On Tue, Sep 12, 2017 at 02:52:26PM +0000, Wheeler, David A wrote: > Mark Gisi: > > the SPDX identifier model will need to accommodate a LicenseRef > > like mechanism... > > I'm not arguing to *remove* licenserefs, I agree they can be useful. > > My point is different. Since many users *only* use SPDX license > expressions, it's important that SPDX license expressions have > enough expressiveness (hah!) for common use cases WITHOUT using > licencerefs.
Agreed. I don't think anyone is arguing for removing LicenseRef. A new ‘only’ operator allows you to express ‘CDDL-1.0 only’ as a vanilla license expression where you currently need to use a LicenseRef, but there are obviously lots of other LicenseRef use cases that an ‘only’ operator will not replace. > > This is a far bigger problem than the "only" operator. In fact, it > > is the ill- conceived package license concept that is creating > > significant frustration and confusion over the GPL only issue. The > > problem is not at the file level. The license expression syntax is > > well suited for that. It is not well suited for the package > > level. Until that is addressed we will continue to struggle. > > It's not ill-conceived. Package-level results are the WHOLE POINT. I don't know if I'd go as far as that; being able to drill down to find the license for a particular file or snippet is useful too. But I certainly don't see a reason why license expressions would not work fine for projects given that they work fine for files; projects are just collections of files. Similarly, files are collections of snippets. SPDX license expressions can (and do?) allow to you state the license terms of any work, regardless of whether that work is a snippet, file, project, distro, …. What the ‘only’ operator is about is making vanilla license expressions (which do not reference custom LicenseRefs and such) more expressive. That will help folks who are restricted to vanilla license expressions, regardless of what they happen to be licensing. Cheers, Trevor -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal