You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
annotations: Use SPDX License Expressions for licenses
Instead of comma-separated short identifiers, which have unclear
semantics (are the delimiters AND or OR?). I don't see any discussion
of the syntax for this field in [1] (which landed it), but I'd floaded
license expressions before in the sub-thread starting at [2]. Greg
had pushed back against my earlier proposal (licensing information on
descriptors) with [3]:
> No, that's not going to work at all, you can't properly describe the
> license for a whole layer in any form of a string that could be
> standardized or parsed. SPDX is great for describing the individual
> licenses of things, but not for a collection of things, which almost
> always has an arbitrary license (example, what's the license, in a
> simple string, for a Ubuntu base layer?)
But SPDX License Expression are both more expressive and better
defined than the current comma delimiters. Everything you could have
said with the comma-delimited string you can say more clearly with a
SPDX License Expression. And because the syntax is not OCI-specific,
you're more likely to be able to find tooling that handles these
values out of the box.
[1]: #636
[2]: #501 (comment)
[3]: #501 (comment)
Signed-off-by: W. Trevor King <[email protected]>
Copy file name to clipboardExpand all lines: annotations.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,7 @@ This specification defines the following annotation keys, intended for but not l
25
25
***org.opencontainers.image.version**[Semantic versioning-compatible](http://semver.org/) version of the packaged software. The version MAY match a label or tag in the source code repository.
26
26
***org.opencontainers.image.revision** Source control revision identifier for the packaged software.
27
27
***org.opencontainers.image.vendor** Name of the distributing entity, organization or individual.
28
-
***org.opencontainers.image.licenses**Comma-separated list of licenses under which contained software is distributed, in [SPDX Short identifier](https://spdx.org/licenses/) form.
28
+
***org.opencontainers.image.licenses**License(s) under which contained software is distributed as a [SPDX License Expression][spdx-license-expression].
29
29
***org.opencontainers.image.ref.name** Name of the reference for a target (string). SHOULD only be considered valid when on descriptors on `index.json` within [image layout](image-layout.md).
30
30
***org.opencontainers.image.name** Human-readable name of the software packaged in the image (string)
31
31
***org.opencontainers.image.description** Human-readable description of the software packaged in the image (string)
@@ -52,3 +52,5 @@ While users are encouraged to use the **org.opencontainers.image** keys, tools M
52
52
|`ref.name`|| No equivalent in Label Schema |
53
53
||`schema-version`| No equivalent in the OCI Image Spec |
54
54
||`docker.*`, `rkt.*`| No equivalent in the OCI Image Spec |
0 commit comments