On Fri, Sep 15, 2017 at 12:01:32PM +0000, Zavras, Alexios wrote: > Besides the case of GPL version numbers, isn't the issue similar to > when we have cases like where you have a package that simply says > "This program is under the BSD license"
This is definitely a similar case. The difference is that the GPL family have internal wording for this case [1], while the BSDs do not. > The author "declared" something, but the SPDX spec is not really > useful, since the value of the field is a license (or a license > expression) and not a free form text. None of the licenses in the > SPDX license list can be used as "PackageLicenseDeclared". Do we put > a list of the 15 or so BSD variants, or disregard the declaration by > stating "NOASSERTION"? I would say NOSSERTION, because I don't think you're discarding much information. If you wanted to represent this case, you'd need a new license expression operator for “or maybe they meant”. That doesn't seem particularly actionable to me, and I'd want to take a closer look at a project if the best-estimate (a trusted conclusion when we have one, and a declared call or unreliable conclusion when we don't) involved such an operator. > Taking it further, suppose that by looking at the actual wording of > the license text in files, you might decide that the author is > talking about BSD-3-Clause-No-Nuclear-License (in the nice case > where all the files use the same text). But isn't this a "Concluded" > rather than a "Declared" field? If there are license terms in the header that match BSD-3-Clause-No-Nuclear-License, then that seems like a pretty clear declaration of BSD-3-Clause-No-Nuclear-License for those files, and that would go in LicenseInfoInFile. I think that could inform your concluded package license, but it should not impact the declared package license. Cheers, Trevor [1]: https://github.com/spdx/license-list-XML/blob/f1522b5cc61bde64d9b38af05204fdb93c02eef8/src/GPL-1.0.xml#L167-L168 -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal