Mismatches between OSI and SPDX
In my organisation, we define all licenses approved by OSI as valid Open Source licenses. However, we also increasingly rely on SPDX and therefore also its license list.
Recently, we found several mismatches between OSI’s list of approved licenses  and the licenses marked as OSI-approved in SPDX’s list .
Certainly, some of these issues are on OSI’s side (e.g., misleading links or wrong SPDX identifiers). But most mismatches are from licenses on SPDX’s list that cannot be found on the OSI website.
I documented my findings for all issues in this gist:
Now, I am sure I’m not the first who notices this. Is this a known problem?
Is the OSI website incomplete and/or SPDX list incorrect? What can we do to better align both sources?
Thanks for any insights.
Open Source Strategy & Governance
Enterprise-Team Chief Technology Office (CTO), T.IP E-T-378
DB Systel GmbH
Jürgen-Ponto-Platz 1, 60329 Frankfurt/M
Nähere Informationen zur Datenverarbeitung im DB-Konzern finden Sie hier: https://www.deutschebahn.com/de/konzern/datenschutz