Hi,
when debugging an issue in the spdx-tools verifier, I noticed the SPDX 2.0
specs seem to be inconsistent on whether "+" is a valid character in a
LicenseRef's idstring, like in LicenseRef-[idstring].
Sections 3.13.4 and 4.6.4 also refer to LicenseRefs and say
[idstring] is a unique string containing letters, numbers, "." or
"-"
Yet section 5.1.4 explicitly says for the case of LicenseRef
[idstring] is a unique string containing letters, numbers, ".",
"-" or "+"
Is there any consensus? I'd vote for "+" to be valid in order to have
LicenseRefs like "LicenseRef-LGPL-3.0+".
BTW: There's similar inconsistencies regarding DocumentRef idstrings, see
sections 2.6.4 vs. 3.13.4 / 4.6.4 and other places that refer to an SPDXID.
Sebastian Schuberth
Lead Engineer
Open Source Governance, Chief Technology Office
Mobile: +49 151 551 551 40
HERE Berlin
Invalidenstrasse 116
10115 Berlin
52° 31' 52" N. 13° 23' 5" E
HERE, a Nokia company
Place of Business: HERE Deutschland GmbH, Invalidenstrasse 116, 10115 Berlin,
Germany - Commercial Register: Amtsgericht Charlottenburg, HRB 106443B -
USt-IdNr.: DE 812 845 193 - Managing Directors: Michael Bültmann, Robertus A.J.
Houben
CONFIDENTIALITY NOTICE
This e-mail and any attachments hereto may contain information that is
privileged or confidential, and is intended for use only by the individual or
entity to which it is addressed. Any disclosure, copying or distribution of the
information by anyone else is strictly prohibited. If you have received this
document in error, please notify us promptly by responding to this e-mail.
Thank you.
_______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech
