Re: package licenses - use of SPDX identifiers

[Mike Miller]

On Sun, Feb 07, 2016 at 21:03:00 +0000, Carnë Draug wrote:
> On 7 February 2016 at 10:27, Oliver Heimlich <address@hidden> wrote:
> > The DESCRIPTION file is not meant to be machine readable by anything but
> > Octave's pkg command and he generate_html package. If we really want to
> > address easier license checks and automated packaging, using a different
> > license ID is not enough. Currently, downstream has to scan each file in
> > the package anyway.
> >
> > We would have to distribute actual SPDX files with the packages. These
> > would contain machine readable license information about the package as
> > a whole and single files within the package. (You can think of it as a
> > superset of the information in a debian/copyright file in XML format.)
> >
> > Oliver
> 
> Hmmm... So maybe packages could have those spdx files too and the DESCRIPTION
> files be generated as part of the release?  I'm not sure if we should make
> this a requirement for packages or just suggest it though.

Personally I think that's a bit overkill. I'm in favor of using SPDX
license identifiers but keeping the DESCRIPTION file simple as is.
Annotating individual source files with a license header is still the
preferred technique, and downstreams (e.g. Debian) already have tools to
scan source files and extract the necessary license information.

-- 
mike