Hello Max, Matija,
from what I understand there will be further changes in SPDX 3.0 that will remove some of the mandatory stuff. I absolutely agree, that using SPDX should not add stuff not needed for the use case. And if this means that the SPDX file is not correct because some mandatory stuff is not included, this is a good hint for the SPDX community to think about the need for a mandatory field for the information.
Saying that, my basic intention is, that a REUSE.yaml file should not define fields and structures, which have the same meaning but are defined differently from SPDX. This would improve readability and processability of the files.
Mit freundlichen Grüßen / Best regards
Dr. Lars Geyer-Blaumeiser
Project Delivery - Open Source Services (IOC/PDL4) Bosch.IO GmbH | Stuttgarter Straße 130 | 71332 Waiblingen | GERMANY | www.bosch.io Mobil +49 172 4815079 | lars.geyer-blaumeiser@bosch.io
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Dr. Aleksandar Mitrovic, Yvonne Reckling
________________________________ Von: REUSE reuse-bounces@lists.fsfe.org im Auftrag von Max Mehl max.mehl@fsfe.org Gesendet: Donnerstag, 23. Juli 2020 15:04:02 An: reuse@lists.fsfe.org Betreff: Re: [REUSE] REUSE.yaml
~ Matija Šuklje [2020-07-22 13:54 +0200]:
Die 21. 07. 20 et hora 08:44 Geyer-Blaumeiser Lars (IOC/PDL4) scripsit:
I like the idea, but just a thought. There is the new yaml format in SPDX 2.2, and we are thinking around using this format to mark certain folders as open source component,
That is a great idea.
Yes, thanks for sharing this idea! Being compatible with other compliance projects is one of our core goals.
But you’d really go make a full SPDX valid file for that? How? There are quite a few fields there that are obligatory.
One potential issue might be the hash value. For marking 3rd party code that’s a great boon, but for marking your own living code that might be a bit of a issue, if you need to change the hash value every time the code changes.
I see the same issues. Additionally, I am always having user-friendliness in mind which is another big goal of REUSE. The SPDX document seems to work with e.g. "licenseId", "licenseConcluded", "licenseDeclared". While these make sense in the SPDX radius, REUSE users are used to work with License-Identifier and FileCopyrightText. Just like with the snippets I am afraid of different "keys" for the same information.
Best, Max
-- Max Mehl - Programme Manager - Free Software Foundation Europe Contact and information: https://fsfe.org/about/mehl | @mxmehl Become a supporter of software freedom: https://fsfe.org/join _______________________________________________ REUSE mailing list REUSE@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/reuse
This mailing list is covered by the FSFE's Code of Conduct. All participants are kindly asked to be excellent to each other: https://fsfe.org/about/codeofconduct