Re: SPDX Statistics - R.U.R. edition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dne 28. 11. 23 v 0:19 Mark Wielaard napsal(a):
SBOMs only decribe the software bill of materials, not the binary
packages created from them. And they don't just use a license tag, but

It does.

https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf

AFAIK most common ones are Build and Analyzes which describes the binary packages.


I don't have any specific proposal. Lets just hope SPDX will just 
create a new generic Hybrid-BSD variant. I do find it somewhat
disturbing Fedora contributors are asked to file issues in these
external third-pary proprietary trackers.

SPDX is community-driven project. Under Linux Foundation. With all materials open and all decisions done in public.

I personally find it motivating. That we are collaborating on open standard that is used by various distributions and communities and not working on a NIH project.

|This example may look artificial, but I know a lot of companies
that want to avoid GPL-3.0-or-later.

And how does that help Fedora?

If companies find it easier to use Fedora, it will get wider recognition and companies in exchange very often contributes back.


I think it is a pretty standard convention and easy to automate. 
Various source code repositories already do and show you the project's
license based on scanning those files.
I disagree with you. E.g. most visible is GitHub, but it does that for only limited number of licenses https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository#disclaimer and very often fails when COPYING include multiple licenses. 


-- 
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys

--
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux