RFC: REUSE compliance plugin for PkgTemplates.jl — API, docs, and root LICENSE behavior

gwr · May 4, 2026, 4:06pm

So something like:

SPDX-License-Identifier: MIT OR LicenseRef-Gov-Public-Domain

is what you are saying? (here we cannot use my simple check)

That seems mechanically checkable once the SPDX expression has been parsed into a normalized expression.

For a first conservative RegistryCI rule, one could evaluate each file’s effective SPDX expression as a Boolean expression:

standard SPDX license with isOsiApproved == true → true;
non-OSI license or LicenseRef-* → false;
OR → Boolean OR;
AND → Boolean AND;
WITH exceptions could initially be treated as false, or later handled by a separate allow-list / known-SPDX-exception policy.

Then MIT OR LicenseRef-X evaluates to true, while MIT AND LicenseRef-X evaluates to false.

So the rule would not have to be “all mentioned licenses must be OSI-approved”. It could instead be: every distributed file must have at least one complete OSI-approved licensing path.

(The plugin tooling returns SPDX AST for SPDX license expressions…).

Topic		Replies	Views
Copyright and license of Julia packages General Usage question	37	1251	July 18, 2025
Package licenses: Contemplations and considerations Community package	131	4361	May 4, 2026
Tooling for analysing dependency licenses Package Management	12	503	August 11, 2024
The present and the future of package registration Package Management	80	2606	June 11, 2023
General registry T&Cs and a warning to noobs (like me) General Usage	21	1413	March 12, 2019

RFC: REUSE compliance plugin for PkgTemplates.jl — API, docs, and root LICENSE behavior

Related topics