AppData, meet SPDX. SPDX, meet AppData

A few long months ago I asked everyone shipping a desktop application to also write an AppData file for the software installer. So far over 300 projects have written these files and there are over 500 upstream screenshots that have been taken. The number has been growing steadily, and most active projects now ship a file upstream. So, what do I want you to do now? :)

The original AppData specification had something like this:

<?xml version="1.0" encoding="UTF-8"?>
<application>
<id type="desktop">gnome-power-statistics.desktop</id>
<licence>CC0</licence>
...

This had a couple of problems. First was the spelling of license. I’m from Blightly, and forgot that I was supposed to be coding in en_US. The second was people frequently got confused that they were supposed to be specifying the license of that specific metadata file, rather than the license of the project as a whole. A few months ago we fixed this, and added the requirement of a copyright statement to please the Debian overlords:

<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright 2013 Richard Hughes <richard@hughsie.com> -->
<application>
<id type="desktop">gnome-power-statistics.desktop</id>
<metadata_license>CC0-1.0</metadata_license>
<project_license>GPL-2.0+ and GFDL-1.3</project_license>
...

The project licenses just have to be valid SPDX strings. You can use “ and ” and “ or ” or even brackets if required, just like in a spec file. The reason for standardising on SPDX is that it’s being used on lots of distros now, and we can also make the licence substrings clickable in gnome-software very easily.

So, if you’ve already written an AppData file please do three things:

  • Make sure Copyright exists at the top of the file after the <?xml header
  • Convert license into metadata_license and change to a SPDX ID
  • Add project_license and add all the licenses used in your project.

In Fedora 21 I’m currently doing a mapping from License: in the spec file to the SPDX format, although it’s not a 1:1 mapping hence why I need this to be upstream. KDE is already shipping project_license in thier AppData files, but I’m not going to steal that thunder. Stay tuned.

8 responses to “AppData, meet SPDX. SPDX, meet AppData”

  1. fmuellner

    Will there be an appdata-validate update?

  2. alex

    Shouldn’t license names (in Software) be linked to the actual license? Some projects are under lots of licenses and people mostly write them down as “Complicated”. Projects usually keep such licenses-info pages.

  3. David

    Is the commented copyright notice, the owner of the AppData file?

  4. Kevin Kofler

    What do we do if the license isn’t listed in the SPDX list? (No, I don’t have a concrete example… yet!)

Bad Behavior has blocked 2769 access attempts in the last 7 days.