[arch-dev-public] Using SPDX License list as identifiers

Jonas Witschel diabonas at archlinux.org
Tue Oct 22 18:02:42 UTC 2019

On 2019-10-22 15:01, Allan McRae via arch-dev-public wrote:

>> It would also be a
>> little more accurate; eg. the SPDX allows for distinctions such as
>> "LGPL-3.0-or-later" vs. "LGPL-3.0-only".
> I thought we already managed that, but it seems in rather limited use
> these days looking at our -Si output.  e.g.
> Licenses        : LGPL-2.1
> Licenses        : LGPL-2.1+

Adding a plus doesn't appear to be standard practice, on the PKGBUILD
ArchWiki page [1] the policy regarding GPL versions is described as

- (L)GPL — (L)GPLv2 or any later version

- (L)GPL2 — (L)GPL2 only

- (L)GPL3 — (L)GPL3 or any later version

which is not very clear for the uninitiated. I think that using SPDX
license identifiers is a good idea since they provide a unified way to
unambiguously refer to commonly used licenses. They are used by many
projects [2], most notably the Linux kernel.


[1] https://wiki.archlinux.org/index.php/PKGBUILD#license
[2] https://spdx.org/ids-where

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20191022/082db1b3/attachment.sig>

More information about the arch-dev-public mailing list