Forum: >>> Magnum BBS <<<

DEP5 and spdx shortname of license

From Fabio Fantoni@21:1/5 to All on Sat Sep 7 21:50:02 2024

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------mkICcxufApqUkMu3V2uMF4Xi
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SGksIHNwZHggaGFzIGFuIGV2ZXItaW5jcmVhc2luZyB1c2FnZS4gVG9kYXkgdHJ5aW5nIHJl dXNlIHRvb2wgSSB0cmllZCANCnRvIGNvbnZlcnQgREVQNSBkL2NvcHlyaWdodCB0byBSRVVT RS50b21sIHRoaW5raW5nIGEgcG9zc2libGUgaGVscCB0byANCnNvbWUgcHJvamVjdCB1cHN0 cmVhbSwgd2hlbiBsaWNlbnNlIGFuZCBjb3B5cmlnaHQgIm1hbmFnZW1lbnQiIGlzIG5vdCAN Cmdvb2QsIGNvbnZlcnRpbmcgZnJvbSBkL2NvcHlyaWdodCAoREVQNSkgd2hpY2ggaXMgYmV0 dGVyLCBmb3IgZXhhbXBsZSANCndpdGggYWRkaXRpb25hbCBwYXJ0cyByZXN1bHRpbmcgZnJv bSByZXNlYXJjaCBkb25lIG9uIGZpbGVzIHRoYXQgd2VyZSANCnRha2VuIGZyb20gb3RoZXIg cHJvamVjdHMgYnV0IGRpZCBub3QgY29udGFpbiBoZWFkZXJzIHdpdGggbGljZW5zZSBhbmQg DQpjb3B5cmlnaHQuDQoNCkkgbm90aWNlZCB0aGF0IGV2ZW4gdGhvdWdoIHJldXNlIHN1cHBv cnRzIERFUDUgdGhlIHNob3J0IGxpY2Vuc2UgbmFtZXMgDQp1c2VkIGJ5IERlYmlhbiAoYW5k IHBhcnRseSBieSBzcGR4IGJ1dCBkZXByZWNhdGVkKSB3ZXJlIG5vdCBzdXBwb3J0ZWQuDQoN ClNvIEkgd29uZGVyLCBpcyBpdCBwb3NzaWJsZSB0byBwdXQgaW4gZC9jb3B5cmlnaHQgREVQ NSB0aGUgc2hvcnQgbGljZW5zZSANCm5hbWVzIHVzaW5nIHRoZSBzcGR4IG9uZXM/DQoNCkkg c3VwcG9zZWV2ZW4gdXNpbmcgdGhlbSBieSBkZWZhdWx0IGluIHRoZSBmdXR1cmUgY291bGQg aGVscCB0aGUgDQpjb250cmlidXRvcnMgKGVzcGVjaWFsbHkgdGhlIG5ldyBvbmVzKXdobyBh bHJlYWR5IGtub3cgYW5kIHVzZSBzcGR4IGFuZCANCm1heWJlIGl0IGNvdWxkIGhlbHAgdGhl bSB0byByZWR1Y2UgdGhlIHRpbWUgb2YgY3JlYXRpb24gYW5kIG1hbmFnZW1lbnQgDQpvZiBk L2NvcHlyaWdodCBmaWxlcyAodW5mb3J0dW5hdGVseSBvZnRlbiBsb25nIGV2ZW4gdXNpbmcg dmVyeSB1c2VmdWwgDQp0b29scyBsaWtlIGRlY29weSwgbGljZW5zZWNoZWNrIGFuZCBscmMp LiBXaGF0IGRvIHlvdSB0aGluaz8NCg0K

--------------mkICcxufApqUkMu3V2uMF4Xi--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmbcrOgFAwAAAAAACgkQaAZorpB/EB3h Sw/+JE9LBfulloDPrlIwCT9i24+CEGYIWMc1TakCRPVPBjcjiJMK+54VLEBR29sw7E9RuI5Gzf/m xpVuQ7h/MBc83gp1MsE7KTwKkm+1K5YPL7jZINnuc9ycG2yl8s+YgsnYpZNzqaYN4pVANZaTdBqt beEY8NRo4uHpsvBljgMyRzeGOUaH9PvMZhat9oEF7garqLAKIoIXsVowCsR3Nrm2XyfQZxSFqTwF PCVVsqgePoYnTiOkC5Jy4PhhH6i4MbHWmTOB1OAEBP0xCJPk0xezjvk5+1FVGAvmzkC9NYgRqolP B8SnYRfhxSojdHV99mWCLJgwCj8hDj54B7zFC5jVNQuOs8WXk/ljOEM3E0eWa0mJ42Dk5KAW4Tq7 NDXZ7tz1iNgEo3IbIBp65MVeqb0xtZP1sJaN8fcCdPQQqtXjv8UeIIoRtwEujQ/j/QmzSuw6NhQb o5+1LPh7BH4ChWlu4UHNHiAwD33nRQon4VpaECgfU2gh/HVsGiTgHwU2CpranbLFLgMFBoFMNRt4 fKaAeXcoBtsepYWD0Oyp4OvALzcMdWikEFNXX9ACyMitrKEYXIagzHWIjFAJ4eIn9UDzsqDHn/MK 8kYxCsyqq0aXb/yCtYl0y1IX+nEqtlsVKF8ON/z/J4fp7EO7oJE12P0gmIkl8qKAFvUocWFqFFTP XKw=
=ugXs
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Jonas Smedegaard@21:1/5 to All on Sat Sep 7 22:40:01 2024

Quoting Fabio Fantoni (2024-09-07 21:43:35)

Hi, spdx has an ever-increasing usage. Today trying reuse tool I tried
to convert DEP5 d/copyright to REUSE.toml thinking a possible help to
some project upstream, when license and copyright "management" is not
good, converting from d/copyright (DEP5) which is better, for example
with additional parts resulting from research done on files that were
taken from other projects but did not contain headers with license and copyright.

I noticed that even though reuse supports DEP5 the short license names
used by Debian (and partly by spdx but deprecated) were not supported.

So I wonder, is it possible to put in d/copyright DEP5 the short license names using the spdx ones?

I supposeeven using them by default in the future could help the contributors (especially the new ones)who already know and use spdx and maybe it could help them to reduce the time of creation and management
of d/copyright files (unfortunately often long even using very useful
tools like decopy, licensecheck and lrc). What do you think?

DEP5 already encourages (but does not require) use of SPDX shortnames,
except where Debian and SPDX disagree on sensible naming.

See https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#spdx
and the historical notes at https://wiki.debian.org/Proposals/CopyrightFormat#Differences_between_DEP5_and_SPDX

Do you have ideas on how to address the documented differences in naming choices?

- Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones

[x] quote me freely [ ] ask before reusing [ ] keep private --==============R41386362749412653=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmbcuVwACgkQLHwxRsGg ASGh+g/+LVclSoemiAjafwf5fmt8h751olVIEqrt6yZGw2XmWqf+3EiQ5k+P+puK eHdKOtuftxwhb0KAyleOsJN/8vyiXH7KrgqwtmC6fILzHFWPyUdTpWu0bBNaOF7M n48ztasI3uheNWunB+uwZTgXBIHyK54xTqOUr03qpRcNsfKEVaKEznwPFF3D6w8M LYAwsUep6MhBqHysYiQVLz6xTpZ5Ok1TDezLG7M0PLY2Oq2YERIMYYJz9UxT9VN9 0QkBcXmDNwxQyrBhEdlNh2P4Ivvsqv4rQj/hmmFp3RpHVt0wO8uFdKkwTRToEJn6 IR3j4r2d2wOV5ESTk3luZ2mQNd35DLV3zRZLRqdROjx07ysHfp1MIGSdTGjVIVvi 74lVZpyEoYDK2Sib278uvdJO1lxvVrQIS2on8Pu0J7Tut1cG7ak2qnpNm2F2JS2J vryiekJrMm3Xvf+SHPGAZyQDxHUMigg1m9WnxIMW

From Fabio Fantoni@21:1/5 to =?UTF-8?Q?Aur=C3=A9lien_COUDERC?= on Sun Sep 8 00:00:01 2024

To: [email protected]

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------drWJjkk7pJ4agCwbI6EeX5o0
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SWwgMDcvMDkvMjAyNCAyMjo1NiwgQXVyw6lsaWVuIENPVURFUkMgaGEgc2NyaXR0bzoNCj4g SGkgRmFiaW8sDQo+DQo+IExlIHNhbWVkaSA3IHNlcHRlbWJyZSAyMDI0LCAyMTo0MzozNSBD RVNUIEZhYmlvIEZhbnRvbmkgYSDDqWNyaXQgOg0KPg0KPj4gU28gSSB3b25kZXIsIGlzIGl0 IHBvc3NpYmxlIHRvIHB1dCBpbiBkL2NvcHlyaWdodCBERVA1IHRoZSBzaG9ydCBsaWNlbnNl DQo+PiBuYW1lcyB1c2luZyB0aGUgc3BkeCBvbmVzPw0KPiB3ZeKAmXZlIGJlZW4gZG9pbmcg dGhhdCBmb3IgS0RFIHBhY2thZ2VzIHNpbmNlIHVwc3RyZWFtIHN0YXJ0ZWQgdGFnZ2luZyBh bGwgc291cmNlIGZpbGVzIHdpdGggU1BEWC1MaWNlbnNlIC8gU1BEWC1Db3B5cmlnaHQgaGVh ZGVycyBhbmQgc28gdXNpbmcgU1BEWCBsaWNlbnNlIGlkZW50aWZpZXJzIHNvbWUgeWVhcnMg YWdvLiBTZWUgWzFdIGZvciBleGFtcGxlLg0KPg0KPiBXaGlsZSBub3Qgc3RyaWN0bHkgYWRo ZXJpbmcgdG8gREVQLTUgSSBjb25zaWRlciBpdCB1c2VmdWwgdG8gaGF2ZSBhIG1hY2hpbmUt cmVhZGFibGUtd2l0aC1TUERYLWlkZW50aWZpZXJzIGFuZCBJ4oCZbSBub3Qgc3VyZSBob3cg dXNlZnVsIGl0IGlzIHRvIHRyeSBhbmQgdHJhbnNsYXRlIHVwc3RyZWFtLXByb3ZpZGVkIFNQ RFggaWRlbnRpZmllcnMgaW50byBzb21ldGhpbmcgZWxzZS4NCj4NCj4gT3VyIHNwZWMgWzJd IGFscmVhZHkgZGVmaW5lcyBhbiBlcXVpdmFsZW5jZSBydWxlIGJldHdlZW4gTGljZW5zZS1Y IGFuZCBMaWNlbnNlLVguMCBkZWNsYXJhdGlvbnMgZm9yIFNQRFggY29tcGF0aWJpbGl0eS4N Cj4gRm9yIHdoYXQgSeKAmXZlIHNlZW4gb24gdGhlIHF1aXRlIHZhc3QgYW5kIGRpdmVyc2Ug S0RFIHNvdXJjZSBjb3JwdXMgd2XigJlkIG9ubHkgbmVlZCAyIGFkZGl0aW9uYWwgZXF1aXZh bGVuY2UgcnVsZXMgdG8gYmUgYWRkZWQgdG8gbWF0Y2hlcyB3aGF0IHRoYXQgdXBzdHJlYW0g c2hpcHMgOg0KPiAtIGVxdWl2YWxlbmNlIGJldHdlZW4gdGhlICsgYW5kIC1vci1sYXRlciBz dWZmaXhlcyAoR1BMLTIrIC8gR1BMLTIuMC1vci1sYXRlcikNCj4gLSBlcXVpdmFsZW5jZSBi ZXR3ZWVuIE1JVCBhbmQgRXhwYXQuDQo+DQo+DQo+IFsxXSBodHRwczovL3NhbHNhLmRlYmlh bi5vcmcvcXQta2RlLXRlYW0va2RlL3BsYXNtYS13b3Jrc3BhY2UvLS9ibG9iL2RlYmlhbi9l eHBlcmltZW50YWwvZGViaWFuL2NvcHlyaWdodA0KPiBbMl0gaHR0cHM6Ly93d3cuZGViaWFu Lm9yZy9kb2MvcGFja2FnaW5nLW1hbnVhbHMvY29weXJpZ2h0LWZvcm1hdC8xLjAvI2xpY2Vu c2Utc2hvcnQtbmFtZQ0KDQpUaGFua3MgZm9yIHRoZSBpbmZvcm1hdGlvbiwgYWJvdXQgdG9v bHMgdGhhdCBoZWxwIHRvIGNyZWF0ZSBhbmQgY2hlY2sgDQpkL2NvcHlyaWdodCBhcmUgeW91 IGV4cGVyaWVuY2luZyBwcm9ibGVtcz8NCg0KSSB1c2UgYSBsb3QgZGVjb3B5YW5kIEkgZm91 bmQgdGhhdCB0aGVyZSBpcyB0aGlzIE1SIG9mIDEgeWVhciBhZ28gbm90IA0KbWVyZ2VkOiBo dHRwczovL3NhbHNhLmRlYmlhbi5vcmcvZGViaWFuL2RlY29weS8tL21lcmdlX3JlcXVlc3Rz LzQNCg0KaXQgd291bGQgYmUgdXNlZnVsIGV2ZW4gaWYgaXQgZGlkbid0IGhhdmUgc3BkeCBn ZW5lcmF0aW9uIGJ5IGRlZmF1bHQgYnV0IA0KYXQgbGVhc3QgYXMgYW4gb3B0aW9uLCBJIHdh cyB3b25kZXJpbmcgaWYgdGhlcmUgd2FzIHNvbWV0aGluZyBwcmV2ZW50aW5nIA0KdGhlIHVz ZSBvZiB0aGUgc3BkeCBuYW1lIGJ1dCBmcm9tIHRoZSBjdXJyZW50IHJlc3BvbnNlcyBpdCBk b2VzIG5vdCBhcHBlYXIuDQoNCm9uZSBtb3JlIHF1ZXN0aW9uLCBpcyB0aGVyZSBhbnkgdG9v bC9zY3JpcHQgdG8gY29udmVydCBjdXJyZW50IA0KZC9jb3B5cmlnaHQgdG8gc3BkeCBuYW1l cz8NCg0K

--------------drWJjkk7pJ4agCwbI6EeX5o0--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmbczFAFAwAAAAAACgkQaAZorpB/EB2I lg/8C9A9DfpqA7k6GJLQfU+08xlgv9zXdHTyV5Zhqu0mvSaXOs21mlAxuqnN6f1N+B0er0UFwzyg DvYILMvxQecSsBLcVPqOiBe2IJ5Bc1xZTDwkgXCzKQQzNZHRfuq80O0BdAHPI/7TEtwrZq/3Poll AfBZRjoBd8H/Uf12rZL7/1PQ4zapJYjNAA894U6sHojp6bv0zNKn2tQ5CGfqIm3Ue8wiWgxd60nq ezMzrFpzGM/AFREZ5smudQbCS8BZNLboMs1hh+5utzrWQSdLXgq7x2d0MIz2TuSFpTJ8pv6/CaA3 dfF9zM6iTiq0LyL8Ta3uo6C/pYiWioAP4fN+pShM6IKsyp1CSDcRe6+IztdwiTzgFmlHP8RR86tF ryhSqGqL1NP+6nAt+I9H80Fof9DQroacDmXU7bINq0ebsy320/YD1tpihfn79sCZF9X9e0+BIURm MJcZtXoFb+sVrq00c5cwNtfGM8LKIWjONAo9iEnnIpDhN9FQEc5kO3MmTBpnNBE8Mo5RMrd552Sj OiFqBlSh1+X4BqPK68RsDm/6Mm5v0RWkmyNNKY2k7kDzlcWVv/bSD0AOxjKPHNlCNNiNFuURJu2V 6Ln9Fj3xFUEr2+slLjaNSO6L9A33KcFWiBK4xkaX3+AfvKIy3ZhAV6mC/SGGFZQXr+f8Y+bgKBQk MfM=
=tXzi
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From =?ISO-8859-1?Q?Aur=E9lien?= COUDERC@21:1/5 to All on Sat Sep 7 23:20:01 2024

Hi Fabio,

Le samedi 7 septembre 2024, 21:43:35 CEST Fabio Fantoni a écrit :

So I wonder, is it possible to put in d/copyright DEP5 the short license names using the spdx ones?

we’ve been doing that for KDE packages since upstream started tagging all source files with SPDX-License / SPDX-Copyright headers and so using SPDX license identifiers some years ago. See [1] for example.

While not strictly adhering to DEP-5 I consider it useful to have a machine-readable-with-SPDX-identifiers and I’m not sure how useful it is to try and translate upstream-provided SPDX identifiers into something else.

Our spec [2] already defines an equivalence rule between License-X and License-X.0 declarations for SPDX compatibility.
For what I’ve seen on the quite vast and diverse KDE source corpus we’d only need 2 additional equivalence rules to be added to matches what that upstream ships :
- equivalence between the + and -or-later suffixes (GPL-2+ / GPL-2.0-or-later) - equivalence between MIT and Expat.

[1] https://salsa.debian.org/qt-kde-team/kde/plasma-workspace/-/blob/debian/experimental/debian/copyright
[2] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-short-name

Happy hacking,
--
Aurélien

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Jonas Smedegaard@21:1/5 to All on Sun Sep 8 07:40:01 2024

[CC'ing Fabio as they seemingly missed my earlier list-only reply]

Quoting Fabio Fantoni (2024-09-07 23:57:35)

Il 07/09/2024 22:56, Aurélien COUDERC ha scritto:

Le samedi 7 septembre 2024, 21:43:35 CEST Fabio Fantoni a écrit :

So I wonder, is it possible to put in d/copyright DEP5 the short license >> names using the spdx ones?

we’ve been doing that for KDE packages since upstream started tagging all source files with SPDX-License / SPDX-Copyright headers and so using SPDX license identifiers some years ago. See [1] for example.

While not strictly adhering to DEP-5 I consider it useful to have a machine-readable-with-SPDX-identifiers and I’m not sure how useful it is to try and translate upstream-provided SPDX identifiers into something else.

Our spec [2] already defines an equivalence rule between License-X and License-X.0 declarations for SPDX compatibility.
For what I’ve seen on the quite vast and diverse KDE source corpus we’d only need 2 additional equivalence rules to be added to matches what that upstream ships :
- equivalence between the + and -or-later suffixes (GPL-2+ / GPL-2.0-or-later)
- equivalence between MIT and Expat.

[1] https://salsa.debian.org/qt-kde-team/kde/plasma-workspace/-/blob/debian/experimental/debian/copyright
[2] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-short-name

Thanks for the information, about tools that help to create and check d/copyright are you experiencing problems?

You might already be aware, but (also for others following along) an
overview of tools is maintained here: https://wiki.debian.org/CopyrightReviewTools

I use a lot decopyand I found that there is this MR of 1 year ago not merged: https://salsa.debian.org/debian/decopy/-/merge_requests/4

it would be useful even if it didn't have spdx generation by default but
at least as an option, I was wondering if there was something preventing
the use of the spdx name but from the current responses it does not appear.

Licensecheck can use strictly SPDX shortnames like this:

licensecheck --shortname-scheme spdx --check '.*' --recursive --deb-machine --lines 0 -- *

...or more relaxed use fallbacks for patterns without SPDX shortname:

licensecheck --shortname-scheme spdx,debian,internal --check '.*' --recursive --deb-machine --lines 0 -- *

If you want another output than the DEP5 file format implied by the
option --deb-machine (e.g. one that includes hashes for each file, never shortening file lists with wildcards) then please file a bugreport
against licensecheck and let's discuss that in detail there: https://www.debian.org/Bugs/Reporting

one more question, is there any tool/script to convert current
d/copyright to spdx names?

See to tools at https://wiki.debian.org/CopyrightReviewTools and please
update that list if you find additional tools helpful.

Thanks for interest in copyright and licensing tracking,

- Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones

[x] quote me freely [ ] ask before reusing [ ] keep private --==============18593342971999367=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmbdOGUACgkQLHwxRsGg ASG+khAArEA5IaIY+9GgRSk5jqbzjeEGW7Jb+vEWgUsCIZem/5y/0b6KqrDgK11t HA0DOQV3qDzG3nPK6/gfe1Tvr0U0dFj64yCpbVPDYShDwNJHSm/OBeAphvZbedVL tjGnjEYRqsMKlIGOivDZFm0UT6aiIVrvAIWzxMJjMdtE6iXtPkdT9JhaNfaiz3Vm EpZqaxpYWttwnTNZfFyP1zGSe61TtLLZ9LXkeJHXpvGKBnGyOLcfN7WnRDrGDzRS hgORdVo6Hxbwsny5a5+h+oZkbVrLZB1yKqVMZLPumDCSkejsaElwGemPLvZPMZNp yjAmdAB/PGe2Cx3tnbseutNy7drDL2w5v5Yp8YgKYiP9QjtHhacLFktsuFvcSkgo VqPvggNeiLX/jMK456WINQttf0Lir5UBcnS31Ekv44qjmpIWK5uBtlFHfI3+K02h G691olTJRYd7OLwKmmBqo0gAsltxVlKSANccpesU

From Niels Thykier@21:1/5 to All on Sun Sep 8 10:00:01 2024

Jonas Smedegaard:

[...]

DEP5 already encourages (but does not require) use of SPDX shortnames,
except where Debian and SPDX disagree on sensible naming.

See https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#spdx and the historical notes at https://wiki.debian.org/Proposals/CopyrightFormat#Differences_between_DEP5_and_SPDX

Do you have ideas on how to address the documented differences in naming choices?

- Jonas

Is it really that valuable for us to have a delta here compared to what upstream projects would use?

As I understand it, we are at worst talking `GPL-2.0-only` /
`GPL-2.0-or-later` (SPDX) vs `GPL-2` / `GPL-2+` (DEP-5). As much as I
might prefer the DEP-5 variant, I am struggling to see the advantage
outweigh the cost of divergence.

With my current knowledge, I would strongly be in favor of deprecating
the unique names for DEP-5 and encourage migration to fully compliant
SPDX names.

Best regards,
Niels

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Andrea Pappacoda@21:1/5 to All on Sun Sep 8 09:40:01 2024

--aa03d42ebe67dd3cc77520802a4bd6a02ef2df3de4f9143ae3b38364227e Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8; format=Flowed

Hi Aurélien,

On Sat Sep 7, 2024 at 10:56 PM CEST, Aurélien COUDERC wrote:

Our spec [2] already defines an equivalence rule between License-X and License-X.0 declarations for SPDX compatibility.
For what I’ve seen on the quite vast and diverse KDE source corpus
we’d only need 2 additional equivalence rules to be added to matches
what that upstream ships :
- equivalence between the + and -or-later suffixes (GPL-2+
/ GPL-2.0-or-later)

There's already an equivalence in the SPDX spec, as described in "Annex
D: SPDX license expressions"[1] (kind of. using the plus sign operator
"+" is SPDX's general way of saying "this version or later", while
"-or-later" is a special case only valid for GPL licenses, as described
in [2] and [3]).

This means that you can use "GPL-3.0+" in debian/copyright and have it
being valid both when interpreted as our format or as an SPDX
expression.

- equivalence between MIT and Expat.

This would be really helful. SPDX clearly defines all the MIT variants,
so, if we agree that we are using SDPX names, there's no ambiguity in
using "MIT".

[1]: https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/
[2]: https://spdx.dev/license-list-3-0-released/
[3]: https://www.gnu.org/licenses/identify-licenses-clearly.html

--aa03d42ebe67dd3cc77520802a4bd6a02ef2df3de4f9143ae3b38364227e
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIoEABYIADIWIQS6VuNIvZRFHt7JcAdKkgiiRVB3pwUCZt1UWhQcYW5kcmVhQHBh cHBhY29kYS5pdAAKCRBKkgiiRVB3p95PAQCDDuudDLjiVUG0e0FIu6unefoqUKsw kNUpKMxMjZVyLwEA2ZFJiINAUGIbJjHCXH2uslaxJI+SeuzxZsu6/2+CagUV3
-----END PGP SIGNATURE-----

--aa03d42ebe67dd3cc77520802a4bd6a02ef2df3de4f9143ae3b38364227e--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Simon McVittie@21:1/5 to Niels Thykier on Sun Sep 8 13:10:01 2024

On Sun, 08 Sep 2024 at 09:49:39 +0200, Niels Thykier wrote:

Is it really that valuable for us to have a delta here compared to what upstream projects would use?

IMO: no. If (some) upstream projects are now taking copyright/license
tracking in general (and machine-readable copyright/license specifically)
more seriously than many did previously, we should take the win, rather
than fighting it on the basis that we think our Debian-specific names
are better.

Perhaps our Debian-specific names *are* better, but the relevant question
is whether they are *sufficiently* better to outweigh the benefit of
sharing effort and specifications with the rest of the world (and I don't
think they are).

As I understand it, we are at worst talking `GPL-2.0-only` / `GPL-2.0-or-later` (SPDX) vs `GPL-2` / `GPL-2+` (DEP-5).

That, and MIT (SPDX) vs Expat (DEP-5) for one particularly popular member
of the MIT/X11 license family, as used in Expat and many other projects.

smcv

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From =?ISO-8859-1?Q?Aur=E9lien_COUDERC?=@21:1/5 to All on Sun Sep 8 12:50:01 2024

Le 8 septembre 2024 09:38:00 GMT+02:00, Andrea Pappacoda <[email protected]> a écrit :

Hi Aurélien,

On Sat Sep 7, 2024 at 10:56 PM CEST, Aurélien COUDERC wrote:

Our spec [2] already defines an equivalence rule between License-X and License-X.0 declarations for SPDX compatibility.
For what I’ve seen on the quite vast and diverse KDE source corpus we’d only need 2 additional equivalence rules to be added to matches what that upstream ships :
- equivalence between the + and -or-later suffixes (GPL-2+ / GPL-2.0-or-later)

There's already an equivalence in the SPDX spec, as described in "Annex D: SPDX license expressions"[1] (kind of. using the plus sign operator "+" is SPDX's general way of saying "this version or later", while "-or-later" is a special case only valid

for GPL licenses, as described in [2] and [3]).

This means that you can use "GPL-3.0+" in debian/copyright and have it being valid both when interpreted as our format or as an SPDX expression.

Thanks, interesting.

What I'd like to see is us updating *our* spec to have the equivalence the other way around and I can extract upstream provided SPDX licence identifiers while staying debian-machine-readable-copyright compliant.

--
Aurélien

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Fabio Fantoni@21:1/5 to =?UTF-8?Q?Aur=C3=A9lien_COUDERC?= on Sun Sep 8 13:20:01 2024

To: [email protected] (Andrea Pappacoda)
To: [email protected]

