On Wed, Jun 26, 2024 at 02:32:34PM +0200, Miro Hrončok wrote: > On 26. 06. 24 14:17, Miroslav Suchý wrote: > > Dne 26. 06. 24 v 11:47 dop. Miro Hrončok napsal(a): > > > > > > Clearly, I must miss something. What do we gain by causing all > > > license tags to conform to the SPDX license expression standard > > > despite actually just using the old tag with extra boilerplate? > > > > We will get valid SPDX formula. And all tools generating SBOMs from RPMs > > can use it and it will produce valid SBOM document. > > > > If we keep the old value, it will not be valid SPDX formula and all > > tools build on top of that have to put if/else into their workflow. > > And what good is a valid SPDX formula if it contains custom identifiers? This has already been answered multiple times now. Tools that process SPDX expressions can now handle Fedora RPMs without needing custom parsing code. This allows querying & reporting on licenses in Fedora packages. The LicenseRef-Callaway-XXXX terms that are extracted are still providing useful information about the package license. Not as useful as it would be eventually, due to the historical license minimization, but still none the less useful. It is up to the users of the tools to decide how they interpret the data that is extracted. > If we converted all the Licenses of all our packages to > LicenseRef-Fedora-Unknown, it would still be a valid formula, but clearly, > we would not want that. Or would we? That would be throwing away data that we've got today, so would be a step backwards. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
