[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DEP5 and spdx shortname of license



Hi Aurélien,

On Sat Sep 7, 2024 at 10:56 PM CEST, Aurélien COUDERC wrote:
Our spec [2] already defines an equivalence rule between License-X and License-X.0 declarations for SPDX compatibility. For what I’ve seen on the quite vast and diverse KDE source corpus we’d only need 2 additional equivalence rules to be added to matches what that upstream ships : - equivalence between the + and -or-later suffixes (GPL-2+ / GPL-2.0-or-later)

There's already an equivalence in the SPDX spec, as described in "Annex D: SPDX license expressions"[1] (kind of. using the plus sign operator "+" is SPDX's general way of saying "this version or later", while "-or-later" is a special case only valid for GPL licenses, as described in [2] and [3]).

This means that you can use "GPL-3.0+" in debian/copyright and have it being valid both when interpreted as our format or as an SPDX expression.

- equivalence between MIT and Expat.

This would be really helful. SPDX clearly defines all the MIT variants, so, if we agree that we are using SDPX names, there's no ambiguity in using "MIT".

[1]: https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/
[2]: https://spdx.dev/license-list-3-0-released/
[3]: https://www.gnu.org/licenses/identify-licenses-clearly.html

Attachment: signature.asc
Description: PGP signature


Reply to: