-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
audio: migrate to SPDX identifier #11773
base: master
Are you sure you want to change the base?
Conversation
will we migrate the license in all source code to SPDX? |
@xiaoxiang781216 I have multiple patches waiting. |
Does Apache foundation accept this style of copyright? |
I believe that the migration to SPDX will make the compliance easy for may users
this is not a copyright notice |
@btashton any concerns? |
@xiaoxiang781216 zephyr RTOS uses the same SPDX license indetifier |
I am fine with the change if no policy issue. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can probably have both, but I could not find anywhere in the policies that allowed spdx instead of the header
https://www.apache.org/legal/src-headers.html
Both make no sense since SPDX identifier is supposed to replace the header |
Maybe @hartmannathan can help because he is a long date ASF associated guy. |
There have been discussions around the Foundation about things like SBOM and other compliance. I don't remember if there was a consensus about SPDX specifically. I'll search for the information and then I'll come back here to let you know what I find. |
@hartmannathan Thanks for looking into it. Zephyr RTOS is setting the SBOM trend and I am trying not to lag behind. I already started the work for our project and I bet that many other projects will follow since SBOM will be come mandatory soon. |
@jerpelea After quite some searching, I can't seem to find the discussion about using SPDX. I also looked through some other projects and all the ones I saw are using the long-form header text. Also, I looked through the Foundation's published policies. Although it says that 3rd parties (non-ASF) who want to use the Apache-2.0 license can use the short-form SPDX identifier (see here), that's immediately followed by the text "Note that the Apache Software Foundation uses a different source header that is related to our use of a CLA. Our instructions for our project's source headers are here." Following that link, it says we have to use the long-form header, like we are already doing. My suggestion is to do as @btashton wrote earlier and add the SPDX identifier below the required header text. I recommend having at least a blank line in between. I saw your comment that it doesn't make sense to have both, but I think it's a reasonable compromise until the Foundation publishes a different policy. If you feel strongly about it, we can ask legal, but it may take some time to get a definitive answer. |
@hartmannathan please ask legal. Considering the high number of involved files and licenses it is better to wait and have clarification for all projects that will soon need this change. |
@jerpelea I'll compose a message for legal later today. |
@hartmannathan thanks |
@hartmannathan do we have any update from legal ? |
3885645
to
bd673ba
Compare
Most tools used for compliance and SBOM generation use SPDX identifiers This change brings us a step closer to an easy SBOM generation. Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Summary
Most tools used for compliance and SBOM generation use SPDX identifiers.
This change brings us a step closer to an easy SBOM generation.
Impact
Compliance
Testing
NONE