audio: migrate to SPDX identifier #11773
Conversation
|
will we migrate the license in all source code to SPDX? |
|
@xiaoxiang781216 I have multiple patches waiting. |
Does Apache foundation accept this style of copyright? |
|
I believe that the migration to SPDX will make the compliance easy for may users
this is not a copyright notice |
|
@btashton any concerns? |
|
@xiaoxiang781216 zephyr RTOS uses the same SPDX license indetifier |
|
I am fine with the change if no policy issue. |
There was a problem hiding this comment.
We can probably have both, but I could not find anywhere in the policies that allowed spdx instead of the header
https://www.apache.org/legal/src-headers.html
Both make no sense since SPDX identifier is supposed to replace the header |
|
Maybe @hartmannathan can help because he is a long date ASF associated guy. |
There have been discussions around the Foundation about things like SBOM and other compliance. I don't remember if there was a consensus about SPDX specifically. I'll search for the information and then I'll come back here to let you know what I find. |
|
@hartmannathan Thanks for looking into it. Zephyr RTOS is setting the SBOM trend and I am trying not to lag behind. I already started the work for our project and I bet that many other projects will follow since SBOM will be come mandatory soon. |
@jerpelea After quite some searching, I can't seem to find the discussion about using SPDX. I also looked through some other projects and all the ones I saw are using the long-form header text. Also, I looked through the Foundation's published policies. Although it says that 3rd parties (non-ASF) who want to use the Apache-2.0 license can use the short-form SPDX identifier (see here), that's immediately followed by the text "Note that the Apache Software Foundation uses a different source header that is related to our use of a CLA. Our instructions for our project's source headers are here." Following that link, it says we have to use the long-form header, like we are already doing. My suggestion is to do as @btashton wrote earlier and add the SPDX identifier below the required header text. I recommend having at least a blank line in between. I saw your comment that it doesn't make sense to have both, but I think it's a reasonable compromise until the Foundation publishes a different policy. If you feel strongly about it, we can ask legal, but it may take some time to get a definitive answer. |
|
@hartmannathan please ask legal. Considering the high number of involved files and licenses it is better to wait and have clarification for all projects that will soon need this change. |
@jerpelea I'll compose a message for legal later today. |
|
@hartmannathan thanks |
|
@hartmannathan do we have any update from legal ? |
jerpelea
force-pushed
the
master
branch
3 times, most recently
from
3885645
to
bd673ba
Compare
Most tools used for compliance and SBOM generation use SPDX identifiers This change brings us a step closer to an easy SBOM generation. Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Summary
Most tools used for compliance and SBOM generation use SPDX identifiers.
This change brings us a step closer to an easy SBOM generation.
Impact
Compliance
Testing
NONE