Proposal: Standardising license metadata (SPDX/REUSE) for easier packaging

[Arian-Ott]

Hi,

I'm currently working on the Debian package for python-cmap.

While reviewing the repository, I noticed that the licensing for individual color maps in the LICENSE/ folder is currently quite difficult to parse automatically. For Debian (and other distributions), we need a very precise debian/copyright file. Mapping the current custom structure manually is quite error-prone and risks the package being rejected in code reviews.

To simplify this for everyone, would you be open to adopting the SPDX or REUSE standard for the metadata?

Standardising this would come with a few benefits:

• Make the licensing machine-readable and unambiguous.
• Greatly simplify downstream packaging (Debian, Fedora, etc.).
• Ensure that all contributors and sources are correctly credited according to their respective licenses.

If you're interested, I’ve been in touch with another developer (buhtz) who offered to mentor or assist in making the repo SPDX-compliant.

Let me know what you think about this.

Best regards,
Arian Ott

[tlambert03]

thanks for opening!
I'm definitely open to anything that makes it easier for you, while retaining "correctness". I only want to make sure that credit is fully given for bits of data that has been repackaged from various other open source packages (with proper license provenance), but I definitely don't really know what the best way to do that is! So absolutely: I would whole-heartedly welcome help with this

[buhtz]

Hello Talley,
I can guide you through the process. I am upstream maintainer of several projects, which one them in the age of 18 years and several authors and licenses.

First of all please read this introduction to get an idea how it works. After that we can work on the details.

https://reuse.software/

Regards,
Christian

[buhtz]

Ok, I'll fixed spdx2dep to handle Non-SPDX licenes as present in your project for example.
It is working.

My tool could be more elegant in handling file names. Currently it name each file explict, e.g.

src/cmap/data/cmocean/__init__.py
src/cmap/data/cmocean/algae.py 
...

But it is usual in Debian to use wildcards in several cases and if it make sense.

src/cmap/data/cmocean/*

I need to think about how to determine if it makes sense. ;)

[tlambert03]

sounds good. Let me know if there are more actions needed on my end, or if we should re-open this issue