On Tue, Mar 14 2023 at 10:01:06 AM -0400, David Cantrell
<dcantrell@xxxxxxxxxx> wrote:
And as part of the US Executive Order on Cybersecurity, we need to
start using
SPDX identifiers in software we package and provide so that our
downstream
users are in compliance:
If you rely on this then you're up a creek, because ***Fedora License
identifiers will rarely be accurate***. Wishing for them to be accurate
won't make it so. Who is going to do the work of reassessing the
License field every package update?
Switching to use SPDX was good, but it still has to be curated by a
human.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
