Geyer-Blaumeiser Lars (IOC/PDL4) Lars.Geyer-Blaumeiser at bosch.io
Thu Jul 23 14:21:41 UTC 2020

Hello Max, Matija,

from what I understand there will be further changes in SPDX 3.0 that will remove some of the mandatory stuff. I absolutely agree, that using SPDX should not add stuff not needed for the use case. And if this means that the SPDX file is not correct because some mandatory stuff is not included, this is a good hint for the SPDX community to think about the need for a mandatory field for the information.

Saying that, my basic intention is, that a REUSE.yaml file should not define fields and structures, which have the same meaning but are defined differently from SPDX. This would improve readability and processability of the files.

Mit freundlichen Grüßen / Best regards

Dr. Lars Geyer-Blaumeiser

Project Delivery - Open Source Services (IOC/PDL4)
Bosch.IO GmbH | Stuttgarter Straße 130 | 71332 Waiblingen | GERMANY | www.bosch.io
Mobil +49 172 4815079 | lars.geyer-blaumeiser at bosch.io

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Dr. Aleksandar Mitrovic, Yvonne Reckling

Von: REUSE <reuse-bounces at lists.fsfe.org> im Auftrag von Max Mehl <max.mehl at fsfe.org>
Gesendet: Donnerstag, 23. Juli 2020 15:04:02
An: reuse at lists.fsfe.org
Betreff: Re: [REUSE] REUSE.yaml

~ Matija Šuklje [2020-07-22 13:54 +0200]:
> Die 21. 07. 20 et hora 08:44 Geyer-Blaumeiser Lars (IOC/PDL4) scripsit:
>> I like the idea, but just a thought. There is the new yaml format in SPDX
>> 2.2, and we are thinking around using this format to mark certain folders
>> as open source component,
> That is a great idea.

Yes, thanks for sharing this idea! Being compatible with other
compliance projects is one of our core goals.

> But you’d really go make a full SPDX valid file for that? How?  There are
> quite a few fields there that are obligatory.
> One potential issue might be the hash value. For marking 3rd party code that’s
> a great boon, but for marking your own living code that might be a bit of a
> issue, if you need to change the hash value every time the code changes.

I see the same issues. Additionally, I am always having
user-friendliness in mind which is another big goal of REUSE. The SPDX
document seems to work with e.g. "licenseId", "licenseConcluded",
"licenseDeclared". While these make sense in the SPDX radius, REUSE
users are used to work with License-Identifier and FileCopyrightText.
Just like with the snippets I am afraid of different "keys" for the same


Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom:  https://fsfe.org/join
REUSE mailing list
REUSE at lists.fsfe.org

This mailing list is covered by the FSFE's Code of Conduct. All
participants are kindly asked to be excellent to each other:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fsfe.org/pipermail/reuse/attachments/20200723/11ea885f/attachment.htm>

More information about the REUSE mailing list