In my organisation, we
define all licenses approved by OSI as valid Open Source
licenses. However, we also increasingly rely on SPDX and
therefore also its license list.
Recently, we found
several mismatches between OSI’s list of approved licenses
 and the licenses marked as OSI-approved in SPDX’s list
Certainly, some of these
issues are on OSI’s side (e.g., misleading links or wrong
SPDX identifiers). But most mismatches are from licenses on
SPDX’s list that cannot be found on the OSI website.
I documented my findings
for all issues in this gist:
Now, I am sure I’m not
the first who notices this. Is this a known problem?
Is the OSI website
incomplete and/or SPDX list incorrect? What can we do to
better align both sources?
Thanks for any insights.
Open Source Strategy & Governance
Enterprise-Team Chief Technology Office (CTO),
1, 60329 Frankfurt/M