[REUSE] ISO standard

Matija Šuklje matija at suklje.name
Thu Sep 16 11:15:21 UTC 2021

Die 15. 09. 21 et hora 13:22 Alejandro Criado-Pérez scripsit:
> I get a bit lost in the legal terms, so please forgive me if this is silly
> question. Does this mean that using REUSE correctly means you comply with
> this new ISO/IEC 5962:2021 ?

No. The SPDX spec is _much_ larger and complex.

REUSE relies on only a few parts of the SPDX spec, specifically:
• SPDX License List for canonical license texts
• SPDX License IDs for unique identifiers for licenses
• license expressions – e.g. (MIT AND GPL-2.0-or-later)

REUSE Tool (and others, such as FOSSology Ojo) is able to generate a valid 
SPDX Document out of a REUSE-compliant repository/package.

What it _does_ mean though is that if your repository is REUSE-compliant, it 
is super easy to also create a ISO-standard SBOM (i.e. an SPDX Documont) from 
it. So it’s not automatic, but the extra step you need to make is trivial.

> Shouldn't this help with the adoption of REUSE?

I sure hope so :)

gsm:	tel:+386.41.849.552
www:	https://matija.suklje.name
xmpp:	matija.suklje at gabbler.org
sip:	matija_suklje at ippi.fr

More information about the REUSE mailing list