Move to SPDX codes for our licenses
balupton opened this issue · 8 comments
So SPDX has emerged as the standard for license codes and formats — http://spdx.org/licenses/ — perhaps it would make sense for us to move to it over our current ad-hoc methodology now.
This would eliminate our current categorisation of the licenses (e.g. all GPL licenses together), but that may not actually be that useful in practicality over having the specific licenses actually listed.
Dual licenses could still be listed as the SPDX format supports that: https://github.com/kemitchell/spdx.js#composite-license-expressions
What's everyone's thoughts? /cc @bevry/ssg-listing-team
I think this is a good idea, it's a bit of a drawback having to add a license to our known licenses list and dual licensing is needed by some projects.
We should check out the new API for licenses we could use this to automatically add license info to the list based on the license file within the GitHub repo.
Sounds good to me.
Great, let's proceed with this.
We should check out the new API for licenses we could use this to automatically add license info to the list based on the license file within the GitHub repo.
This sound like a great first step, as it could save us a lot of trouble in determining exact licenses.
Questions remaining:
- For the sake of compatibility in case anything is using the file and depending on the "license" field, perhaps we should keep the "license" field as is, but introduce a new "spdx" field for the updated format, and leave a deprecated notice for the "license" field, and completely remove it in February or something.
- When should we do this? Perhaps we can setup a hack day for this over the holidays? Do a Google+ Hangout on Air or something. Anywhere Jan 3rd, 9th, or in-between, would work best for me.
Things to be tackled:
- Update the verify script to verify the
sdpxfield or whatever is a valid SPDX entry - Update the enhancement script (I'll call dibs on this) and utilise the GitHub license API for missing licenses
- Update the license fields for the listings to go from the current values to the correct SPDX values, also noting dual licenses
The conversion can essentially go two ways:
- Thorough: We go through each item and check for dual licenses, and other license combinations, and what specific subset of the current value we have is being used, and update accordingly (e.g. GPL would be changed to LGPL if that was the actual case)
- Simple: We update our current values to the SPDX equivalents, not caring about correctness (e.g. LGPL values would be ignored)
I'm happy with the second, and we leave it up to the responsibility of the project authors to verify their licenses are the more specific varieties or combinations.
Having a mailing list would have been helpful here, as we could just have emailed everyone that we are doing this change.
Let's do the second and leave the onus on the SSG authors and community to keep them updated.
I'll update the test script to be node.js based and use https://www.npmjs.com/package/spdx for verification, as doesn't seem to be any ruby based solutions for complete SPDX validation. https://chainyjs.bevry.me would be ideal for this.
Doing this now.
All done.