Re: Using SPDX for firmware


Philippe Ombredanne
 

On Wed, Aug 12, 2015 at 4:05 PM, Richard Hughes <hughsient@...> wrote:
Hi all,

I've been using SPDX for years in the AppStream specification to
describe applications that can be installed in software centers. I'm
using the AND, OR extensions, and am soon to include the WITH
exception support too[2].
Very nice! About the dead link, I am not sure exceptions have been published
yet, though it could be a bug too.

AppStream can be used to describe free
software, but is increasing being used for other things too, for
instance, in the LVFS[2] firmware update service. In this we describe
firmware licensing using SDPX tags, but I'm not sure what to do about
non-free firmware. OpenHardware firmware is fine, and we can use all
the existing IDs to represent that correctly.

At the moment I've asked vendors to use:
<project_license>proprietary</project_license> to indicate it's
nonfree, but this obviously isn't a SPDX ID and probably will make the
specification people quite upset. What should I be using? Dropping the
<project_license> tags for non-free firmware is fine, but it's then
confusing the "explicitly nonfree" firmware with the "unspecified"
firmware and makes validation hard. It also means there's no clickable
link explaining what proprietary means, unlike all the other SPDX IDs.
Is there already an ID I can use for this?
IMHO using your own ID extensions is quite fine, there is nothing
upsetting about it, especially since it provides valuable indication to
downstream users about the licensing terms, even if this is not precisely
pointing to a unique license text.

The alternative could to have also a catch-all "non-free" or "proprietary"
license ID in SPDX indeed.

--
Cordially
Philippe Ombredanne

Join spdx@lists.spdx.org to automatically receive all group messages.