[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DEP5 and spdx shortname of license




Le 8 septembre 2024 09:38:00 GMT+02:00, Andrea Pappacoda <andrea@pappacoda.it> a écrit :
>Hi Aurélien,
>
>On Sat Sep 7, 2024 at 10:56 PM CEST, Aurélien COUDERC wrote:
>> Our spec [2] already defines an equivalence rule between License-X and License-X.0 declarations for SPDX compatibility.
>> For what I’ve seen on the quite vast and diverse KDE source corpus we’d only need 2 additional equivalence rules to be added to matches what that upstream ships :
>> - equivalence between the + and -or-later suffixes (GPL-2+ / GPL-2.0-or-later)
>
>There's already an equivalence in the SPDX spec, as described in "Annex D: SPDX license expressions"[1] (kind of. using the plus sign operator "+" is SPDX's general way of saying "this version or later", while "-or-later" is a special case only valid for GPL licenses, as described in [2] and [3]).
>
>This means that you can use "GPL-3.0+" in debian/copyright and have it being valid both when interpreted as our format or as an SPDX expression.

Thanks, interesting.

What I'd like to see is us updating *our* spec to have the equivalence the other way around and I can extract upstream provided SPDX licence identifiers while staying debian-machine-readable-copyright compliant.


--
Aurélien


Reply to: