On 26. 06. 24 14:17, Miroslav Suchý wrote:
Dne 26. 06. 24 v 11:47 dop. Miro Hrončok napsal(a):
Clearly, I must miss something. What do we gain by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate?
We will get valid SPDX formula. And all tools generating SBOMs from RPMs can use it and it will produce valid SBOM document.
If we keep the old value, it will not be valid SPDX formula and all tools build on top of that have to put if/else into their workflow.
And what good is a valid SPDX formula if it contains custom identifiers?
If we converted all the Licenses of all our packages to LicenseRef-Fedora-Unknown, it would still be a valid formula, but clearly, we would not want that. Or would we?