REUSE specs seems to be at odds with SPDX
lvella opened this issue · comments
In SPDX v2.3.0, section H.2 it says:
SPDX file tags of a particular type may appear one or multiple times in a file, depending on the corresponding cardinality defined for that field in the File Information section of the SPDX specification.
And in the File Information section 8.8 Copyright text field, it defines the cardinality of the FileCopyrightText
field to be 0..1
, i.e. at most one.
So, according to SPDX, there should be at most one SPDX-FileCopyrightText
tag per file.
But REUSE Specification states in the Comment headers section:
The comment header MUST contain one or more
SPDX-FileCopyrightText
tags, [...]
So, it explicitly allows the usage of more than one SPDX-FileCopyrightText
, which is at odds with SPDX specification.
Interesting catch, thank you.
Something we should discuss with the SPDX teams, clearly.
Just discussed it with @carmenbianca and @zvr. Essentially the outcome was that it could be considered as a bug in the SPDX Annex H. Since SPDX 3.0 is out now, 2.x will not be updated anymore, so we can simply ignore this issue and concentrate on how to make REUSE work with SPDX 3.0 (which changes things a lot, and does not have tags at all …yet)
Closing with the unfulfilling reason: it works OK-ish, we can’t fix it really as is, it will go away by itself later on.
That said, this was a very detailed analysis and you did find a bug that we missed in both REUSE and SPDX teams. Kudos to finding it!