dhcpcd-discuss

On 02/07/2019 09:10, Yegor Yefremov wrote:
> On Sat, Jun 29, 2019 at 10:39 AM Roy Marples <roy@xxxxxxxxxxxx> wrote:
> > On 29/06/2019 07:42, Yegor Yefremov wrote:
> > > On Fri, Jun 28, 2019 at 10:22 AM Roy Marples <roy@xxxxxxxxxxxx> wrote:
> > > > On 21/06/2019 10:46, yegorslists@xxxxxxxxxxxxxx wrote:
> > > > > From: Yegor Yefremov <yegorslists@xxxxxxxxxxxxxx>
> > > > >
> > > > > Software Package Data Exchange identifiers help to detect source file
> > > > > licenses and hence simplify the FOSS compliance process.
> > > >
> > > > Just wondering how this works with the compat directory?
> > > > On NetBSD-current for example, non of it is used, but on Linux all of it
> > > > is used.
> > >
> > > You're right. I've missed this folder. I'll add the SPDX identifiers
> > > there.
> >
> > src/dev folder too.
> >
> >
> > > As you've mentioned, they will be of relevance only for Linux.
> > >
> > >   From briefly looking at the code it contains at least BSD-2c and
> > > BSD-3c license texts :-)
> >
> > OpenBSD as well. I think SPDX classifies that as ISC.
> > There is also the matter of consttime_memequal which is licensed as
> > Public Domain which SPDX seems to avoid:
> > https://wiki.spdx.org/view/Legal_Team/Decisions/Dealing_with_Public_Domain_within_SPDX_Files
> >
> > Anyway, my question was more along the lines of how SPDX works.
> > If no compat is used then it should be marked as BSD-2 only - but it
> > can't tell this without running configure.
> >
> > So should we even mark the compat folder with SPDX?
> >
> > I don't know enough about the intent or scope of SPDX to answer this and
> > it wasn't clear on their website.
> > This is why I'm hesitant to go down this route - you need to know the
> > license dhcpcd builds with, not just what it bundles as a whole which
> > makes the intent of SPDX almost useless for dhcpcd.
>
> I would also like to have a definitive guide for a FOSS compliance.
> There is an interesting paper [1] about making FOSS projects compliant
> but its merely a motivation and not a definitive guide.
>
> AFAIK SPDX identifiers help to identify source file license and not
> what will be built and shipped (there should be other tools taking
> care of that and using SPDX identifiers). Having them (identifiers)
> makes a compliance process easier, especially for the projects having
> source parts under different licenses.
>
> As for the Public Domain I'd say it should be mentioned in a central
> README file and be also marked in the header of the source file.

For the time being I've just marked dhcpcd source files with the SPDX flag.
Commit here: 
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=095c87f1e52c350df4b109adab35bb875bb913bd

Thanks!

Roy