[arch-dev-public] Using SPDX License list as identifiers
Jonas Witschel
diabonas at archlinux.org
Tue Oct 22 18:02:42 UTC 2019
On 2019-10-22 15:01, Allan McRae via arch-dev-public wrote:
>> It would also be a
>> little more accurate; eg. the SPDX allows for distinctions such as
>> "LGPL-3.0-or-later" vs. "LGPL-3.0-only".
>
> I thought we already managed that, but it seems in rather limited use
> these days looking at our -Si output. e.g.
>
> Licenses : LGPL-2.1
> Licenses : LGPL-2.1+
Adding a plus doesn't appear to be standard practice, on the PKGBUILD
ArchWiki page [1] the policy regarding GPL versions is described as
- (L)GPL — (L)GPLv2 or any later version
- (L)GPL2 — (L)GPL2 only
- (L)GPL3 — (L)GPL3 or any later version
which is not very clear for the uninitiated. I think that using SPDX
license identifiers is a good idea since they provide a unified way to
unambiguously refer to commonly used licenses. They are used by many
projects [2], most notably the Linux kernel.
Best,
Jonas
[1] https://wiki.archlinux.org/index.php/PKGBUILD#license
[2] https://spdx.org/ids-where
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20191022/082db1b3/attachment.sig>
More information about the arch-dev-public
mailing list