SPDX license identifier for bzip2 are strange, why?
toggle quoted messageShow quoted text
I’ve started looking at the license and the SPDX identifiers on the “bzip2” project.
The license looks like a unsurprising BSD variant, but weirdly it’s been getting a versioned license ID with each release version. The difference between two version seems to be entirely just the data and the software version.
Can this instead just match against one of the BSD variant templates?
Why does bzip2 get so finely versioned licensed identifiers? Do we plan on created a new license identifier when bzip2 releases a version 1.0.9?
Mark Atwood <atwoodm@...>
Principal, Open Source
From: Cressey, Ben <bcressey@...>
Sent: Wednesday, July 29, 2020 11:03 AM
To: Atwood, Mark <atwoodm@...>
Cc: etaoin, iliana <iweller@...>
Subject: SPDX license identifier for bzip2
iliana suggested I run this by you, as a higher power in the SPDX org.
I’m looking to package bzip2 for Bottlerocket. It has an odd license that Fedora dubs “BSD” but which SPDX has a versioned license for:
The upstream author seems to revise the license with each new version, though 1.0.7 and 1.0.8 are close except for the date and version:
iliana recommended that I use the “bzip2-1.0.6” identifier for now.
Perhaps the author could be persuaded to tweak the license so that it doesn’t need a new SPDX identifier for every release? Maybe it doesn’t matter and 1.0.6 is close enough until they change the text in a significant way again?
< bcc general list as FYI for anyone who wants to follow the discussion, but moving to legal list>toggle quoted messageShow quoted text
Quick search shows:
- both version were on the list when we moved to the XML format in 2016
- email archive https://lists.spdx.org/g/Spdx-legal/topic/22080449#817 - shows discussion for zip in Feb 2014, added for v1.20 of the license list (also see: https://wiki.spdx.org/view/Legal_Team/License_List/Licenses_Under_Consideration#Licenses_Under_Consideration and https://wiki.spdx.org/view/Legal_Team/Minutes/2014-02-20
However, I’m not clear on if that was both versions or what…
a ha! search on wiki meeting minutes then found this: https://wiki.spdx.org/view/Legal_Team/Minutes/2014-06-26
regarding diff b/w 1.0..5 and 1.0.6
we should check 1.0.7 and 8 against matching guidelines.
that’s all I have for now, it’s late.
higher power, eh? ;)
PS given this quick trip back in time at our process flow for new licenses back then… OMG, LOOK HOW FAR WE’VE COME!!!!