[Fedora-legal-list] [RFC] Switching to SPDX in license tags

Haïkel hguemar at fedoraproject.org
Thu Jul 9 12:48:48 UTC 2015

2015-07-09 14:08 GMT+02:00 Josh Boyer <jwboyer at fedoraproject.org>:
> Can you elaborate on how you envision this working?  SPDX appears to
> work best when upstream projects integrate it and maintain it
> themselves.  Doing that downstream is possible, but it sounds both
> time consuming and easy to get wrong or stale.
> josh

To give some context, I'm currently discussing with other RPM distribution
to push OpenStack packaging upstream.

One of the topic raised was using common licensing classification, and the Linux
Foundation has been working to standardize this.

Some of our fellow distributions have standardized to SPDX or considering it:
* Suse: standardized to SPDX
* Debian: considering it
* Ubuntu: same (Canonical is also part of the SPDX WG)

Though, I was skeptic at first, I must admit that there is some gain
to standardize
our licensing nomenclature. And maybe reuse all the licensing
compliance checking
tools from SPDX.

If we agree and Legal approves it, the plan would be:
* Updating guidelines to reflect this
* Fix fedora-review, rpmlint -there's already a fix from Suse- and all
package compliance checking tools
* Then require, all new packages should follow the SPDX format for license tag
* provenpackagers massively fix all the specs (could be automated)

* share a common standard with other distributions (including the
other leading RPM one)
and ease communication.
* reuse SPDX tooling for license compliance checking
(slides from FOSDEM 2015 talks:
* doesn't change anything in our licensing policies (ie: what we accept or not)

* requires changing our guidelines, and tooling => low to medium impact
* mass changing all specs => could be automated

I know this would raise a lot of questions, so I want to have your
feedback before thinking
submitting a F24 changes.


More information about the devel mailing list