[Doc]: Update License Text to standard SPDX license about matplotlib HOT 11 OPEN

It may be fair to wonder whether it's useful to have the license for the old version even included there? People using the old code have the relevant license already.

from matplotlib.

I am hesitant to make any changes to our license without someone else's lawyer claiming there actually is a problem and would not make any changes until our lawyer agrees and signs off on any changes.

from matplotlib.

Guideline B.3.4 specifically calls out "replaceable text", including those pieces of a license which refer to the copyright holder/name of the project/copyright dates/etc.

The original replaceable text appears on the SPDX License List webpage in red text.

https://spdx.github.io/spdx-spec/v2.3/license-matching-guidelines-and-templates/

The PSF License has all (at least as far as I see) pieces that Matplotlib replaces listed in red on SPDX's website:

https://spdx.org/licenses/PSF-2.0.html

That to me means that the relevant portion of the LICENSE file does match sufficiently.

There may be other problems with matching the automated filter tools, in particular we have a small header that indicates which versions the license text is relevant for and the license text for older versions.

Am I missing something here?

from matplotlib.

I compared the test of the license to the python 2.0 license here: https://opensource.org/license/python-2-0, and it is word-for-word the same except that Python is replaced with matplotlib and PSF is replaced with MDT.

The flagged differences are not things we can change (as they are the project name and the entity holding the copy right!), and even if they were I'm very (very) reluctant to go down the path of developing a process to change our license.

I'm not really clear who this is causing problems for, why it is causing problems, and the scale of the problems it is causing relative to scale of what it would take to change our LICENSE file.

from matplotlib.

Guess then the request is to register your license (and identifier) as a valid SPDX license for easier programmatic parsing/detection. Also it would correct the https://pypi.org/project/matplotlib/ record for this project as it assumes a Python Software Foundation License which you yourself have just stated is an inaccurate representation of matplotlib

from matplotlib.

This discussion seems relevant: https://discuss.python.org/t/making-the-psfl-2-0-better-for-the-community/10430/12

from matplotlib.

and @samuelmakarovskiy, with regards to the phrase "which you yourself have just stated", what follows was not what he wrote. That is a conclusion you are drawing from what he wrote, so please do not put words in other people's mouths. As far as I have been involved, I've always considered our license to be essentially the same as the PSFL even if it wasn't explicitly templated for it like the BSD 3 clause license is.

As for SPDX, I have never heard of it, and it would be useful if you could explain why it would be better for everyone for us to register a new license and identifier. Has this been an issue for any other project that also did the same as we did with respect to their license?

from matplotlib.

@WeatherGod apologies for how that came across, let me rephrase:

As for SPDX, I have never heard of it, and it would be useful if you could explain why it would be better for everyone for us to register a new license and identifier.

SPDX (sponsored by the Linux Foundation) is (arguably) the most widely adopted licensing standard to for the licensing of Open Source projects to make licensing more consistent for both maintainers and users of open source software so that the maintainers wishes on distribution are explicit and respected. You can verify this with a quick scan across pypi, npm, maven, etc and look at license texts of the linked source, they would usually fall neatly into an SPDX ID category verbatim.
This consistency makes it easier for:

1. maintainers because there is no ambiguity about what a license means.
2. Users because, again, there is no ambiguity about what a license means.
3. Automated scanning tools (that work on behalf of developers so they don't need to be lawyers and can respect maintainer wishes)

What that all really means is that an "spdx identifier" is a short ID for a the entirety of the license text and if your license text matches that of the short ID, that's it, you have an SPDX License which will help repositories like pypi/npm/maven/etc classify your packages correctly and for license repository tools like ClearlyDefined to do the same.

I've always considered our license to be essentially the same as the PSFL even if it wasn't explicitly templated for it like the BSD 3 clause license is.

As it stands "PSFL" v1 is not a valid SPDX license, and yours isn't verbatim it as @tacaswell has pointed out. Meaning a user (and more realistically, a lawyer) would need to parse your license text before deciding if they should/can use the package.

So the ask here is:

Either:

1. Register a new SPDX identifier that is your current license verbatim
2. If an existing SPDX license (with exceptions as needed - details noted below) fits the legal requirements of your current license, feel free to just change to an existing one

🗒️ NOTE: The license of course cannot be changed for older versions, However, it can be changed for future releases that this change is included in. If desired, you can have complex licenses: with "exceptions", "AND" conditions, or "OR" conditions. More details are available in the spdx docs

Matplotlib is a VERY widely used package that has widespread adoption, so standardizing licensing text to make it easier for users to know the distribution/attribution etc requirements of including it would make it easier.

Also, thank you for having such an active community and triaging this so quickly! ❤️

from matplotlib.

The SPDX license is PSF-2.0 AND MIT AND CC0-1.0 for code + OFL-1.1 and Bitstream-Vera and LicenseRef-Fedora-Public-Domain for fonts (though note the latter is an exception for existing DejaVu licenses).

Edit: sorry for the accidental close.

from matplotlib.

I am hesitant to make any changes to our license without someone else's lawyer claiming there actually is a problem and would not make any changes until our lawyer agrees and signs off on any changes.

Just putting it on your radar as an action item. If your lawyer finds SPDX formats for licenses suitable, it makes complying with it easier in a day and age of programmatic and automatic build tooling.

from matplotlib.

@QuLogic, can you clarify a bit? Are you saying that that is what our SPDX entry would be right now, or what it potentially could be?

from matplotlib.