annotations: Use SPDX License Expressions for licenses #680
Conversation
wking
force-pushed
the
spdx-license-expressions
branch
from
aa63dac
to
25588f0
Compare
Instead of comma-separated short identifiers, which have unclear semantics (are the delimiters AND or OR?). I don't see any discussion of the syntax for this field in [1] (which landed it), but I'd floaded license expressions before in the sub-thread starting at [2]. Greg had pushed back against my earlier proposal (licensing information on descriptors) with [3]: > No, that's not going to work at all, you can't properly describe the > license for a whole layer in any form of a string that could be > standardized or parsed. SPDX is great for describing the individual > licenses of things, but not for a collection of things, which almost > always has an arbitrary license (example, what's the license, in a > simple string, for a Ubuntu base layer?) But SPDX License Expression are both more expressive and better defined than the current comma delimiters. Everything you could have said with the comma-delimited string you can say more clearly with a SPDX License Expression. And because the syntax is not OCI-specific, you're more likely to be able to find tooling that handles these values out of the box. [1]: opencontainers#636 [2]: opencontainers#501 (comment) [3]: opencontainers#501 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
|
I remember greg saying that. I'm not familiar with spdx-expressions and would wager that many would have to get familiarized with it. |
That SPDX appendix isn't very long ;). Reading through it a few times seems better than inventing an OCI-specific syntax that is more limited. If maintainers want to limit what you can say (for some reason), then making
So "I'm leaning towards LGTM but want to think about it more and/or hear what others think"? Or is there some way I can adjust the wording to make you happier now? |
|
👍 == LGTM |
|
LGTM |
Instead of comma-separated short identifiers, which have unclear semantics (are the delimiters
ANDorOR?). I don't see any discussion of the syntax for this field in #636 (which landed it), but I'd floaded license expressions before in the sub-thread starting here. @gregkh had pushed back against my earlier proposal (licensing information on descriptors) with:But SPDX License Expressions are both more expressive and better defined than the current comma delimiters. Everything you could have said with the comma-delimited string you can say more clearly with a SPDX License Expression. And because the syntax is not OCI-specific, you're more likely to be able to find tooling that handles these values out of the box.
There are other annotation adjustments in flight with #678, but that's not currently touching the
licensesentry.