On 02/13/2018 04:19 PM, Stephan Kulow wrote:
Am 13.02.2018 um 16:31 schrieb Robert Schweikert:
On 02/13/2018 10:22 AM, Dominique Leuenberger / DimStar wrote:
On Tue, 2018-02-13 at 10:18 -0500, Robert Schweikert wrote:
2. the checker in OBS should always look at spdx.org/licenses to avoid falling out of sync
Absolutely not.
a) the checker has no internet access b) you really want the build result to differ based on any random external website? Thanks, but no thanks. This MUST be a coordinated, decided action into the distro.
Fair, but then we should not imply that we follow spdx and should just state that we name things as we see fit.
SPDX 3.0 is a given thing - it doesn't change.
The point is that if we have to make a decision to go with whatever version they come up with next then the decision is more or less arbitrary. Meaning the decision could just as well be made to stay behind or use a "we pull names out of thin air" approach. If we "follow SPDx" then IMHO it is implied that we move along with the standard => auto-generation of the list based on whatever version is current and no recurring decision about version changes are needed going forward. If we "use SPDx" then we use a specific version, that currently happens to be 2.0, and we clearly need to specify the version we are using => an explicit decision every time the standard version changes is needed; this path also clearly indicates that we just as well might change direction at the next decision point to a "we pull names out of thin air" approach At present the check produces the following error message: """ E: invalid-license (Badness: 100000) LGPL-3.0-or-later The specified license string is not recognized. Please refer to https://spdx.org/licenses/ for the list of known licenses and their exact spelling. """ This implies that every time the standard changes the message is wrong and we will have this discussion again. If we "follow SPDx" then the message is correct and the bug is that we have not moved forward in a timely fashion. If we "use SPDx" the the error message is incorrect and should point to license.opensuse.org Last but not least we should take this opportunity to clearly state what the policy is "follow" or "use" and document this on [1]. I think we should follow the standard but do not really have a strong opinion about the matter. I do however feel reasonably strongly that we should resolve the ambiguity and whatever the decision is we should clearly document it. And yes that implies that the contextual difference between "follow SPDx" and "use SPDx" is understood. Later, Robert [1] https://en.opensuse.org/openSUSE:Specfile_guidelines -- Robert Schweikert MAY THE SOURCE BE WITH YOU Distinguished Architect LINUX Team Lead Public Cloud rjschwei@suse.com IRC: robjo