Hi Richard,
I think both your possibilities work, and with the current state
of art, I would agree with Kate, Jilayne and Gary.
On the other hand it seems to me that exactly how to mark source
code is perhaps a bit out of the scope of SPDX (I might be wrong
though).
A project that is based
AM
To: Richard Fontana
Cc: SPDX-legal
Subject: Re: SPDX-License-Identifier for composite-licensed source files
Hi Richard,
I suspect the others will comment as well, but
I would hope to see
"SPDX-License-Identifier: MPL-2.0 AND Apache-2.0"
as a summary.
The second ap
> On Dec 12, 2019, at 9:48 AM, Kate Stewart
> wrote:
>
> Hi Richard,
> I suspect the others will comment as well, but
> I would hope to see
> "SPDX-License-Identifier: MPL-2.0 AND Apache-2.0"
> as a summary.
Agree. And also agree with Richard’s comment about avoiding legal
Hi Richard,
I suspect the others will comment as well, but
I would hope to see
"SPDX-License-Identifier: MPL-2.0 AND Apache-2.0"
as a summary.
The second approach may become ambiguous to scanners
as they may try to treat it as an "OR", and I believe that
"AND" is truer to the intention
Suppose you're dealing with the following source file legal notice
(example taken from
https://www.mozilla.org/en-US/MPL/2.0/permissive-code-into-mpl/,
itself adapted from the examples discussed by SFLC in this old paper: