Opened 4 years ago

Last modified 3 months ago

#61237 new defect

Use SPDX license identifiers

Reported by: ryandesign (Ryan Carsten Schmidt) Owned by:
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: iefdev (Eric F), cooljeanius (Eric Gallager)
Port:

Description

MacPorts has its own guidelines for how to specify port license names. We should probably move toward using the same license identifiers popularized by SPDX: https://spdx.org/licenses/

The license names we use have to be understood by our port_binary_distributable.tcl script. There may need to be a transitional period during which the script is updated to recognize both our old license names and new SPDX license identifiers. Later, once all ports have been updated to use SPDX, we can remove our old license names.

Change History (5)

comment:1 Changed 4 years ago by iefdev (Eric F)

Yes, that'd be great. +1

Maybe some of their repos be used to make it easier to keep it updated? (ie keep track of deprecated and new licenses, etc.)

https://github.com/spdx/

Last edited 4 years ago by iefdev (Eric F) (previous) (diff)

comment:2 Changed 4 years ago by iefdev (Eric F)

Cc: iefdev added

comment:3 Changed 3 years ago by dbevans (David B. Evans)

I agree. The SPDX scheme seems to be more comprehensive than ours and gaining popularity elsewhere. Perl now has added a standardized (but optional) metadata element 

"x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later"

in addition to the existing 

    "license" : [
       "perl_5"
    ]

We might add something similar to our Portfile syntax.

comment:4 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)

Our portfile syntax already accommodates Boolean combinations of licenses.

We might consider introducing a new option licenses and defining it to use SPDX identifiers, leaving the old license option using the current MacPorts custom license identifiers during the transitional period. This might make it easier to identify whether a port is using new or old license names, and would make it easier to write new lint rules to point out which ports still need their license info updated. And it finally fixes the long-standing obvious misnaming of the license option. port_binary_distributable.tcl could be updated to look for licenses first and fall back on license.

We would want to make sure that SPDX identifiers cover 100% of our current license use cases, and if they do not, then we should think about what to do about that. For example, what would be the SPDX equivalent of our license identifiers "Permissive", "Restrictive", "Restrictive/Distributable", "Commercial", "NoMirror"?

comment:5 Changed 3 months ago by cooljeanius (Eric Gallager)

Cc: cooljeanius added
Note: See TracTickets for help on using tickets.