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------jGry4mcuxwqv3TXqP0SQSS2N
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SWwgMDgvMDkvMjAyNCAxMjoyNSwgQXVyw6lsaWVuIENPVURFUkMgaGEgc2NyaXR0bzoNCj4N Cj4gTGUgOCBzZXB0ZW1icmUgMjAyNCAwOTozODowMCBHTVQrMDI6MDAsIEFuZHJlYSBQYXBw YWNvZGEgPGFuZHJlYUBwYXBwYWNvZGEuaXQ+IGEgw6ljcml0wqA6DQo+PiBIaSBBdXLDqWxp ZW4sDQo+Pg0KPj4gT24gU2F0IFNlcCA3LCAyMDI0IGF0IDEwOjU2IFBNIENFU1QsIEF1csOp bGllbiBDT1VERVJDIHdyb3RlOg0KPj4+IE91ciBzcGVjIFsyXSBhbHJlYWR5IGRlZmluZXMg YW4gZXF1aXZhbGVuY2UgcnVsZSBiZXR3ZWVuIExpY2Vuc2UtWCBhbmQgTGljZW5zZS1YLjAg ZGVjbGFyYXRpb25zIGZvciBTUERYIGNvbXBhdGliaWxpdHkuDQo+Pj4gRm9yIHdoYXQgSeKA mXZlIHNlZW4gb24gdGhlIHF1aXRlIHZhc3QgYW5kIGRpdmVyc2UgS0RFIHNvdXJjZSBjb3Jw dXMgd2XigJlkIG9ubHkgbmVlZCAyIGFkZGl0aW9uYWwgZXF1aXZhbGVuY2UgcnVsZXMgdG8g YmUgYWRkZWQgdG8gbWF0Y2hlcyB3aGF0IHRoYXQgdXBzdHJlYW0gc2hpcHMgOg0KPj4+IC0g ZXF1aXZhbGVuY2UgYmV0d2VlbiB0aGUgKyBhbmQgLW9yLWxhdGVyIHN1ZmZpeGVzIChHUEwt MisgLyBHUEwtMi4wLW9yLWxhdGVyKQ0KPj4gVGhlcmUncyBhbHJlYWR5IGFuIGVxdWl2YWxl bmNlIGluIHRoZSBTUERYIHNwZWMsIGFzIGRlc2NyaWJlZCBpbiAiQW5uZXggRDogU1BEWCBs aWNlbnNlIGV4cHJlc3Npb25zIlsxXSAoa2luZCBvZi4gdXNpbmcgdGhlIHBsdXMgc2lnbiBv cGVyYXRvciAiKyIgaXMgU1BEWCdzIGdlbmVyYWwgd2F5IG9mIHNheWluZyAidGhpcyB2ZXJz aW9uIG9yIGxhdGVyIiwgd2hpbGUgIi1vci1sYXRlciIgaXMgYSBzcGVjaWFsIGNhc2Ugb25s eSB2YWxpZCBmb3IgR1BMIGxpY2Vuc2VzLCBhcyBkZXNjcmliZWQgaW4gWzJdIGFuZCBbM10p Lg0KPj4NCj4+IFRoaXMgbWVhbnMgdGhhdCB5b3UgY2FuIHVzZSAiR1BMLTMuMCsiIGluIGRl Ymlhbi9jb3B5cmlnaHQgYW5kIGhhdmUgaXQgYmVpbmcgdmFsaWQgYm90aCB3aGVuIGludGVy cHJldGVkIGFzIG91ciBmb3JtYXQgb3IgYXMgYW4gU1BEWCBleHByZXNzaW9uLg0KR1BMLTMu MCsgYW5kIEdQTC0zLjAgYXJlIGRlcHJlY2F0ZWQgaW4gc3BkeCBhbmQgZnJvbSB3aGF0IEkg c2F3IGEgdG9vbCANCnVzaW5nIHNwZHggY29uc2lkZXIgdGhlbSBub3QgdmFsaWQNCj4gVGhh bmtzLCBpbnRlcmVzdGluZy4NCj4NCj4gV2hhdCBJJ2QgbGlrZSB0byBzZWUgaXMgdXMgdXBk YXRpbmcgKm91ciogc3BlYyB0byBoYXZlIHRoZSBlcXVpdmFsZW5jZSB0aGUgb3RoZXIgd2F5 IGFyb3VuZCBhbmQgSSBjYW4gZXh0cmFjdCB1cHN0cmVhbSBwcm92aWRlZCBTUERYIGxpY2Vu Y2UgaWRlbnRpZmllcnMgd2hpbGUgc3RheWluZyBkZWJpYW4tbWFjaGluZS1yZWFkYWJsZS1j b3B5cmlnaHQgY29tcGxpYW50Lg0KDQpzcGR4IGxpY2Vuc2UgbGlzdCBpdCdzIGJpZyBhbmQg aXQga2VlcHMgZ3Jvd2luZywgSSB0aGluayB0aGlzIGNhbiBoZWxwIA0KaW4gc29tZSBjYXNl cyB3aGVyZSBzZWFyY2hpbmcgYW1vbmcgdGhlIERlYmlhbiBvbmVzIGl0IGlzIGRpZmZpY3Vs dCB0byBmaW5kDQoNCnRoZXJlIGFyZSBzb21lIGNhc2VzIHdoZXJlIGV2ZW4gdGhlIHNwZHgg bGlzdCBpcyBub3QgZW5vdWdoIGJ1dCBJIGZvdW5kIA0KYSBtYXRjaCBpbiBzY2FuY29kZS1s aWNlbnNlZGIuYWJvdXRjb2RlLm9yZyAobm93IHdpdGggMjE5NyBsaWNlbnNlcykNCg0Kc2Vl bXMgdGhhdCBzb21lb25lIHRyaWVkIHRvIGFkZCBzY2FuY29kZSBvciBpbnRlZ3JhdGUgaXRz IGRldGVjdGlvbiBpbiANCmRlY29weSAoaHR0cHM6Ly93aWtpLmRlYmlhbi5vcmcvSmVsbWVy VmVybm9vaWovc2NhbmNvZGUpIGFuZCB0aGF0IHdvdWxkIA0KYmUgZ3JlYXQgaWYgd2UgY291 bGQgc3VjY2VlZA0KDQo+DQo+DQo+IC0tDQo+IEF1csOpbGllbg0KPg0KDQo=

--------------jGry4mcuxwqv3TXqP0SQSS2N--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmbdh+IFAwAAAAAACgkQaAZorpB/EB1A JQ/+L+EJ4sp33WpgFx+/TJyxAKgffGuGn0oXw5+IKpP/Tn5XxUUTUOtu0xGzTwUrGKRIPgZYh1k8 p0mHVIu7uV6rGaWoeJ9cVbx8+mX220rMIovd4RbN/5BySgOatpTtAZqrdhxZS+TcJ6Zfy6qyDANL PqDcvE9zwPUF8TS2GwTbWA7qNlBPFrRkEbn9S4c+z2e2TCUR6jVbyo2GK7aSHlaQiQXbNvZHi3A0 /NKY4Fygk74qg5/BHT6PQT0TYIzfOO78SPTblzc6P+qvSvotxWsQu9c9eShfsQvPN183bPpfg2v3 rXXJBHn6enDakKM8Bwk2VPgAFroGKD+FIlm46g1WIsxjFmPIP8lyI8muQDj2Lpyi8jW4Ir6avK3R ujlvft85fT44KOG1ROrjJVHgkxnwnmlLz1/biPg1E0DN5gUtxuOFsvOPGPIxC8WDUX7ZgV8Qg21L CsHJAvc+bsVwXHAtDxz20P1c73mO91om8iVXLQUFYFnm+3LHYSj8AGWlLXyGMXXdH6+uiEfMQgeB GPh2jobYkDcc9IHcCPQbXOg8CchD6GM6BspvhEWhuNIWtCjIs7MxNtxRoR79qlwPIDR28LcA5jE3 nn2itEmkFBHC7m5EQC021drcuxqyWpFNYCH9XnFyS0ifoOBFWowhGg4Ile4N1w45Y7ufkXUinS3y jYk=
=CG7p
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Fabio Fantoni@21:1/5 to Jonas Smedegaard on Sun Sep 8 19:30:01 2024

To: [email protected]

