On Mon, Sep 11, 2017 at 08:26:56PM +0000, Gisi, Mark wrote: > >> But you can't define a LicenseRef in sitations (like npm [1]) where the > >> only > >> thing you can set is a license expression and you don't have access to the > >> broader > >> SPDX spec. > >> [1]: https://docs.npmjs.com/files/package.json#license > > This is not a problem with the license expression language. It is a > problem with the SPDX identifier mechanism. LicenseRefs are SPDX's > cornerstone way of handling the many many non-standard license > notices found every day in source code.
Perhaps, but having an explicit ‘only’ is a cheap way to avoid a LicenseRef in cases like ‘CDDL-1.0 only’. Inlining LicenseRefs in license expressions (or talking external projects like npm into using the full SPDX spec) are both much larger changes. And… > In the above example you don't need an "only" operator… You *do* need this if you want separate license expressions for “I just found the GPL-2.0 text in a separate file, but am not clear on the intended grant” (GPL-2.0) and “this file is GPL-2.0 only” (GPL-2.0 only). There's no way to address that with LicenseRef. You might be able to cover that distinction with PackageLicenseComments [1], but that's not structured. So I see two use cases that a structured ‘only’ operator allows: a. ‘GPL-2.0 only’ is a fairly common license, so having a structured way to declare it seems useful to me (and it's nice to have that structured way be obvious from the license expression). b. Tools that do not look at grants (e.g. licensee, as I linked earlier) are also deployed in high-visibility areas (e.g. GitHub's auto-detected license API [2]), so having a structured way for them to *not* claim “only” vs. “or later” seems useful to me too. Do you believe that one or the other of those cases are not worth supporting? Or do you want to support both, but you prefer a different approach than an ‘only’ operator? Cheers, Trevor [1]: https://spdx.org/spdx-specification-21-web-version#h.41mghml [2]: https://developer.github.com/v3/licenses/ -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal