On 02/13/2018 10:10 AM, Tomas Chvatal wrote:
Dominique Leuenberger / DimStar píše v Út 13. 02. 2018 v 16:01 +0100:
Hi all,
Seems spdx has been busy finalizing the 3.0 draft and made this now the active licenses on spdx.org/licenses (dated Dec 28 2017)
This has alraedy led to 'some confusion', because all our tools still expect/validate on SPDX-2.0 only, and the error messages then point to spdx.org/license; so easily to see how somebody can get frustrated there.
We should decide how we in openSUSE want to handle that, and how to handle the transition (if at all).
I see basically these options:
* Stick with SPDX-2.0 * Accept SPDX-2.0 AND SPDX-3.0 identifiers * Move to SPDX-3.0
Not much more choice than that, is there? :)
Of course any kind of 'moving away' from spdx will need tooling adjustments, having spdx-3.0 identifier will mean any build for 'non- latest openSUSE releases' will spit warnings, as they would not know about the new license format being valid.
If we decide to stick with SPDX-2.0, then at a bare minimum we have to stop pointing to spdx.org/licenses in our warnings, as this can't possible do us any good.
Thoughs? Ideas? Volunteers to pick up the needed work? :)
Not volunteering for any work ;) but sharing my opinion anyway.
Cheers Dominique
We should probably stick to SPDX-3.0 only,
+1
most important is rpmlint to be backported to all supported platforms, but that should be doable too...
I got bit annoyed week ago+- as I wanted spec-cleaner to be able to parse the web properly... https://github.com/openSUSE/spec-cleaner/commit/5d8397c52b99e6f8beb0f52 a03796dab8a902aff
I think the whole process should be automated. 1. when running osc build locally the license in the spec file should get transformed from spdx_v2 to spdx_v3 name 2. the checker in OBS should always look at spdx.org/licenses to avoid falling out of sync My $0.02 Robert -- Robert Schweikert MAY THE SOURCE BE WITH YOU Distinguished Architect LINUX Team Lead Public Cloud rjschwei@suse.com IRC: robjo