On 2022-11-23 12:31, Brian Inglis via tz wrote:

No public domain notices appear in the *.?.txt source files or in the generated man pages.

You're right, my mistake. I thought they were there, but they're not.

It may be useful to specify that the document, data, program, and source files for all components are in the public domain in the LICEN[CS]E sections.

<https://man7.org/linux/man-pages/man7/man-pages.7.html> doesn't mention such a section. It does mention a COPYRIGHT section but says it's often omitted, so for that project we should be OK.

It would also be useful if you also added SPDX licence comments like man-pages after either your line(s) or theirs, such as:

.\" SPDX-License-Identifier: LicenseRef-IANA-TZ-Public-Domain [suggested] .\" SPDX-FileCopyrightText: project authors            [suggested]

and also in the generated output?, as it may save downstreams doing so as licensing requirements are enforced by packaging tools and repos.

So far we've managed to avoid SPDX, SBOM, CycloneDX, VEX, VDR, etc. And since the source code states in multiple places that TZDB is "by no means authoritative" there is some argument for continuing to avoid the maintenance overhead of software supply chain component analysis. Since that area is evolving perhaps we'll be better off letting downstream users deal with it as needed, at least for now. And maybe it can be contributed upstream to us later as needed, I hope simply by adding a file or two.