On Tuesday, February 8, 2022 10:39:36 AM EST Jonas Smedegaard wrote: > Quoting Stephan Lachnit (2022-01-26 12:49:34) > > > - What is an SPDX bill of materials? > > It is a machine-readable format that specifies the licenses of each > > file in tag/value style like DEP-5. However compared to DEP-5 it is > > much less human readable, i.e. it includes much more meta information, > > and does not contain the license texts. > > > > - What has this to do with Debian? > > My idea is to allow SPDX documents in addition to DEP-5. The advantage > > is that - if supported upstream - REUSE can generate such reports > > automatically during package build time, so there is no need to write > > d/copyright manually anymore. > > I am sceptical towards this proposal. > > An important feature to me with current machine-readable format is that > really it is machine-and-human-readable. > > Another important feature to me is that there is only one format (in > addition to unformatted content, which hopefully we can put past us at > some point). > > Today, I can as DD help proof-read and change *any* package in Debian. > > If we permit a debian/copyright format that is not human-readable, it > means that I cannot confidently proof-read and change the contents of > the debian subdir without the help of machine-parsers, and I would need > to know two formats with different goals. > > I would like to instead welcome the REUSE developers in helping Debian > evolve next version of the existing machine-readable format to better > align with SPDX. Since Debian policy requires verbatim copies of licenses (or links to /usr/ share/common-licenses), I think any policy compliant debian/copyright will have to be human readable, but I'm not that familiar with SPDX, so maybe it will surprise me. I would be good to understand how this proposal supports Debian Policy. Scott K
Attachment:
signature.asc
Description: This is a digitally signed message part.