haxelib icon indicating copy to clipboard operation
haxelib copied to clipboard
verified publisher icon HaxeFoundation

Support SPDX license identifiers

Open Frixuu opened this issue 2 years ago • 3 comments

Current licensing options have several issues:

  • They are too ambiguous. Is "GPL" version 2 or 3? Does it allow later revisions? How many clauses is "BSD"? SPDX IDs are more specific.
  • They do not give enough choice. What if somebody wants to release a library under AGPL, MPL or Zlib? SPDX defines over 500 license identifiers, including a bunch approved by OSI/FSF/whomever.
  • They are not a standard. SPDX identifiers are supported (or sometimes even required) by NPM, Nuget, Composer, Maven, RubyGems, Conan etc.

Frixuu avatar Apr 13 '23 15:04 Frixuu

This was discussed previously in #52, but I suppose with an official list this is a more achievable task.

tobil4sk avatar Apr 13 '23 18:04 tobil4sk

I personally don't care about this stuff at all and it's a layer of concern that I prefer to not deal with. But as long as I can still install haxelibs without hiring a lawyer I won't get in your way either.

Simn avatar Apr 13 '23 18:04 Simn

I just ported a library from another language with an open source license that is not supported by haxelib.json. I guess I'm just going to put Public, even though that's not the actual license. The actual license has a SPDX license identifier, though.

For reference, npm allows custom licenses that aren't SPDX:

If you are using a license that hasn't been assigned an SPDX identifier, or if you are using a custom license, use a string value like this one:

{ "license": "SEE LICENSE IN " }

joshtynjala avatar May 17 '24 22:05 joshtynjala