On 2023-09-08 12:09:09 +0530 (+0530), Hideki Yamane wrote: [...] > SPDX is led by the Linux foundation project, OpenChain for license > compliance. [...] Unless I'm misreading, OpenChain follows the REUSE specification which acknowledges the sufficiency of "DEP5" formatted license info: https://github.com/OpenChain-Project/Reference-Material/blob/master/General-Compliance-Support-Material/REUSE.software/en/REUSE.software-3.0.md Since Debian's machine-readable format has been around longer than either of the newer formats you mentioned, it seems like it would make more sense for the tools to incorporate a parser for it rather than create needless churn in the package archive just to transform an established standard into whatever the format-du-jour happens to be (and then halfway through another new format gains popularity, and the process starts all over again). Sorry to come across as skeptical, but there are organizations out there churning out redundant "standards" rather than reusing suitable existing formats, and while I'd like to assume that it's simply because they did insufficient research to be aware of prior art, it seems like all too often it's in pursuit of signing on more and more donors at the expense of distracting active free/libre open source software communities from what they would normally focus on achieving. -- Jeremy Stanley
Attachment:
signature.asc
Description: PGP signature