SPDX license identifier for bzip2 are strange, why?


Mark Atwood
 

Hi!

 

I’ve started looking at the license and the SPDX identifiers on the “bzip2” project.

 

The license looks like a unsurprising BSD variant, but weirdly it’s been getting a versioned license ID with each release version.  The difference between two version seems to be entirely just the data and the software version.

 

Can this instead just match against one of the BSD variant templates?

 

Why does bzip2 get so finely versioned licensed identifiers?  Do we plan on created a new license identifier when bzip2 releases a version 1.0.9?

 

..m

 

 

Mark Atwood <atwoodm@...>

Principal, Open Source

+1-206-604-2198

 

 

 

From: Cressey, Ben <bcressey@...>
Sent: Wednesday, July 29, 2020 11:03 AM
To: Atwood, Mark <atwoodm@...>
Cc: etaoin, iliana <iweller@...>
Subject: SPDX license identifier for bzip2

 

Hi Mark,

 

iliana suggested I run this by you, as a higher power in the SPDX org.

 

I’m looking to package bzip2 for Bottlerocket. It has an odd license that Fedora dubs “BSD” but which SPDX has a versioned license for:

https://spdx.org/licenses/bzip2-1.0.5.html

https://spdx.org/licenses/bzip2-1.0.6.html

 

The upstream author seems to revise the license with each new version, though 1.0.7 and 1.0.8 are close except for the date and version:

https://sourceware.org/git/?p=bzip2.git;a=blob;f=LICENSE;hb=bzip2-1.0.7

https://sourceware.org/git/?p=bzip2.git;a=blob;f=LICENSE;hb=bzip2-1.0.8

 

iliana recommended that I use the “bzip2-1.0.6” identifier for now.

 

Perhaps the author could be persuaded to tweak the license so that it doesn’t need a new SPDX identifier for every release? Maybe it doesn’t matter and 1.0.6 is close enough until they change the text in a significant way again?

 

Thanks,

Ben

Join spdx@lists.spdx.org to automatically receive all group messages.