Hi McCoy, I’m wondering if you are trying to adapt SPDX identifiers in a situation not anticipated. Consider that aim of an SPDX document (as per the SPDX specification, and thus, using SPDX license ids in the various specification field, is to communicate licensing, copyright, provenance, etc. information for a given bundle of software. For example, I sell you Jilaynes-awesome-software-app and provide an SPDX document for that software product. The licensing info in this context would be presubaly what I think you are referring to as the “outbound” license - that is the license under which the software is used by the recipient.
Let’s say, Jilaynes-awesome-software-app includes some open source software under various open source licenses, say, MIT and Apache-2.0, and I also added some of my own (new) code under BSD-3-Clause, that all of this can be reflected in the appropriate license fields at the package, file, and/or snippet level. I think of “inbound”, in relation to open source software, as usually referring to the license under which contributions are provided to the project. But I think you might be meaning “inbound” in relation to Jilayne’s-awesome-software-app - that is, the open source software that I incorporate into my app under MIT and Apache-2.0. Is that right? Thanks, Jilayne > On Jul 17, 2022, at 1:18 PM, McCoy Smith <[email protected]> wrote: > > At the risk of sounding like I’m hijacking this to re-raise my prior issue: > If AND is the operator to be used when having different inbound vs outbound, > then AND may not be commutative, since the order of listing the licenses may > convey information about which license is inbound vs outbound, and (maybe) > which license applies to different parts of the code. > Which militates to me toward a new expression, but I’ve made that point > already. > >> On Jul 17, 2022, at 11:22 AM, Richard Fontana <[email protected]> wrote: >> >> I'm working on some draft documentation for Fedora around use of SPDX >> expressions in RPM spec file License: fields. I was surprised to >> apparently not see anything in the SPDX spec that says that the AND >> and OR operators are commutative. I want to assert that the expression >> "MIT AND Apache-2.0" is equivalent to "Apache-2.0 AND MIT". Does the >> SPDX spec actually take no position on this? >> >> Richard >> >> >> >> >> >> > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3180): https://lists.spdx.org/g/Spdx-legal/message/3180 Mute This Topic: https://lists.spdx.org/mt/92443713/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
