[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use SPDX license identifiers to indicate licenses?

From: Mario Domenech Goulart
Subject: Re: Use SPDX license identifiers to indicate licenses?
Date: Mon, 26 Oct 2020 13:46:19 +0100

Hi Lassi,

On Mon, 26 Oct 2020 14:23:00 +0200 Lassi Kortela <> wrote:

> SPDX license identifiers are becoming something of a de facto
> standard, being used e.g. in Linux kernel source code. Here is the
> full list of them: <>.
> Would it be possible to update the ad hoc license identifiers at
> <> and in
> .egg files to use the SPDX ones? This would make it easier to tell the
> difference between e.g. the various flavors of the BSD license, and
> could help automated tools figure out licensing in the future.
> In addition to single license identifiers, SPDX can also do license
> expressions by combining license identifiers using boolean operators.

I think that would be great.

We had a short discussion on that back in 2016, but we haven't reached
any consensus.  IRC logs below for context.  Maybe this discussion
should be held in chicken-hackers instead (chicken-janitors is more like
a read-only list for keeping track of new tickets).


<sjamaan> There's also pstk
<wasamasa> haven't noticed that one
<wasamasa> ah, it's in the "Unsupported or redundant" section :<
<wasamasa> at least it doesn't have a german license :D
<mario-goulart> Oh, I remember one that had a german license in a pdf file.
<wasamasa> yes
<wasamasa> it looks like halfway GPL
<sjamaan> Is this the Bremer licence?
<sjamaan> There was a discussion about that on the mailing list once
<wasamasa> yup
<wasamasa> I'm not sure why exactly you'd put *that* on your work, especially 
it's essentially an
           amalgamation of previous portable tk-scheme interfaces
<wasamasa> I think I know now why felix just wrote tcl code opening a socket 
for communication :D

<sjamaan> Also
<sjamaan> Apparently Bremer license is similar to BSD
<wasamasa> how can this be if it mentions copyleft in its text?
<sjamaan> wat
<sjamaan> Maybe it changed
<mario-goulart> It'd be nice if we could use SPDX ids for eggs in .meta.
<sjamaan> We could make it an absolute requirement to use a SPDX identifier in 
<sjamaan> For example, henrietta-cache and/or chicken-install could simply 
refuse if no identifier
          is found
<wasamasa> "Hierzu geh<81><F6>rt vor allem, dass der Lizenznehmer bearbeitete 
Versionen der OSCI-Bibliothek
           wiederum diesen Lizenzbestimmungen unterstellen muss ("Copyleft")."
<wasamasa> "This includes that the licensee must publish modified versions of 
the library under
           these licensing terms ("copyleft")."
<wasamasa> maybe they just don't get their terms right, I dunno
<wasamasa> haven't looked at it in detail
<mario-goulart> sjamaan: +1 for SPDX ids
<wasamasa> it contains a few interesting clauses, like that modifications to 
the sources must have
           an "obtrusive remark" which allows one to reconstruct what has been 
changed at what time
<sjamaan> mario-goulart: One other advantage of that is that we'd be able to 
link to the license
          text directly from the egg list
<wasamasa> it's as if lawyers have rediscovered version control
<mario-goulart> sjamaan: yeah, and salmonella could better track license 
<mario-goulart> And report invalid dependencies
<wasamasa> the institution who crafted that license put it in their "Licenses 
with limited copyleft"
<mario-goulart> It can also be nice for products that depend on many eggs, and 
you want to filter
                out some licenses
<mario-goulart> E.g., GPL3 may be an issue for some projects.
<Bunny351> Hm... SPDX looks like madness to me...
<mario-goulart> Bunny351!
<sjamaan> How so, Bunny351?
<Bunny351> overengineered W3Cish standardisation mania.
<sjamaan> It's just about providing a machine-readable license declaration
<mario-goulart> OpenEmbedded uses it for its recipes and it works quite well, 
as far as I can tell.
<Bunny351> but "BSD" is machine readable
<mario-goulart> Bunny351: we'djust use identifiers, like "BSD" in .meta.
<sjamaan> I was just gonna say
<sjamaan> The point is that you wouldn't allow something like "Berkeley"
<evhan> What if I want to use the Burkley Software Distribution license instead?
<Bunny351> I think most people don't care, and those who care can figure the 
exact license out.
<sjamaan> It's hard to figure out exactly what you're getting when you do 
"chicken-install srfi-19"

<mario-goulart> indeed.
<sjamaan> Or "chicken-install pastiche", for that matter
<Bunny351> there are ways to check, e.g. by looking at the egg index / 
salmonella reports
<sjamaan> Yeah, but that's manual and error-prone
* Bunny351 sighs
<Bunny351> lunch!
<mario-goulart> And the id that egg authors use in .meta may not correctly 
describe the actual
                license.  It'd be guesswork.
<sjamaan> You can still put in the wrong identifier, of course
<mario-goulart> Some eggs just have "GPL" in .meta.
<sjamaan> heh
<mario-goulart> sjamaan: in this case, that's author's reponsability.
<mario-goulart> In practice, it wouldn't change much for egg authors, as long 
as they know what they
                are soing with regard to the licenses they choose.  It's just a 
matter of selecting
                the right SPDX id.
<mario-goulart> s/soing/doing/
<sjamaan> I agree, it's very simple and streamlines things quite a bit
<wasamasa> no SPDX identifier for the bremer license :D
<sjamaan> ha!
<mario-goulart> No problem.  Just use something like "Bremer" in the .meta and 
ship the license
<mario-goulart> Weird licenses (those not covered by SPDX) are likely to be 
less than 1% of the
<wasamasa> currently no license file is shipped, right?
<mario-goulart> Some eggs (specially in github etc) ship a LICENSE file, IIRC.
<mario-goulart> But it's not the norm.
<wasamasa> yeah, that's what I mean
<wasamasa> I've fetched a mirror of all eggs and usually there is none
<mario-goulart> !
<mario-goulart> Actually many of them ship a license file (e.g., fuse, git, 
parley etc).
<mario-goulart> But they are not _installed_.


All the best.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]