1. posterid:1160316
  2. Mismatches between OSI and SPDX

Re: Mismatches between OSI and SPDX

J Lovejoy
 

Max,

All of what you have done here was already done years ago (~2011, mostly by me, working with various OSI members at that time) in terms of "matching" up the OSI list and is documented on the SPDX-legal mailing lists archives. I wish you had asked first before expending this effort!

I will respond in length in detail to your list and larger questions later or Monday :)

Thanks,
Jilayne
SPDX-legal co-lead
On 12/9/22 2:19 AM, Max Mehl wrote:

Dear all,

 

In my organisation, we define all licenses approved by OSI as valid Open Source licenses. However, we also increasingly rely on SPDX and therefore also its license list.

 

Recently, we found several mismatches between OSI’s list of approved licenses [1] and the licenses marked as OSI-approved in SPDX’s list [2].

Certainly, some of these issues are on OSI’s side (e.g., misleading links or wrong SPDX identifiers). But most mismatches are from licenses on SPDX’s list that cannot be found on the OSI website.

 

I documented my findings for all issues in this gist:

https://gist.github.com/mxmehl/1e7a3aed4ff14a8ddfd4aff8ab4de552

 

Now, I am sure I’m not the first who notices this. Is this a known problem?

Is the OSI website incomplete and/or SPDX list incorrect? What can we do to better align both sources?

 

Thanks for any insights.

 

Best,

Max

 

 

[1]: https://opensource.org/licenses/alphabetical

[2]: https://github.com/spdx/license-list-data/blob/v3.19/json/licenses.json

 

--

Max Mehl

Open Source Strategy & Governance

Enterprise-Team Chief Technology Office (CTO), T.IP E-T-378

 

DB Systel GmbH

Jürgen-Ponto-Platz 1, 60329 Frankfurt/M

 



Pflichtangaben anzeigen

Nähere Informationen zur Datenverarbeitung im DB-Konzern finden Sie hier: https://www.deutschebahn.com/de/konzern/datenschutz

Join {Spdx-legal@lists.spdx.org to automatically receive all group messages.