Die 15. 09. 21 et hora 13:22 Alejandro Criado-Pérez scripsit:
I get a bit lost in the legal terms, so please forgive me if this is silly question. Does this mean that using REUSE correctly means you comply with this new ISO/IEC 5962:2021 ?
No. The SPDX spec is _much_ larger and complex.
REUSE relies on only a few parts of the SPDX spec, specifically: • SPDX License List for canonical license texts • SPDX License IDs for unique identifiers for licenses • license expressions – e.g. (MIT AND GPL-2.0-or-later)
REUSE Tool (and others, such as FOSSology Ojo) is able to generate a valid SPDX Document out of a REUSE-compliant repository/package.
What it _does_ mean though is that if your repository is REUSE-compliant, it is super easy to also create a ISO-standard SBOM (i.e. an SPDX Documont) from it. So it’s not automatic, but the extra step you need to make is trivial.
Shouldn't this help with the adoption of REUSE?
I sure hope so :)
cheers, Matija