On Thu, Jul 9, 2015 at 8:22 AM, Ciaran Farrell <cfarrell@suse.com> wrote:


On 09.07.2015 15:14, Haïkel wrote:
> 2015-07-09 14:24 GMT+02:00 Richard Fontana <rfontana@redhat.com>:
>> What distros or upstream projects are actually using the SPDX format?
>> I am not aware of any.
>>
>
> Currently Suse is using it, they even patched their packaging compliance
> checkers to support it.

Yes, but it is hack-ish. SPDX doesn't provide anywhere near the license
short names we need, so we (openSUSE) resorted to keeping our own list
in parallel.
 
Is there a link to this parallel list somewhere?    It would be interesting
to compare.
 
The idea was to try to get the other license short names
upstream to SPDX, but that was painstakingly slow.

Hopefully its moving forward a lot faster now,   the team added
over 80 licenses last year from the Fedora list,  and for the new
ones did their best to keep the Fedora licenses.
 
Recently, SPDX
changed the short name list again, meaning we have to go back over it.

Please see spreadsheet at: https://docs.google.com/spreadsheets/d/1LUJuzGKC5K2yYuAg8S-2VYbS2dmg_4IlFdpqj7n9Ghg/edit?usp=sharing

where there is a matching of the fedora names to the most recent SPDX
license list.   First tab is full SPDX list and shows corresponding Fedora 
ones when they exist (SPDX-LL2.1-->Fedora).  

The second tab (Fedora not on SPDX) is those from Fedora that aren't on
the SPDX list, and where some help is needed to get them there.
Any help folks want to give resolving those ambiguities and open
questions is most welcome (mail to spdx-legal at 
 
>
>>
>> I am aware of some projects using these identifiers. However, Fedora's
>> use of license abbreviations is different in nature from that of SPDX,
>> so I'd be concerned that use of the SPDX abbreviations would result in
>> confusion (or else a costly change to Fedora's practices).
>>
>> (Separately I consider the SPDX identifiers problematic because in a
>> number of cases they clash with common organic community abbreviations
>> which happen to be in wide use in the Fedora community.)
>>
>> RF
>>
>>
>
> I share your concerns about implementing it in Fedora, and before starting such
> effort, we need Legal's approval to consider this or not.
>
> It's mostly fixing our licensing compliance checking tools (though Suse already
> has some patches for the ones we share), guidelines and a good calendar.

If Fedora does go ahead with SPDX shortnames, the same issue will arise
(not all licenses that Fedora requires are in the SPDX short names
list). Given that openSUSE 'borrowed' Fedora's good/bad license list
years ago, perhaps it would be possible to sync up on those short names
that SPDX does not have.

The second tab on the spreadsheet has the licenses that haven't
been added,  all the rest have (keeping the Fedora name when another
wasn't already present).

If you've some licenses that aren't on the list, you want to see added,
the process for adding them is documented:
http://spdx.org/spdx-license-list/request-new-license-or-exception

Thanks, Kate