On Mon, Sep 11, 2017 at 07:04:57PM +0000, Gisi, Mark wrote: > >> With the ