Hi all, sorry for the cryptic subject, but perhaps you can help me.
When doing package analysis with FOSSology or other tools we often find files which contain a license text (e.g. usually the file COPYING contains the text of the GPL) my question is what kind of value has to be provided in the "Concluded License" in the file context? As an example: In the root directory of the package tar version 1.2.7 you find a file COPYING. Content of the file is the text of the GPL-3.0. So the file is obviously licensed under "Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed." Which might end up in a name like (Distribute_No_Modifications) (Btw. Is this license element of the SPDX license list? I think it would be worth to have it since many files are under this license :)). So the "concluded license" element for the file COPYING has the value "Distribute_No_Modifications" in this example and not GPL-3.0, which is quite clear. But what about the following example In the root directory of the package Boost version 1.55 you find a file LICENSE_1_0.txt. Content of the file is the text of the Boost Software License - Version 1.0. But no information is available how the file itself is licensed. So my question is what value to provide in the "concluded license" element for the file? In my opinion it can't be the Boost software license (since there is no hint that the text of the Boost Software License is licensed under the Boost Software license). Do you have an idea? I think it that this is a very common problem and probably was raised already, sorry that I missed the solution. Thanks in advance Oliver
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
