SPDX Identifiers for licences

Eitan Adler lists at eitanadler.com
Mon Oct 30 04:50:01 UTC 2017


On 29 October 2017 at 16:05, Clemens Lang <cal at macports.org> wrote:
> ## Convincing Large Companies to Use Open Source
> Largely a discussion on which licenses are company-friendly and which
> ones are not. Mentioned some of the problems companies face and where
> open source could help, such as making license compliance easy by
> providing machine-readable license specifications (e.g. using SPDX).
>
> From a MacPorts point of view, we should probably consider adapting the
> standardized identifiers from the SPDX license list
> (https://spdx.org/licenses/) for our license field. Unfortunately that
> would be some additional effort for licenses we did not distinguish so
> far, such as the various BSD-style licenses.

>From an OSS PoV:
FreeBSD does this (standardizing on SPDX identifiers). The gain has
been limited though I believe not burdensome. One does need to be
careful about licensing identifiers where code is of mixed origin,
multi-licensed, or otherwise confusing. It is important that the scope
of licensing be clear from the get-go.

>From a Large Company OSS Representative PoV:
Having these sorts of indicators are a great *start* for a license
compliance program. In practice most of the concern with software is
in the distribution and less-so in the usage area. This is
particularly true for projects like macports which are primarily used
by internal users for local reasons.



-- 
Eitan Adler


More information about the macports-dev mailing list