Re: SPDX License List coverage for a full distro

Steve Winslow

Hi Jilayne,

My gut reaction (not knowing specifics about the number of licenses in question) is, yes, ideally the scope of licenses on the license list would be sufficient to cover at least any FOSS-licensed components in a FOSS distro.

In the typical case, if a license satisfies the Open Source Definition and/or Free Software Definition, and is in actual use in a distro like Fedora / Debian / FreeBSD, then my expectation is that it is likely to satisfy the criteria for the license inclusion principles [1].

To the question of "how would SPDX handle that," there's really two steps: (1) approval to add a new license, and (2) actually creating the XML and test text files for the license.

For step 1, the approval process is described at [2] and my hope is that in the typical case for licenses as described above, that this can be a quick check and confirmation.

For step 2, I think that will depend on the people who desire to see a significant number of these licenses added, being willing to participate in creating and submitting the XML and test files.  :)  We've had some great participation from newer participants on the SPDX Legal Team, but I'm not anticipating that the Legal Team participants will be in a position to add hundreds of new licenses (if that's the scale involved) without broader community involvement.


On Mon, Aug 16, 2021 at 1:10 PM J Lovejoy <opensource@...> wrote:
Hi all,

I wanted to raise a question I've been thinking of in light for Fedora and other open source OS distros looking to adopt use of SPDX license identifiers in various ways.

One concern that has been raised in the context of Fedora is: what if there are a bunch of permissive license variants not in the SPDX License List that would need to be added? How will SPDX handle that? My gut response is that SPDX would have to answer that question when it arises and it may depend on how many new entries we are talking about (an unknown at this point).

But this raises a broader more philosophical question:
Should the SPDX License List have enough coverage of licenses that a free/open operating system (eg Fedora, Debian, FreeBSD, etc) could rely on their use (with maybe the exception of non-free, firmware)?

What do you all think?


Steve Winslow
VP, Compliance and Legal
The Linux Foundation

Join to automatically receive all group messages.