocking this. I wanted to resolve the question of whether we are sticking with the name now that we have fair.io. Like, should we call this Fair Source License 2.0? We decided against it, because we want to use Fair Source for a wider scope that includes other licenses (BUSL most obviously), so we'll stick with Functional Source License to disambiguate.

I think I'm out of blockers to submitting this! 😱

[chadwhitacre]

FSL-1.1-MIT: spdx/license-list-XML#2458
FSL-1.1-Apache-2.0: spdx/license-list-XML#2459

I had to work around validation for the "full name" field.

[chadwhitacre]

I'm planning to join the twice-monthly call tomorrow.

[chadwhitacre]

FYI we did join that call in April, further discussion in the related tickets in the SPDX repo (linked above). I've been focused on getting the wider Fair Source initiative off the ground, will aim to circle back here soon to pick up with SPDX conversation.

[chadwhitacre]

I joined the call today. Details on the thread.

[ezekg]

Chiming in. Today I learned that Apache 2.0 is also known as ALv2 (makes sense). Would FSL-1.1-ALv2 work here? It doesn't use the Apache trademark, but it does make it clear that it converts to the ALv2 license.

[Croydon]

Chiming in. Today I learned that Apache 2.0 is also known as ALv2 (makes sense).

I don't think this abbreviation is in any way SPDX-official

For Apache 2.0 the SPDX identifier is Apache-2.0
https://spdx.org/licenses/

[ezekg]

Chiming in. Today I learned that Apache 2.0 is also known as ALv2 (makes sense).

I don't think this abbreviation is in any way SPDX-official

For Apache 2.0 the SPDX identifier is Apache-2.0 https://spdx.org/licenses/

Good point — but it's clearer than the proposed "-A" alternative, imo.

It is an official acronym: https://www.apache.org/legal/apply-license.html