Hi all,

I’m currently battling figuring out how to integrate SPDX through
REUSE.software and am at a stage of severe head-scratching¹. I am CC’ing Jonas
(FSFE, REUSE), in case he is not actively following this list.

While I am referring to REUSE.software² here, the situation is near identical
in the Linux kernel licensing rules³.

REUSE.software refers to the following tags:

• ‘Valid-License-Identifier’ to tag the actual *text of* a license (and
‘License-Text’ to include a copy of its text)
• ‘SPDX-Exception-Identifier’ to tag the actual *text of* an exception (and
‘Exception-Text’ to include a copy of its text)

Now, I searched the SPDX Specifications 2.1⁴ and I could not find either.

What I did find is the ‘SPDX-License-Identifier’, which we all know and love
and is used to tag the governing license of a work/file/part. This tag can
also include an ‘exception-id’ of course in the form of “‘license-id’ WITH
‘exception-id’”.

The issue I have with this is the inconsistency and therefore potential
confusion. Namely: On face value ‘SPDX-Exception-Identifier’ and ’SPDX-
License-Identifier’ seem to be part of one spec and ‘Valid-License-Identifier’
of another; but the truth is that the first and the last are of one origin,
and the middle is in fact the one with a different origin.

It seems as if initially the SPDX tags ’SPDX-License-Identifier’ and ‘SPDX-
Exception-Identifier’ were used, but then the former changed to ‘Valid-
License-Identifier’ in order to avoid confusion. But the exception tag was
left unchanged, as it did not clash directly with SPDX specs, which brings us
to this mess.

Would it be possible to change the ’SPDX-Exception-Identifier’ to ‘Valid-
Exception-Identifier’ in the Linux kernel and REUSE.software best practices? I
know that this is not an SPDX question directly, but I am pretty sure people
involved with both projects are here as well and it is paramount to not break
SPDX specs while finding a solution.


cheers,
Matija Šuklje
—
1 I don’t need a doctor, just your guidance here ;)
2 https://reuse.software/practices/2.0/
3 https://www.kernel.org/doc/html/v4.17/process/license-rules.html
4 https://spdx.org/spdx-specification-21-web-version
--
gsm: +386 41 849 552
www: http://matija.suklje.name
xmpp: matija.suklje@...
sip: matija_suklje@...

On sreda, 01. avgust 2018 17:21:24 CEST Jonas Oberg wrote:

I'd be fine to change it too to Valid- for consistency.

If it is still possible, I would be in favour of that.

It seems the Linux Kernel only makes use of this tag in three places¹ so far,
so it still may be early enough in adoption to make such a change without
causing too many problems.


cheers,
Matija Šuklje
—
1 https://github.com/torvalds/linux/search?q=SPDX-Exception-Identifier&unscoped_q=SPDX-Exception-Identifier
--
gsm: +386 41 849 552
www: http://matija.suklje.name
xmpp: matija.suklje@...
sip: matija_suklje@...

Dne četrtek, 02. avgust 2018 ob 15:25:51 CEST je Kate Stewart
napisal(a):

I think if we socialize it with the kernel community in advance, and
then send a pull request to change the locations in the kernel and
reference the change to the REUSE.software to implement this, we
shouldn't get too much push back.

That’d be wonderful.

Should the three of us discuss how specifically to tackle this off list,
since it’s not exactly an SPDX issue per se?

If so, Kate, since you probably know best who else (I imagine Greg KH
and Thomas G) should be included from the Kernel community, would you
mind starting the thread?


cheers,
Matija
--
gsm: +386 41 849 552
www: http://matija.suklje.name
xmpp: matija.suklje@...
sip: matija_suklje@...

Your analysis is correct. We used Valid- to avoid confusion, and to make clear REUSE/Linux kernel use of it was an addition to SPDX, not SPDX in itself.
The exception identifier was left as the meaning was not elsewhere defined. I'd be fine to change it too to Valid- for consistency.

Best
Jonas