J Lovejoy>The + operator to indicate "or any later version" was only intended to be used with licenses that allow this option. There is no "test" or "validation" to reject an improper use of the + operator
What I'm saying is when standard declares an operation (e.g. "or later"), then it should describe its inputs, and outputs. Currently SPDX declares "or later" operation, however it NEVER specifies how that operation really works. Note: the standard pretends to be machine-readable, so the rules should be machine-readable as well. J Lovejoy>We have not choice but to take and record the licenses as we find them - with or J Lovejoy>without version numbering (and sometimes with version numbering that is not necessarily sequential.) The same thing: SPDX standard reads "or any later version", however it does NOT specify what that means. That is very very weak standard. As I said, there's a prior art in the similar field: Unicode (see https://en.wikipedia.org/wiki/Unicode ) It goes over the characters/scripts and tries to make a standard representation, and it makes operations like case folding and collation standard as well. For example, Unicode standard declares various ways to do "case mapping". https://unicode.org/faq/casemap_charprop.html Let me pick an example: German alphabet has letter ß which is typically converted to SS when upper-cased. Unicode does specify that "uppercase of ß is SS", so every developer gets that "for free" when using unicode-compliant libraries/languages. Of course human languages are evolving, and it might be that at some point in future there will be a dedicated letter for "capital ß" in German. Then it would be just included into an updated Unicode standard with the appropriate casing/comparison rules. Well, that was regarding Unicode. Why am I describing all of that? As for me, SPDX for licenses looks pretty much like Unicode for characters. Both domains have lots of exceptions, and both domains need some sort of machine processing. That is why I expect SPDX to properly declare the meaning behind "or later". Possible options are: 1) Explicitly disable certain uses of "or later". For instance, SPDX 4.0 might explicitly disable "MIT+" and specify that that expression is invalid. 2) Explicitly specify which licenses are equivalent. For instance, SPDX 4.0 might explicitly describe that "GPL-2.0-or-later" is equivalent to "GPL-2.0-only+". 3) Explicitly specify that license A is considered to be "a later version of" license B. For instance, SPDX 4.0 might explicitly describe that "Apache 2.0 is a later version of Apache 1.1" 4) Split licenseid to licensefamily and version fields. Then "or later" operation would mean "all licenses with same licensefamily and greater or equal version". If that approach is taken, it would require to specify the collation rules for versions. 5) Other suggestions I really see no way of proceeding with current "SPDX declares <<or later>> in the standard, however it misses to define what that means" J Lovejoy>GPL-2.0-or-later would be the current SPDX identifier; GPL-2.0+ would be the old SPDX identifier (from SPDX License List pre-3.0 versions) - J Lovejoy>either way, it means the same thing. Can you pin-point the part of SPDX that declares that "GPL-2.0+ means the same thing as GPL-2.0-or-later"? Spoiler: there's no such statement in the SPDX standard. Vladimir -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3715): https://lists.spdx.org/g/Spdx-tech/message/3715 Mute This Topic: https://lists.spdx.org/mt/32049933/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
