Dear Ria, > LEGALLY-EQUIVALENT-TO bothers me since "the producer of the SPDX > document containing such a Relationship has made the claim that they > believe the two to be legally equivalent" - if I understand that these > tags are being assigned by the vendor, do I trust their legal > determination?
Indeed, LEGALLY_EQUIVALENT_TO would express a legal interpretation made by the SPDX document productor (which could be the vendor of the software or a third party). Whether or not this is to be trusted is up to the consumer of the SPDX data, in the same way as with the existing 'License Concluded' field in SPDX 2.2.2: https://spdx.github.io/spdx-spec/package-information/#713-concluded-license-field > MATCHES_LICENSE also bothers me because it feels so binary. But I may > be nitpicking there. I would be more inclined to SIMILAR_LICENSE. I'm perfectly comfortable with using another name, although I would like to clarify: I was intending this to be matching in the sense of the SPDX Matching Guidelines (Annex B in SPDX 2.2.2). If I recall correctly, the Matching Guidelines don't specify anything other than 'yes, the same license' or 'no, a different license'. Thank you for taking a look at this; please let me know if I missed/misunderstood anything in your response :) Best wishes, Sebastian -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4551): https://lists.spdx.org/g/Spdx-tech/message/4551 Mute This Topic: https://lists.spdx.org/mt/91530334/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