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------fJAV4gm0PiNm6Net8oEvzeJq
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SWwgMDgvMDkvMjAyNCAwNzozOCwgSm9uYXMgU21lZGVnYWFyZCBoYSBzY3JpdHRvOg0KPiBb Q0MnaW5nIEZhYmlvIGFzIHRoZXkgc2VlbWluZ2x5IG1pc3NlZCBteSBlYXJsaWVyIGxpc3Qt b25seSByZXBseV0NCj4NCj4gUXVvdGluZyBGYWJpbyBGYW50b25pICgyMDI0LTA5LTA3IDIz OjU3OjM1KQ0KPj4gSWwgMDcvMDkvMjAyNCAyMjo1NiwgQXVyw6lsaWVuIENPVURFUkMgaGEg c2NyaXR0bzoNCj4+PiBMZSBzYW1lZGkgNyBzZXB0ZW1icmUgMjAyNCwgMjE6NDM6MzUgQ0VT VCBGYWJpbyBGYW50b25pIGEgw6ljcml0IDoNCj4+Pj4gU28gSSB3b25kZXIsIGlzIGl0IHBv c3NpYmxlIHRvIHB1dCBpbiBkL2NvcHlyaWdodCBERVA1IHRoZSBzaG9ydCBsaWNlbnNlDQo+ Pj4+IG5hbWVzIHVzaW5nIHRoZSBzcGR4IG9uZXM/DQo+Pj4gd2XigJl2ZSBiZWVuIGRvaW5n IHRoYXQgZm9yIEtERSBwYWNrYWdlcyBzaW5jZSB1cHN0cmVhbSBzdGFydGVkIHRhZ2dpbmcg YWxsIHNvdXJjZSBmaWxlcyB3aXRoIFNQRFgtTGljZW5zZSAvIFNQRFgtQ29weXJpZ2h0IGhl YWRlcnMgYW5kIHNvIHVzaW5nIFNQRFggbGljZW5zZSBpZGVudGlmaWVycyBzb21lIHllYXJz IGFnby4gU2VlIFsxXSBmb3IgZXhhbXBsZS4NCj4+Pg0KPj4+IFdoaWxlIG5vdCBzdHJpY3Rs eSBhZGhlcmluZyB0byBERVAtNSBJIGNvbnNpZGVyIGl0IHVzZWZ1bCB0byBoYXZlIGEgbWFj aGluZS1yZWFkYWJsZS13aXRoLVNQRFgtaWRlbnRpZmllcnMgYW5kIEnigJltIG5vdCBzdXJl IGhvdyB1c2VmdWwgaXQgaXMgdG8gdHJ5IGFuZCB0cmFuc2xhdGUgdXBzdHJlYW0tcHJvdmlk ZWQgU1BEWCBpZGVudGlmaWVycyBpbnRvIHNvbWV0aGluZyBlbHNlLg0KPj4+DQo+Pj4gT3Vy IHNwZWMgWzJdIGFscmVhZHkgZGVmaW5lcyBhbiBlcXVpdmFsZW5jZSBydWxlIGJldHdlZW4g TGljZW5zZS1YIGFuZCBMaWNlbnNlLVguMCBkZWNsYXJhdGlvbnMgZm9yIFNQRFggY29tcGF0 aWJpbGl0eS4NCj4+PiBGb3Igd2hhdCBJ4oCZdmUgc2VlbiBvbiB0aGUgcXVpdGUgdmFzdCBh bmQgZGl2ZXJzZSBLREUgc291cmNlIGNvcnB1cyB3ZeKAmWQgb25seSBuZWVkIDIgYWRkaXRp b25hbCBlcXVpdmFsZW5jZSBydWxlcyB0byBiZSBhZGRlZCB0byBtYXRjaGVzIHdoYXQgdGhh dCB1cHN0cmVhbSBzaGlwcyA6DQo+Pj4gLSBlcXVpdmFsZW5jZSBiZXR3ZWVuIHRoZSArIGFu ZCAtb3ItbGF0ZXIgc3VmZml4ZXMgKEdQTC0yKyAvIEdQTC0yLjAtb3ItbGF0ZXIpDQo+Pj4g LSBlcXVpdmFsZW5jZSBiZXR3ZWVuIE1JVCBhbmQgRXhwYXQuDQo+Pj4NCj4+Pg0KPj4+IFsx XSBodHRwczovL3NhbHNhLmRlYmlhbi5vcmcvcXQta2RlLXRlYW0va2RlL3BsYXNtYS13b3Jr c3BhY2UvLS9ibG9iL2RlYmlhbi9leHBlcmltZW50YWwvZGViaWFuL2NvcHlyaWdodA0KPj4+ IFsyXSBodHRwczovL3d3dy5kZWJpYW4ub3JnL2RvYy9wYWNrYWdpbmctbWFudWFscy9jb3B5 cmlnaHQtZm9ybWF0LzEuMC8jbGljZW5zZS1zaG9ydC1uYW1lDQo+PiBUaGFua3MgZm9yIHRo ZSBpbmZvcm1hdGlvbiwgYWJvdXQgdG9vbHMgdGhhdCBoZWxwIHRvIGNyZWF0ZSBhbmQgY2hl Y2sNCj4+IGQvY29weXJpZ2h0IGFyZSB5b3UgZXhwZXJpZW5jaW5nIHByb2JsZW1zPw0KPiBZ b3UgbWlnaHQgYWxyZWFkeSBiZSBhd2FyZSwgYnV0IChhbHNvIGZvciBvdGhlcnMgZm9sbG93 aW5nIGFsb25nKSBhbg0KPiBvdmVydmlldyBvZiB0b29scyBpcyBtYWludGFpbmVkIGhlcmU6 DQo+IGh0dHBzOi8vd2lraS5kZWJpYW4ub3JnL0NvcHlyaWdodFJldmlld1Rvb2xzDQo+DQo+ DQo+PiBJIHVzZSBhIGxvdCBkZWNvcHlhbmQgSSBmb3VuZCB0aGF0IHRoZXJlIGlzIHRoaXMg TVIgb2YgMSB5ZWFyIGFnbyBub3QNCj4+IG1lcmdlZDogaHR0cHM6Ly9zYWxzYS5kZWJpYW4u b3JnL2RlYmlhbi9kZWNvcHkvLS9tZXJnZV9yZXF1ZXN0cy80DQo+Pg0KPj4gaXQgd291bGQg YmUgdXNlZnVsIGV2ZW4gaWYgaXQgZGlkbid0IGhhdmUgc3BkeCBnZW5lcmF0aW9uIGJ5IGRl ZmF1bHQgYnV0DQo+PiBhdCBsZWFzdCBhcyBhbiBvcHRpb24sIEkgd2FzIHdvbmRlcmluZyBp ZiB0aGVyZSB3YXMgc29tZXRoaW5nIHByZXZlbnRpbmcNCj4+IHRoZSB1c2Ugb2YgdGhlIHNw ZHggbmFtZSBidXQgZnJvbSB0aGUgY3VycmVudCByZXNwb25zZXMgaXQgZG9lcyBub3QgYXBw ZWFyLg0KPiBMaWNlbnNlY2hlY2sgY2FuIHVzZSBzdHJpY3RseSBTUERYIHNob3J0bmFtZXMg bGlrZSB0aGlzOg0KPg0KPiBsaWNlbnNlY2hlY2sgLS1zaG9ydG5hbWUtc2NoZW1lIHNwZHgg LS1jaGVjayAnLionIC0tcmVjdXJzaXZlIC0tZGViLW1hY2hpbmUgLS1saW5lcyAwIC0tICoN Cj4NCj4gLi4ub3IgbW9yZSByZWxheGVkIHVzZSBmYWxsYmFja3MgZm9yIHBhdHRlcm5zIHdp dGhvdXQgU1BEWCBzaG9ydG5hbWU6DQo+DQo+IGxpY2Vuc2VjaGVjayAtLXNob3J0bmFtZS1z Y2hlbWUgc3BkeCxkZWJpYW4saW50ZXJuYWwgLS1jaGVjayAnLionIC0tcmVjdXJzaXZlIC0t ZGViLW1hY2hpbmUgLS1saW5lcyAwIC0tICoNCj4NCj4gSWYgeW91IHdhbnQgYW5vdGhlciBv dXRwdXQgdGhhbiB0aGUgREVQNSBmaWxlIGZvcm1hdCBpbXBsaWVkIGJ5IHRoZQ0KPiBvcHRp b24gLS1kZWItbWFjaGluZSAoZS5nLiBvbmUgdGhhdCBpbmNsdWRlcyBoYXNoZXMgZm9yIGVh Y2ggZmlsZSwgbmV2ZXINCj4gc2hvcnRlbmluZyBmaWxlIGxpc3RzIHdpdGggd2lsZGNhcmRz KSB0aGVuIHBsZWFzZSBmaWxlIGEgYnVncmVwb3J0DQo+IGFnYWluc3QgbGljZW5zZWNoZWNr IGFuZCBsZXQncyBkaXNjdXNzIHRoYXQgaW4gZGV0YWlsIHRoZXJlOg0KPiBodHRwczovL3d3 dy5kZWJpYW4ub3JnL0J1Z3MvUmVwb3J0aW5nDQo+DQo+PiBvbmUgbW9yZSBxdWVzdGlvbiwg aXMgdGhlcmUgYW55IHRvb2wvc2NyaXB0IHRvIGNvbnZlcnQgY3VycmVudA0KPj4gZC9jb3B5 cmlnaHQgdG8gc3BkeCBuYW1lcz8NCj4gU2VlIHRvIHRvb2xzIGF0IGh0dHBzOi8vd2lraS5k ZWJpYW4ub3JnL0NvcHlyaWdodFJldmlld1Rvb2xzIGFuZCBwbGVhc2UNCj4gdXBkYXRlIHRo YXQgbGlzdCBpZiB5b3UgZmluZCBhZGRpdGlvbmFsIHRvb2xzIGhlbHBmdWwuDQo+DQo+DQo+ IFRoYW5rcyBmb3IgaW50ZXJlc3QgaW4gY29weXJpZ2h0IGFuZCBsaWNlbnNpbmcgdHJhY2tp bmcsDQo+DQo+ICAgLSBKb25hcw0KPg0KVGhhbmtzIGZvciB5b3VyIHJlcGx5IGFuZCBpbmZv cm1hdGlvbiwgSSBhbHJlYWR5IHNhdyB0aGF0IHdpa2kgcGFnZS4NCg0KT3ZlcmFsbCB0aGUg dG9vbCBJIHVzZWQgdGhlIG1vc3QgYXMgYSBiYXNlIGZyb20gd2hpY2ggdG8gc3RhcnQgY3Jl YXRpbmcgDQpvciB1cGRhdGluZyBkL2NvcHlyaWdodCBpcyBkZWNvcHksIHRoZW4gbWFudWFs IGNoYW5nZXMgYXJlIGFsd2F5cyByZXF1aXJlZC4NCg0KSW5pdGlhbGx5IGlmIEkgcmVtZW1i ZXIgY29ycmVjdGx5IEkgZGlkbid0IHVzZSBhbnkgdG9vbHMgYnV0IEkgbWFkZSByYXJlIA0K bWFudWFsIGNoYW5nZXMgdG8gdGhlIGQvY29weXJpZ2h0LCBsYXRlciBJIHVzZWQgZGVjb3B5 IHN1Z2dlc3RlZCBieSBNYXh5IA0KYW5kIE1hcmdhIHdobyB0YXVnaHQgbWUgYSBsb3QgYWJv dXQgcGFja2FnaW5nIGluIHRoZSBlYXJseSB5ZWFycy4NCg0KQSBmZXcgeWVhcnMgYWdvICh0 byB0cnkgdG8gcmVkdWNlIHRoZSB0aW1lcykgSSBoYWQgdHJpZWQgc2V2ZXJhbCBvdGhlciAN CnRvb2xzLCBJIGRvbid0IHJlbWVtYmVyIGV4YWN0bHkgYWxsIHdoaWNoIG9uZXMsIGJ1dCBt YWlubHkgbG9va2luZyBhdCANCnRoZSBsaXN0IGZyb20gdGhlIHdpa2kgcGFnZSwgSSBkaWRu J3QgZmluZCBhbnl0aGluZyBiZXR0ZXIgYW5kIHRoZSBvbmx5IA0KZGVjZW50IG9uZSB0aGF0 IGNvdWxkIGJlIHVzZWZ1bCBpbiBzb21lIGNhc2VzIHdhcyBsaWNlbnNlY2hlY2suDQoNClJl Y2VudGx5IEkgcmV0cmllZCB0byBsb29rIGFib3V0IHRoZSB0b29sIGFuZCBJIGZvdW5kIGxy YyAobGljZW5zZXJlY29uKSANCnRoYXQgc2VlbXMgdXNlZnVsIGluIGlkZW50aWZ5aW5nIHNv bWUgbWlzc2luZyBvciBpbmNvcnJlY3QgZW50cmllcy4NCg0KDQpJIGRpZCBzb21lIHRlc3Rz IHVzaW5nIHNwZHggc2hvcnQgbmFtZSwgYnV0IHNlZW1zIHRoYXQgY3VycmVudGx5IHRoZSAN CnRvb2xzIGFyZSBub3QgZ29vZCBlbm91Z2ggdG8gYmUgYWJsZSB0byBtYW5hZ2UgdGhlbSB3 ZWxsIChpbiB0b3RhbCkgYW5kIA0KaXQgd291bGQgdGFrZSBtb3JlIHRpbWUgdGhhbiB0aGUg ZGViaWFuIG5hbWVzLg0KDQpJZiB0aGV5IHdlcmUgd2VsbCBzdXBwb3J0ZWQgaW5zdGVhZCBp dCBjb3VsZCBzYXZlIHNvbWUgdGltZSBpbiBzb21lIA0KY2FzZXMgdG8gaWRlbnRpZnkgdGhl IGxpY2Vuc2VzIGFuZCBJIHN1cHBvc2UgaXQgd291bGQgYmUgZWFzaWVyIGFuZCANCmZhc3Rl ciBhbHNvIGZvciBuZXcgbWFpbnRhaW5lcnMgd2hvIGFscmVhZHkga25vdy91c2UgdGhlIHNw ZHggbmFtZXMsIA0KcmF0aGVyIHRoYW4gbGVhcm5pbmcgdGhlIGRlYmlhbiBvbmVzIGFuZCB0 aGUgdmFyaW91cyBkaWZmZXJlbmNlcy4NCg0KbGljZW5zZWNoZWNrIGV2ZW4gaWYgd2l0aCAi LS1zaG9ydG5hbWUtc2NoZW1lIHNwZHgsZGViaWFuIiBzZWVtcyBzaG93IA0Kc29tZSBkZWJp YW4gbmFtZSB3aGVyZSBjYW4gc2hvdyBzcGR4IGluc3RlYWQsIHdpdGggb25seSBzcGR4IGlz IHByb2JhYmx5IA0KZ29vZCBidXQgaSBoYXZlbid0IHRlc3RlZCBpdCBlbm91Z2gNCg0KbGlj ZW5zZXJlY29uIGRvbid0IHN1cHBvcnQgc3BkeCBuYW1lIHNvIHNob3cgZW50cmllcyB3aXRo IGNvcnJlY3QgDQpsaWNlbnNlIGJ1dCBzcGR4IG5hbWUgYXMgZGlmZmVyZW5jZQ0KDQpkZWNv cHkgZG9uJ3Qgc3VwcG9ydCBzcGR4IG5hbWUgaW4gREVQNSBvdXRwdXQgcHJvZHVjZWQgYnV0 IHRoZXJlIGlzIGEgTVIgDQpvZiAxIHllYXIgYWdvDQoNCkknbGwgc2VlIGlmIEF1csOpbGll biBDT1VERVJDIG9yIHNvbWVvbmUgZWxzZSBmcm9tIHRoZSBLREUgdGVhbSB3aG8gdXNlcyAN CnNwZHggbmFtZXMgd2lsbCBhbnN3ZXIgbWUgdG8ga25vdyB3aGF0IHRvb2xzIHRoZXkgdXNl DQoNCg0KSSB0cmllZCBhbHNvIHNjYW5jb2RlLXRvb2xraXQgYWZ0ZXIgc2F3IHRoYXQgaXQg aGF2ZSBhIHZlcnkgYmlnIGxpY2Vuc2UgDQpsaXN0IChtb3JlIHRoYXQgc3BkeCksIHN1cHBv cnQgdG8gZ2VuZXJhdGUgREVQNSBvdXRwdXQgYnV0IGlzIGJhZCwgSSANCnRoaW5rIGNhbiBi ZSB1c2VmdWwgb25seSBmb3IgaGVscCBkZXRlY3QgbGljZW5zZSBvZiBzcGVjaWZpYyBmaWxl cw0KDQoNCmFzIEkgc2F3IHlvdSBhcyBsaWNlbnNlY2hlY2sgbWFpbnRhaW5lciBoZXJlIHNv bWUgc3VnZ2VzdGlvbnMgb24gaXQ6DQoNCmFkZCB0byBkZWZhdWx0IGlnbm9yZSBkZWJpYW4v Y29weXJpZ2h0IGFuZCBkZWJpYW4vY2hhbmdlbG9nIChwcm9iYWJseSANCmFsc28gb3RoZXIp DQoNCm1ha2UgcG9zc2libGUgc3RhcnQgZnJvbSBkL2NvcHlyaWdodCBpZiBwcmVzZW50bGlr ZSB3aGF0IGRvIGRlY29weSwgaXQgDQpjYW4gYmUgdXNlZnVsIGlmIHlvdSB3YW50IHRvIGNv bXBhcmUgdGhlIGRpZmZlcmVuY2VzIG9mIHRoZSBnZW5lcmF0ZWQgDQpvdXRwdXQgKGFuZCBk L2NvcHlyaWdodCkgaGF2aW5nIG11Y2ggbGVzcyBhbmQgdGhlIG1vc3QgdXNlZnVsIG9uZXMN Cg0KaW1wcm92ZSBleGFtcGxlcyBvZiB1c2FnZSBpbiB0aGUgd2lraSBwYWdlLCBmb3IgZXhh bXBsZSB0aGUgc3BkeCBjYXNlLiBJIA0Kbm90IHN1cmUgYWJvdXQgLS1tZXJnZS1saWNlbnNl IGFzIGRlZmF1bHQgYnV0IHNlZW1zIHVzZWQgYnkgYWxsIA0KZC9jb3B5cmlnaHQgb2YgcGFj a2FnZXMgSSBzYXcNCg0KYW5vdGhlciBzbWFsbCB0aGluZyB0aGF0IGNvdWxkIGhlbHAgcmVk dWNlIHRoZSB0aW1lIG9mIG1hbmFnZSANCmQvY29weXJpZ2h0IGlzIGlmIGxpY2Vuc2VjaGVj ayBoYWQgdGhlIHBvc3NpYmlsaXR5IHRvIG9wdGlvbmFsbHkgYWRkIHRoZSANCmNvbXBsZXRl IG91dHB1dCBvZiB0aGUgbGljZW5zZXMsIGF0IGxlYXN0IHRoZSBtb3N0IHVzZWQgb25lcyBh bmQgd2l0aCANCmZpeGVkIG91dHB1dCwgSSBkb24ndCB0aGluayBJIHNhdyBpdA0KDQoNCg==

--------------fJAV4gm0PiNm6Net8oEvzeJq--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmbd3u8FAwAAAAAACgkQaAZorpB/EB1n YQ/+KmWcIFJKmf3Pq4eIv6WPwoGIWJXOq6JjgYFATaYhUmVoFFHIpNoRvsr7eyrVd+/lA7CvBEuL ZUPbn+jYdThPIuNclVqoHHAkevIbcQP6UrEnoLPIfIJuu7Pgk6og9o+Hy1q8cUvy1wRkYu73LrVN iTP2mBklBA4bYe/A0aXHwAh4kfXkCSGPAboXJqo85a3OIZJDSIs1dIrVjgZm4C4/f8r1STTjxe2C oTwgCMUi6CwW0gzuzcYGWAFBCWKmaPRR7+GWV3N7Sk+61k8ebmE6Br2zB3U68UiMItXDsCuOG6ks jKd4nu+bDKAR1kRDImdHdPrlBMxacVoeO9NkUErZ+DWZFnMtK/+D48tYZeH2PRYEgxbpfqnc832J RVLsK2gH+/osgRN8p7/riCI2WeePKhj9y1E9DY6NEnwo6On/SnkaBz06oPlFn0yTd8l+aDq4r5Fw q/6h8G/Tk+OOOYEFg1ZqiX8xi9xaAJ5KFb4M1YU6n2MWEPE2kJ+qzJTsUGwpgXIweUs77r2K8Mic Yll22pyo3daRTlKDdLKK/RWHfISGTTSvhFUVKWPdIRicPxduHIJrVNze8DoN3IGhG4yo1L4h7srF UFwsE8oJiUdR8YIa52w6uy++9/9rIysDn69UHQblbc5Id0Zi1yM1TmL0zWZNZc7fPQjSueKCKRyK Tak=
=r5bZ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Jonas Smedegaard@21:1/5 to All on Sun Sep 8 22:30:02 2024

Quoting Fabio Fantoni (2024-09-08 19:29:18)

licensecheck even if with "--shortname-scheme spdx,debian" seems show
some debian name where can show spdx instead, with only spdx is probably
good but i haven't tested it enough

Interesting. Please file bugreports, one issue in detail in each
bugreport (summarizing multiple ideas/issues is difficult to handle).

Similar for the issues you've discovered with other tools.

Thanks,

- Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones

[x] quote me freely [ ] ask before reusing [ ] keep private --==============�34551881746555656=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmbeB0wACgkQLHwxRsGg ASF7TBAApxPTyL6453ntbHc9JLZzKHE6Np01aUqQmoI6eZ/XGBIvU+S1+6SN0mer slOa4uCZ4/ml/KUJwhaOv5gnhw3ARV9LzxhCATXKc+4CGH52K6O1ScibGCTByUpY SOh+6SSXsUtYCAItiswO0jCCKe+440Rhc8OYjD7zd46fK0QRRltyD6wsuyW8qS8K p1F50+ovmGCZyRyPZ2c0yWwZB0m9QdfTD6jzjoaAVv1sZW9t9lwGAloq7yCdrRiN Uhowbvm3pE4oroREelzrihHscgYGlKSqQZLny+RVX5qo54JVRKiKHBwspMgSDK8d UrlyW8p0VsONZhHBOdXpRR+z9iofWpHa6ApHNkZVTPHW8Yym3OessWXn9JCQZRdg 50qnkOUVImCtYziOFhShft64pTJGca0TXyjGWBusENCWpPyBScIJfoTQ3BWrLQlH pZtGAiMI7IguPYWdZeSS/2UtB3j1QtnFO0oUoh8/

From Charles Plessy@21:1/5 to All on Mon Sep 9 06:20:01 2024

Hello everybody,

On Sun, 08 Sep 2024 at 09:49:39 +0200, Niels Thykier wrote:

Is it really that valuable for us to have a delta here compared to what upstream projects would use?

If I remember well, one of the reason for the divergence was that we
really wanted a system describing license exceptions, so that we do not
need to quote near-identical versions of the GPL two or three times in
the same copyright files. Fortunately, SPDX has adopted such a system
in the meantime.

With the current version of the machine-readable debian/copyright file,
we can already use SPDX identifiers as long as they do not clash with
the Debian ones, and I am not aware of such a case.

But I see the value of deprecating the Debian ones and align on SPDX.
For this to happen I think that we need 1) proof of consensus and 2)
host the update somewhere. Using the debian-policy pakcage like for
version 1.0 would acheive both. Using the DEP process might help (or
not) for 1).

Le Sun, Sep 08, 2024 at 12:07:16PM +0100, Simon McVittie a �crit :

That, and MIT (SPDX) vs Expat (DEP-5) for one particularly popular member
of the MIT/X11 license family, as used in Expat and many other projects.

About saying MIT instead of Expat, I fully [1] agree [2].

1: https://lists.debian.org/debian-project/2010/08/msg00109.html
2: https://lists.debian.org/debian-project/2011/12/msg00034.html

Have a nice day,

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from home https://framapiaf.org/@charles_plessy
- You do not have my permission to use this email to train an AI -

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	157:01:20
Calls:	12,093
Calls today:	1
Files:	15,000
Messages:	6,517,746

DEP5 and spdx shortname of license

Who's Online

Recent Visitors

System Info