[OE-core] [PATCH v3 0/4] license: Sync with SPDX 2.0, pull request

Fri Jul 29 10:57:55 UTC 2016

Now including the list as I'm subscriber now...

Am 29.07.2016 um 11:14 schrieb Meier, Roger (BT CPS R&D ZG FW CCP) <r.meier at siemens.com<mailto:r.meier at siemens.com>>:

Hi Mark

Am 26.07.2016 um 16:18 schrieb Mark Hatle <mark.hatle at windriver.com<mailto:mark.hatle at windriver.com>>:

On 7/26/16 9:12 AM, Richard Purdie wrote:
On Tue, 2016-07-26 at 16:19 +0300, Sergei Miroshnichenko wrote:
Here are the request for a community review for a synchronization
with the SPDX License List (git.spdx.org/license-list.git<http://git.spdx.org/license-list.git>) and adding
license operators to meet SPDX 2.0 specification compliance
(https://spdx.org/sites/spdx/files/SPDX-2.0.pdf Appendix IV: SPDX
License Expression).

The whole patch series is way too big to send them to the mailing
list (the biggest one is ~3MiB), so please find the diffs via gitweb
of the -contrib repo.

Whilst we certainly want to collaborate with SPDX, we've never said our
LICENSE field should match what SPDX is doing. Your patch appears to
unequivocally join them as a 1:1 mapping and I'm not sure this is
something we've ever planned or agreed to. These fields do get written
into the packages and used in a variety of places.

Certainly if we are going to map them 1:1, this is something which
would need discussion on the OE architecture list first. I'd be nervous
about committing to do that, not knowing or having any influence over
what SPDX may do next.

SPDX is part of linux foundation and they listen to the open source communities,
Jilayne Lovejoy is maintaining the license list and she is very open minded if we have further questions or have better ideas on the direction of the spdx license list itself, e.g. for simpler integration into other systems such as OE.

Is the intent here to map us 1:1 with SPDX and are you advocating that?

I agree.  This needs to be set as part of the OE Architecture first.  I don't
object to the format or contents of the change -- just that it's a pretty big
change for how things work.
I was not aware of a seperate architecture list, sorry.
The goal here is to reduce efforts on license compliance by using the well known SPDX license list.

There are two approaches
* having a SPDX license list beside of the OE license list
* reuse the SPDX license list as suggested via this patch series

Also looking over the patches, the changes to the license text (common-licenses)
need some more explanation.  The comment says it syncs to the spdx license list.
But mostly what I see are simply format changes that actually make it harder
for developers to read the license text.
Is there any reference/explanation as to why the formatting changes are
required/suggested/etc?

The licenses are directly from the spdx license list and having them in sync with the spdx license list makes it much easier to maintain in the future. Just synch with latest license list as soon as a new version is published.
Some licenses do already have some place holders for copyright holders, which is part of the license matching rules, that's why you see some special fields, see http://spdx.org/spdx-license-list/matching-guidelines

Best!
Roger

--Mark

Cheers,

Richard

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20160729/df9761a4/attachment-0002.html>