~ Matija Šuklje [2020-07-22 13:54 +0200]:
Die 21. 07. 20 et hora 08:44 Geyer-Blaumeiser Lars (IOC/PDL4) scripsit:
I like the idea, but just a thought. There is the new yaml format in SPDX 2.2, and we are thinking around using this format to mark certain folders as open source component,
That is a great idea.
Yes, thanks for sharing this idea! Being compatible with other compliance projects is one of our core goals.
But you’d really go make a full SPDX valid file for that? How? There are quite a few fields there that are obligatory.
One potential issue might be the hash value. For marking 3rd party code that’s a great boon, but for marking your own living code that might be a bit of a issue, if you need to change the hash value every time the code changes.
I see the same issues. Additionally, I am always having user-friendliness in mind which is another big goal of REUSE. The SPDX document seems to work with e.g. "licenseId", "licenseConcluded", "licenseDeclared". While these make sense in the SPDX radius, REUSE users are used to work with License-Identifier and FileCopyrightText. Just like with the snippets I am afraid of different "keys" for the same information.
Best, Max