Hello
Looking at the latest version of the SPDX :License List (3.20) I have
noticed that some licenses have multiple identities e.g.
--
"name": "GNU General Public License v2.0 only",
"licenseId": "GPL-2.0-only",
"licenseId": "GPL-2.0",
--
"name": "GNU Library General Public License v2 only",
"licenseId": "LGPL-2.0-only",
"licenseId": "LGPL-2.0",
--
"name": "GNU Library General Public License v2 or later",
"licenseId": "LGPL-2.0-or-later",
"licenseId": "LGPL-2.0+",
--
"name": "GNU General Public License v2.0 or later",
"licenseId": "GPL-2.0-or-later",
"licenseId": "GPL-2.0+",
--
"name": "GNU Lesser General Public License v2.1 only",
"licenseId": "LGPL-2.1-only",
"licenseId": "LGPL-2.1",
-
"name": "GNU Lesser General Public License v2.1 or later",
"licenseId": "LGPL-2.1-or-later",
"licenseId": "LGPL-2.1+",
--
"name": "GNU Lesser General Public License v3.0 only",
"licenseId": "LGPL-3.0-only",
"licenseId": "LGPL-3.0",
--
"name": "GNU Lesser General Public License v3.0 or later",
"licenseId": "LGPL-3.0-or-later",
"licenseId": "LGPL-3.0+",
According to https://spdx.org/licenses/, there is only one identity e.g.
LGPL-2.0-only specified for each license name.
When validating a license identity (e.g. within an SBOM) are
both identifiers valid or is this an error in the license data and I
should only be using the license identifier as shown on
https://spdx.org/licenses/,?
Regards
Anthony
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5062): https://lists.spdx.org/g/Spdx-tech/message/5062
Mute This Topic: https://lists.spdx.org/mt/98159656/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
