2015-07-09 15:42 GMT+02:00 Tom Callaway <tcallawa(a)redhat.com>:
On 07/09/2015 09:14 AM, Haïkel wrote:
> Currently Suse is using it, they even patched their packaging compliance
> checkers to support it.
Well, no, actually, they're not. They're using the matching identifiers.
Yes, we're not concerned by the SPDX (sorry for the confusion).
I was speaking about the short identifiers, not providing the SPDX files.
I'm hesitant to go down this road for a number of reasons:
1) It's a LOT of change for very little benefit. We're talking about
changing practically every single spec.
agreed, but automation can lessen the pain, and we could just fix/bump
specs without rebuilding. It will be picked up at the next build or
mass rebuild.
2) We simplify license tags in Fedora. We call a lot of functionally
identical licenses BSD and MIT, which the SPDX model insists are unique
and different licenses. We'd have to stop doing that.
3) Every exception will need a new SPDX tag, we can't just use "GPLv2
with exceptions" anymore
4) Every firmware license will need to be listed explicitly.
I don't really have an opinion, on that matter, I trust Fedora Legal judgment.
And that's what I would consider as a strong blocker.
5) It implies that we're planning on implementing the full SPDX
specification. And we're not.
Yes, and I'm not sure that as community-led distribution, we could ever
do that. It's more about standardizing on the licensing identifiers
nomenclature.
Moreover, i was also interested in the licensing compliance checking
tool which could
be leveraged in reviews.
H.
For those reasons, I'd vote no on this.
~tom
==
Red Hat