Max Mehl max.mehl at fsfe.org
Thu Jul 23 13:04:02 UTC 2020

~ Matija Šuklje [2020-07-22 13:54 +0200]:
> Die 21. 07. 20 et hora 08:44 Geyer-Blaumeiser Lars (IOC/PDL4) scripsit:
>> I like the idea, but just a thought. There is the new yaml format in SPDX
>> 2.2, and we are thinking around using this format to mark certain folders
>> as open source component,
> That is a great idea.

Yes, thanks for sharing this idea! Being compatible with other
compliance projects is one of our core goals.

> But you’d really go make a full SPDX valid file for that? How?  There are 
> quite a few fields there that are obligatory.
> One potential issue might be the hash value. For marking 3rd party code that’s 
> a great boon, but for marking your own living code that might be a bit of a 
> issue, if you need to change the hash value every time the code changes.

I see the same issues. Additionally, I am always having
user-friendliness in mind which is another big goal of REUSE. The SPDX
document seems to work with e.g. "licenseId", "licenseConcluded",
"licenseDeclared". While these make sense in the SPDX radius, REUSE
users are used to work with License-Identifier and FileCopyrightText.
Just like with the snippets I am afraid of different "keys" for the same


Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom:  https://fsfe.org/join

More information about the REUSE mailing list