Re: Switching to SPDX license tags

To: Thomas Klausner <wiz%NetBSD.org@localhost>
Subject: Re: Switching to SPDX license tags
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Fri, 03 Feb 2023 11:19:40 -0500

Thomas Klausner <wiz%NetBSD.org@localhost> writes:

> SPDX has a list of license names:
>
> https://spdx.org/licenses/
>
> This includes 'Identifiers' which correspond in idea to the license
> names we have in pkgsrc, and markers if they're FSF/OSI approved.
>
> I think it'd be useful to convert our licenses (LICENSE) to these
> standardized identifiers. Perhaps url2pkg could even set it
> automatically by looking for SPDX-License tags in the code,
> e.g. these:
>
> // SPDX-License-Identifier: MIT
>
> For the migration, I'm thinking of these steps:
>
> - add the licenses corresponding to the new SPDX names to
>   pkgsrc/licenses
>
> - add the SPDX names of the currently 'default accepted' licenses to
>   the new default accepted lists in pkgsrc/mk/license.mk and
>   pkg_install
>
> - run a regex over pkgsrc's LICENSE lines replacing the current names
>   with the SPDX names
>
> - Clean up: remove the old license files from mk/licenses; at some
>   later point (a year later?) remove the old license names from the
>   default acceptable lists
>
> We'll have to manually fix entries; e.g. currently we use gnu-gpl-v2
> for both 'GPL v2' and 'GPL v2 or later' while SPDX has GPL-2.0-only
> and GPL-2.0-or-later, so help will be needed at that point.
>
> As for the timeframe, I expect to implement this shortly after the
> next branch, so early April 2023.

I don't see this as a major improvement, but I don't object as long as
it isn't near a branch (as you propose) and I don't have to fix fallout.

Two things I think we need:

  1) Right now one can tell from a license tag if the license is one or
  more of Free/Open/DFSG (henceforth Freeish), or not; things with
  -license aren't Freeish and things without license are Freeish.  I
  think that's useful.  Even if someone has put some non-Freeish
  foo-license in DEFAULT_ACCEPTABLE, I think it's reasonable for them to
  want to know of some other package under that license.  For me, it's
  situational: I am willing to install a particular package with a
  non-Freeish license after thought.   I'm not proposing changing the
  rules, but I would like show-license extended to be:

    $ make show-license
    gnu-gpl-v3-or-later: In DEFAULT_ACCEPTABLE_LICENSES.  In ACCEPTABLE_LICENSES.

    $ make show-license
    generic-non-license: Not in DEFAULT_ACCEPTABLE_LICENSES.  Not in ACCEPTABLE_LICENSES.

  to basically restore the property that one can tell Freeish-ness from
  the tag.

  2) Your plan implies that all license tags we have are in SPDX.  I
  really doubt that.   There's an obvious modification which is to leave
  some foo-license and generic-nonlicense and maybe some bar (Freeish
  not covered), not rewrite the tags and not delete  them, instead only
  gcing license files that are not pointed to by anything in pkgsrc.


Also, I think this change needs to happen in wip too if it happens and
for license files to be protected from gc by a reference in wip.

Follow-Ups:
- Re: Switching to SPDX license tags
  - From: Thomas Klausner

References:
- Switching to SPDX license tags
  - From: Thomas Klausner

Prev by Date: daily pkgsrc CVS update output
Next by Date: daily pkgsrc CVS update output
Previous by Thread: Re: Switching to SPDX license tags
Next by Thread: Re: Switching to SPDX license tags
Indexes:

Home | Main Index | Thread Index | Old Index