>The last number (if there is one) in a SPDX license id is the version number
Is that documented? I fail to see that in the standard. As far as I can see, SPDX 2.1, 6.1 License Identifier uses just <<[idstring] is a unique string containing letters, numbers, “.” or “-”.>> There are other exceptions like Artistic-1.0, Artistic-1.0-cl8, Artistic-1.0-Perl, Artistic-2.0 or LPPL-1.2, LPPL-1.3a Could I use the software under LPPL-1.3a if the original author declares LPPL-1.2+ ? Of course it's complicated, however in any case there should be a rule to compare version numbers. For instance: 1.1 > 1.10? Or is it 1.1<1.10? That has to be in the standard if we admit licenses can have versions. Note: it is not like "I absolutely want to use all the license operators which exist in the wild". Here's what I'm trying to do. I want to classify third-party dependencies based on my own license and the license of the third-party (isn't it surprising?) Well, "my own" license happens to be Apache 2.0, and luckily for me, there's a web page: https://apache.org/legal/resolved.html For instance, the page says that "GNU GPL 1,2,3" goes to "Category X" (==please never use GPL dependencies in Apache-2.0-licensed projects) I use GPL here because "incompatibility with AL2.0 is clear for everyone". I don't try to discuss "-only vs -or-later" here which is a completely different subject. However, what if "third-party declares it's license as GPL-2.0-or-later"? For instance, I could see a manifest attribute of "Bundle-License: GPL-2.0-or-later" or it could be "Bundle-License: GPL-2.0+" Of course, I could just hard-code that "GPL 1,2,3" really means all the possible versions of GPL (-only, or-later, or-whatever). However it would be great if one could the **standard** to deduce "all the possible licensing options" out of "GPL-2.0-or-later" expression. As of now, there is NO automatic way to tell which licenses could satisfy GPL-2.0-or-later expression. Note: the standard should better be strict rather than "please do that somehow, and note 10% of the licenses are exceptions". For instance, Unicode standard declares rules to perform upper-case conversion. That is why I suggest to do something with meaning of "license versions" in SPDX. For instance, if there was a notion of "license name" vs "license version", then one could iterate over all the versions of "GPL" and expand that "GPL-2.0-or-later" to the set of possible known licenses. Of course that does not solve all the cases, however it would still provide me with information like "even if we try all the possibilities, we get categoryX every time". Alternative option is to add a notion of "aliases" to the standard. For instance, we could say that "GPL-2.0-or-later" is an alias for "GPL-2.0-only OR GPL-3.0-only OR GPL-3.0-or-later OR unknown_license" (while the latter is a hypothetical GPL-4.0), then we could declare "GPL-2.0+" to be an alias for "GPL-2.0-or-later". Of course everybody would have to code those equivalence tables, however the tables could be shared in a machine-readable formats. Then machines could recognize that "MIT+" is an unknown alias. Vladimir -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3711): https://lists.spdx.org/g/Spdx-tech/message/3711 Mute This Topic: https://lists.spdx.org/mt/32049933/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
