Re: [SPAM:####] [DEP5] Expat or MIT license ?

[Russ Allbery <rra@debian.org>]

Charles Plessy <plessy@debian.org> writes:

> the current draft of DEP 5 contains the following instruction:

>   “There are many versions of the MIT license. Please use Expat instead,
>   when it matches.”

> This recommendation predates the achievements of the SPDX work group,
> which assembled a reference list of licenses and gave short names to
> them, for which there is strong convergence with the ones used in Debian
> and Fedora.  It was also announced on the SPDX blog that the OSI adopted
> the SPDX short license names.

Looking at the SPDX list, it looks like they have another varient of the
MIT license listed as the NTP license, except without the second paragraph
(warranty disclaimer) that's present in the actual MIT license, and so far
as I can tell they don't have the MIT Kerberos license at all.  I wonder
if the only reason why they have an unambiguous label is because they've
not really dealt with the problem yet.

I'm dubious anyone who's consuming these files will have ever heard of
SPDX (and OSI has been largely irrelevant for years), so sadly I'm not
sure it really makes a huge difference what SPDX does here in terms of the
ambiguity for humans.  However, SPDX also doesn't list the Expat license
(under that name), so using MIT for the Expat license would bring us more
in line with SPDX's registrations.

I can see pluses and minuses either way.  I think I'm not quite willing to
support the change, but it wouldn't bother me a lot either.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>