[Improvement] Align "Terms and Definitions" in Section 2 with Licensing Spec 3.0
shanecoughlan opened this issue · 6 comments
We changed some stuff in the licensing spec on the last call:
Improved Terms and Definitions as per OpenChain Monthly North America and Europe Call - 2023-06-06:
Added some words on our side:
OpenChain-Project/License-Compliance-Specification@78ba244
Updated Terms and Definitions with key words as per https://www.ietf.org/rfc/rfc2119.txt:
OpenChain-Project/License-Compliance-Specification#67
Change would be from:
2: Terms, Definitions and Examples
For the purposes of this document, the following terms and definitions apply.
To
2 - Terms and definitions
For the purposes of this document, the following terms and definitions apply. These terms and definitions only apply to this specific version of the specification.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as:
MUST This word, or the terms "REQUIRED" or "SHALL", mean that the
definition is an absolute requirement of the specification.
MUST NOT This phrase, or the phrase "SHALL NOT", mean that the
definition is an absolute prohibition of the specification.
SHOULD This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.
SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that
there may exist valid reasons in particular circumstances when the
particular behavior is acceptable or even useful, but the full
implications should be understood and the case carefully weighed
before implementing any behavior described with this label.
MAY This word, or the adjective "OPTIONAL", mean that an item is
truly optional. One vendor may choose to include the item because a
particular marketplace requires it or because the vendor feels that
it enhances the product while another vendor may omit the same item.
An implementation which does not include a particular option MUST be
prepared to interoperate with another implementation which does
include the option, though perhaps with reduced functionality. In the
same vein an implementation which does include a particular option
MUST be prepared to interoperate with another implementation which
does not include the option (except, of course, for the feature the
option provides.)
These definitions are originally from IETF RFC 2119:
https://www.ietf.org/rfc/rfc2119.txt
I am going to update the security spec with the current language as per call of 2023-06-20, however I am keeping this issue open for improvement to clarity suggestion at the beginning by Singing and potential flag to check for ISO vs IETF language conflicts by Ninjouji San.
Here are the ISO definitions to review:
https://www.iso.org/foreword-supplementary-information.html
Please note the IETF definitions were proposed and applied via the following issue on the compliance spec:
OpenChain-Project/License-Compliance-Specification#67
I would like to give a suggestion for the format. We add quotation marks for MUST, SHOULD NOT, and MAY (the first letter of each paragraph) corresponding to "REQUIRED", "SHALL", "SHALL NOT", "NOT RECOMMENDED" and "OPTIONAL". Adding quotation marks will make the format more alignment for the reader.
Singing's comments included on quotation marks, and Helio also caught that "NOT RECOMMENDED" was missing from the keywords but used in the full text. Fixed both for us, and will submit back to IETF. Alignment agreed between licensing and security spec.
== Fix below ==
For the purposes of this document, the following terms and definitions apply. These terms and definitions only apply to this specific version of the specification.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as:
"MUST" This word, or the terms "REQUIRED" or "SHALL", mean that the
definition is an absolute requirement of the specification.
"MUST NOT" This phrase, or the phrase "SHALL NOT", mean that the
definition is an absolute prohibition of the specification.
"SHOULD" This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.
"SHOULD NOT" This phrase, or the phrase "NOT RECOMMENDED" mean that
there may exist valid reasons in particular circumstances when the
particular behavior is acceptable or even useful, but the full
implications should be understood and the case carefully weighed
before implementing any behavior described with this label.
"MAY" This word, or the adjective "OPTIONAL", mean that an item is
truly optional. One vendor may choose to include the item because a
particular marketplace requires it or because the vendor feels that
it enhances the product while another vendor may omit the same item.
An implementation which does not include a particular option MUST be
prepared to interoperate with another implementation which does
include the option, though perhaps with reduced functionality. In the
same vein an implementation which does include a particular option
MUST be prepared to interoperate with another implementation which
does not include the option (except, of course, for the feature the
option provides.)
These definitions are originally from IETF RFC 2119:
https://www.ietf.org/rfc/rfc2119.txt
We also reviewed ISO vs IETF language potential conflicts flagged as TODO item by Ninjouji San.
Here are the ISO definitions to review:
https://www.iso.org/foreword-supplementary-information.html
No conflicts found.
We are done with this ticket, and will update both specs, with one proviso to add a final line:
== Final Language ==
For the purposes of this document, the following terms and definitions apply. These terms and definitions only apply to this specific version of the specification.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as:
"MUST" This word, or the terms "REQUIRED" or "SHALL", mean that the
definition is an absolute requirement of the specification.
"MUST NOT" This phrase, or the phrase "SHALL NOT", mean that the
definition is an absolute prohibition of the specification.
"SHOULD" This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.
"SHOULD NOT" This phrase, or the phrase "NOT RECOMMENDED" mean that
there may exist valid reasons in particular circumstances when the
particular behavior is acceptable or even useful, but the full
implications should be understood and the case carefully weighed
before implementing any behavior described with this label.
"MAY" This word, or the adjective "OPTIONAL", mean that an item is
truly optional. One vendor may choose to include the item because a
particular marketplace requires it or because the vendor feels that
it enhances the product while another vendor may omit the same item.
An implementation which does not include a particular option MUST be
prepared to interoperate with another implementation which does
include the option, though perhaps with reduced functionality. In the
same vein an implementation which does include a particular option
MUST be prepared to interoperate with another implementation which
does not include the option (except, of course, for the feature the
option provides.)
These definitions are originally from IETF RFC 2119:
https://www.ietf.org/rfc/rfc2119.txt
We reviewed the ISO definitions to confirm no conflict:
https://www.iso.org/foreword-supplementary-information.html
This is a background information note rather than a request for reedit. Chris Wood from Lockheed Martin flagged.
==
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words
Abstract
RFC 2119 specifies common key words that may be used in protocol
specifications. This document aims to reduce the ambiguity by
clarifying that only UPPERCASE usage of the key words have the
defined special meanings.
Status of This Memo
This memo documents an Internet Best Current Practice.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
BCPs is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8174.
Leiba Best Current Practice [Page 1]
RFC 8174 RFC 2119 Clarification May 2017
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Clarifying Capitalization of Key Words . . . . . . . . . . . 3
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
5. Normative References . . . . . . . . . . . . . . . . . . . . 4
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4
1. Introduction
RFC 2119 specifies common key words, such as "MUST", "SHOULD", and
"MAY", that may be used in protocol specifications. It says that the
key words "are often capitalized," which has caused confusion about
how to interpret non-capitalized words such as "must" and "should".
This document updates RFC 2119 by clarifying that only UPPERCASE
usage of the key words have the defined special meanings. This
document is part of BCP 14.
== Actual document ==
Here: https://www.rfc-editor.org/rfc/rfc2119
== Contents ==
Key words for use in RFCs to Indicate Requirement Levels
Status of this Memo
This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
Abstract
In many standards track documents several words are used to signify
the requirements in the specification. These words are often
capitalized. This document defines these words as they should be
interpreted in IETF documents. Authors who follow these guidelines
should incorporate this phrase near the beginning of their document:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC 2119](https://www.rfc-editor.org/rfc/rfc2119).
Note that the force of these words is modified by the requirement
level of the document in which they are used.
1. MUST This word, or the terms "REQUIRED" or "SHALL", mean that the
definition is an absolute requirement of the specification.
2. MUST NOT This phrase, or the phrase "SHALL NOT", mean that the
definition is an absolute prohibition of the specification.
3. SHOULD This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.
4. SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that
there may exist valid reasons in particular circumstances when the
particular behavior is acceptable or even useful, but the full
implications should be understood and the case carefully weighed
before implementing any behavior described with this label.
5. MAY This word, or the adjective "OPTIONAL", mean that an item is
truly optional. One vendor may choose to include the item because a
particular marketplace requires it or because the vendor feels that
it enhances the product while another vendor may omit the same item.
An implementation which does not include a particular option MUST be
prepared to interoperate with another implementation which does
include the option, though perhaps with reduced functionality. In the
same vein an implementation which does include a particular option
MUST be prepared to interoperate with another implementation which
does not include the option (except, of course, for the feature the
option provides.)
6. Guidance in the use of these Imperatives
Imperatives of the type defined in this memo must be used with care
and sparingly. In particular, they MUST only be used where it is
actually required for interoperation or to limit behavior which has
potential for causing harm (e.g., limiting retransmisssions) For
example, they must not be used to try to impose a particular method
on implementors where the method is not required for
interoperability.
7. Security Considerations
These terms are frequently used to specify behavior with security
implications. The effects on security of not implementing a MUST or
SHOULD, or doing something the specification says MUST NOT or SHOULD
NOT be done may be very subtle. Document authors should take the time
to elaborate the security implications of not following
recommendations or requirements as most implementors will not have
had the benefit of the experience and discussion that produced the
specification.
8. Acknowledgments
The definitions of these terms are an amalgam of definitions taken
from a number of RFCs. In addition, suggestions have been
incorporated from a number of people including Robert Ullmann, Thomas
Narten, Neal McBurnett, and Robert Elz.