On Tue, Feb 5, 2019 at 2:45 PM Schuberth, Sebastian < [email protected]> wrote:
> > In text use: SPDX-License-ID: LicenseRef-.com.amazon.-.ASL-2.0 > > > > Then if someone shipping a SBOM with the information in it > > and wanted to record the license contents as well, they could cut/paste > > into the document. > > > > LicenseID: LicenseRef-.com.amazon.-.ASL-2.0 > > LicenseName: Amazon Software License version 2.0 > > ExtractedText: <text> > > insert here info > > </text> > > > > and still be able to represent the known state of the source code without > > relying completely on the web sites to stay stable over time. > > > > Thoughts? > > Well, my immediate thought was that this combination of dots and dashes > looks *very* awkward. Why not just "LicenseRef-com.amazon-ASL-2.0"? That > would also go nicely with Philippe's approach to use a "scancode" namespace > for ScanCode-specific license findings that have no SPDX identifier: In > this case the namespace would be "com.amazon", i.e. the reverse domain just > like in a Maven group name, to denote an Amazon-specific license. > Hi Sebastian, That's pretty much where we ended up on the call. LicenseRef-<namespace>-<shortform> We also ended up discussing where SPDX documents with these LicenseRef's could be defined, so others could access without depending on ad hoc vendor web sites. Preliminary discussion ideas is to have SPDX doc of LicenseRef's logged at github.com/spdx/namespaces/namespace in addition to other options that vendors may want to provide. Since this is of interest to legal as well as technical, thinking is to talk about this on the general call on Thursday, if time permits. Kate -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3654): https://lists.spdx.org/g/Spdx-tech/message/3654 Mute This Topic: https://lists.spdx.org/mt/29560818/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
