Consider using SPDX identifiers of "BSD-2-Clause"

Question

Consider using SPDX identifiers of "BSD-2-Clause"

garybuhrmaster opened this issue 2 years ago · 1 comments

The open source community has (mostly) standardized on using the SPDX identifiers for software licensing specifications. From my quick review (and Yubico would likely need corporate legal to review and approve) "BSD-2-Clause" is the appropriate SPDX license, and it would be good if this project formally states that "SPDX: BSD-2-Clause" is the license and the documentation and sources are appropriately annotated. Thanks for the consideration.

Answer 1 · 2022-08-02T10:15:21.000Z

Makes sense. I have added a SPDX-License-Identifier tag to every file to which Yubico owns (or shares) the copyright, as well as files with a clear BSD 2-Clause license (i.e., those pointing to the in-tree LICENSE file). While we could tentatively tag the remaining files (most of openbsd-compat/ and src/webauthn.h) based on their licenses, these are all obtained upstream and, as such, would probably be best tagged there. I hope that's good enough; if it isn't, please let me know. Thank you.