Dne 28. 11. 23 v 0:19 Mark Wielaard napsal(a):
SBOMs only decribe the software bill of materials, not the binary
packages created from them. And they don't just use a license tag, but
It does.
https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf
AFAIK most common ones are Build and Analyzes which describes the binary
packages.
I don't have any specific proposal. Lets just hope SPDX will just
create a new generic Hybrid-BSD variant. I do find it somewhat
disturbing Fedora contributors are asked to file issues in these
external third-pary proprietary trackers.
SPDX is community-driven project. Under Linux Foundation. With all materials
open and all decisions done in public.
I personally find it motivating. That we are collaborating on open standard that is used by various distributions and
communities and not working on a NIH project.
|This example may look artificial, but I know a lot of companies
that want to avoid GPL-3.0-or-later.
And how does that help Fedora?
If companies find it easier to use Fedora, it will get wider recognition and companies in exchange very often
contributes back.
I think it is a pretty standard convention and easy to automate.
Various source code repositories already do and show you the project's
license based on scanning those files.
I disagree with you. E.g. most visible is GitHub, but it does that for only limited number of licenses
https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository#disclaimer
and very often fails when COPYING include multiple licenses.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
_______________________________________________
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue