+1 on Kate’s recommendation. This format will be properly parsed by the SPDX
Tools parsers (the 3 parsers I am aware of) and I believe represents the intent
behind the AND operator.
Gary
From: Spdx-legal@lists.spdx.org On Behalf Of Kate
Stewart
Sent: Thursday, December 12, 2019 8:49
> On Dec 12, 2019, at 9:48 AM, Kate Stewart
> wrote:
>
> Hi Richard,
> I suspect the others will comment as well, but
> I would hope to see
> "SPDX-License-Identifier: MPL-2.0 AND Apache-2.0"
> as a summary.
Agree. And also agree with Richard’s comment about avoiding legal
Hi Richard,
I suspect the others will comment as well, but
I would hope to see
"SPDX-License-Identifier: MPL-2.0 AND Apache-2.0"
as a summary.
The second approach may become ambiguous to scanners
as they may try to treat it as an "OR", and I believe that
"AND" is truer to the intention
Suppose you're dealing with the following source file legal notice
(example taken from
https://www.mozilla.org/en-US/MPL/2.0/permissive-code-into-mpl/,
itself adapted from the examples discussed by SFLC in this old paper: