[REUSE] ISO standard
Matija Šuklje
matija at suklje.name
Thu Sep 16 11:15:21 UTC 2021
Die 15. 09. 21 et hora 13:22 Alejandro Criado-Pérez scripsit:
> I get a bit lost in the legal terms, so please forgive me if this is silly
> question. Does this mean that using REUSE correctly means you comply with
> this new ISO/IEC 5962:2021 ?
No. The SPDX spec is _much_ larger and complex.
REUSE relies on only a few parts of the SPDX spec, specifically:
• SPDX License List for canonical license texts
• SPDX License IDs for unique identifiers for licenses
• license expressions – e.g. (MIT AND GPL-2.0-or-later)
REUSE Tool (and others, such as FOSSology Ojo) is able to generate a valid
SPDX Document out of a REUSE-compliant repository/package.
What it _does_ mean though is that if your repository is REUSE-compliant, it
is super easy to also create a ISO-standard SBOM (i.e. an SPDX Documont) from
it. So it’s not automatic, but the extra step you need to make is trivial.
> Shouldn't this help with the adoption of REUSE?
I sure hope so :)
cheers,
Matija
--
gsm: tel:+386.41.849.552
www: https://matija.suklje.name
xmpp: matija.suklje at gabbler.org
sip: matija_suklje at ippi.fr
More information about the REUSE
mailing list