SPDX license identifier for bzip2 are strange, why?
Mark Atwood (Amazon.com)
toggle quoted message Show quoted text
I’ve started looking at the license and the SPDX identifiers on the “bzip2” project.
The license looks like a unsurprising BSD variant, but weirdly it’s been getting a versioned license ID with each release version. The difference between two version seems to be entirely just the data and the software version.
Can this instead just match against one of the BSD variant templates?
Why does bzip2 get so finely versioned licensed identifiers? Do we plan on created a new license identifier when bzip2 releases a version 1.0.9?
Mark Atwood <atwoodm@...>
Principal, Open Source
From: Cressey, Ben <bcressey@...>
Sent: Wednesday, July 29, 2020 11:03 AM
To: Atwood, Mark <atwoodm@...>
Cc: etaoin, iliana <iweller@...>
Subject: SPDX license identifier for bzip2
iliana suggested I run this by you, as a higher power in the SPDX org.
I’m looking to package bzip2 for Bottlerocket. It has an odd license that Fedora dubs “BSD” but which SPDX has a versioned license for:
The upstream author seems to revise the license with each new version, though 1.0.7 and 1.0.8 are close except for the date and version:
iliana recommended that I use the “bzip2-1.0.6” identifier for now.
Perhaps the author could be persuaded to tweak the license so that it doesn’t need a new SPDX identifier for every release? Maybe it doesn’t matter and 1.0.6 is close enough until they change the text in a significant way again?