On Wed, 14 Feb 2018 07:43:07 +0100 Stephan Kulow <coolo@suse.de> wrote:
Am 13.02.2018 um 22:56 schrieb Robert Schweikert:
On 02/13/2018 04:19 PM, Stephan Kulow wrote:
Am 13.02.2018 um 16:31 schrieb Robert Schweikert:
On 02/13/2018 10:22 AM, Dominique Leuenberger / DimStar wrote:
On Tue, 2018-02-13 at 10:18 -0500, Robert Schweikert wrote:
2. the checker in OBS should always look at spdx.org/licenses to avoid falling out of sync
Absolutely not.
a) the checker has no internet access b) you really want the build result to differ based on any random external website? Thanks, but no thanks. This MUST be a coordinated, decided action into the distro.
Fair, but then we should not imply that we follow spdx and should just state that we name things as we see fit.
SPDX 3.0 is a given thing - it doesn't change.
The point is that if we have to make a decision to go with whatever version they come up with next then the decision is more or less arbitrary. Meaning the decision could just as well be made to stay behind or use a "we pull names out of thin air" approach.
If we "follow SPDx" then IMHO it is implied that we move along with the standard => auto-generation of the list based on whatever version is current and no recurring decision about version changes are needed going forward.
If we "use SPDx" then we use a specific version, that currently happens to be 2.0, and we clearly need to specify the version we are using => an explicit decision every time the standard version changes is needed; this path also clearly indicates that we just as well might change direction at the next decision point to a "we pull names out of thin air" approach
At present the check produces the following error message:
""" E: invalid-license (Badness: 100000) LGPL-3.0-or-later The specified license string is not recognized. Please refer to https://spdx.org/licenses/ for the list of known licenses and their exact spelling. """
This implies that every time the standard changes the message is wrong and we will have this discussion again. If we "follow SPDx" then the
There is always https://github.com/openSUSE/obs-service-format_spec_file/blob/master/README.... to point to.
But having a check that 'follows' is not going to work. We can only jump from spdx version to spdx version explicitly - including a conversion of all spec files.
Greetings, Stephan
And how to automagically convert > 10k spec files before we release Leap 15? Dave Plater was 100% on the money: "* Accept SPDX-2.0 AND SPDX-3.0 identifiers if we're going to stick with SPDX, we can depreciate SPDX-2.0 at a later stage. This gives a chance to replace "+" with "or later" and add "only" to the GPL license. Has anyone diffed SPDX-2 and 3 a quick glance only appeared to have a difference with GPL and Apache etc seemed the same?" Thanks, Peter -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org