[Haskell-cafe] SPDX and hackage

Francesco Ariis fa-ml at ariis.it
Fri Mar 6 23:11:09 UTC 2015

On Fri, Mar 06, 2015 at 03:41:36PM -0600, Mike Meyer wrote:
> I stumbled across the SPDX (https://spdx.org/). Possibly the hackage
> license list should be expanded to incorporate this in some way? Or at
> least the OSI-approved entries?

Hackage admin decided to go for the 'soft' (as no-list) approach [1].
Relevant quote:

    " The hackage operators do not want to be in the business of
      making judgements on what is and is not a valid open source
      license, but we retain the right to remove packages that are not
      under licenses that are open source in spirit, or that conflict
      with our ability to operate this service. (If you want advice,
      see the ones Cabal recommends.)

But I am willing to write the necessary bits to add relevant and used
free/open-source licences which are now missing from cabal.

Today I was talking with dcoutts on freenode/#hackage and he made me
realise that, apart from licence coverage, there is a problem with
dual licences.

This has to be addressed, otherwise we will never manage to 'tame'
the Licence datatype (which would be quite important to, e.g. to
autocheck whether licence dependencies are satisfied).

[1] https://mail.haskell.org/pipermail/haskell-cafe/2015-March/118526.html

More information about the Haskell-Cafe mailing list