W. Trevor King wrote: > I don't think any of the examples there have a declared package license.
I believe putting a copy of GPL in a repository is declaring a package license. Also, note that given that GPL is a strong copyleft, the file licensing data both matters less, and also can impact the package license in ways that don't happen in the permissive-MIT license example you gave. > Declaring a package license looks like this FAQ entry [1]: > > But, for *Declarations*, SPDX clearly needs some other identifier, which > > would usually only be used as Declared licenses. > This is not clear to me. Can you elaborate? License theorist apparently disagree about what the concluded license is when I just put a copy of GPL in a directory in a package. License theorists apparently disagree what when I say "this is GPL'd". If there are disagreements, it seems me the SPDX spec is suggesting that SPDX should store the declaration somehow, and have the information available to those who must make conclusions. > That means we *recommend* authors use SPDX License Expressions to declare > the license which applies to that file. Do you feel that is inadequate? > If so, how? This goes back to changing the outcome by observing it. Some people chose to declare GPL using all the varied means that are contemplated in the text of the GPL about not specifying version numbers, etc. SPDX should be flexible enough to allow such declarations that already exist in the wild, both at file and package level. -- Bradley M. Kuhn _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
