On Thu, Jul 9, 2015 at 8:08 AM, Josh Boyer <jwboyer@fedoraproject.org> wrote:

On Thu, Jul 9, 2015 at 8:03 AM, Haïkel <hguemar@fedoraproject.org> wrote:
> Hi,
>
> I would like to get feedback from Fedora Legal and also my fellow
> contributors about considering
> SPDX.
>
> SPDX (Software Package Data Exchange) is a specification hosted by the
> Linux Foundation defining
> a standard format for communicating components, licenses and
> copyrights associated with a software package.
> https://spdx.org/
>
> It would make it much easier collaborating with other distributions
> and upstream projects.
>
> On a more practical side, it would mean standardizing on SPDX short
> identifier to design licenses
> and exceptions in all our packages.
> https://spdx.org/spdx-license-list
>
> Your feedback?

Can you elaborate on how you envision this working? SPDX appears to
work best when upstream projects integrate it and maintain it
themselves. Doing that downstream is possible, but it sounds both
time consuming and easy to get wrong or stale.

josh

I certainly wouldn't mind standardizing our License tags against this, as one of the distributions I am making packages for in my day job that uses RPM already uses this format. But like Josh said, a good part of what SPDX is about is getting projects themselves to communicate copyright and licensing in this form. I think it's infeasible to expect that. The extent of what we can do is provide useful information within the package that is somewhat SPDX compliant.

I don't know if the nature of Linux distributions even would allow to make it fully compliant.

真実はいつも一つ！/ Always, there's only one truth!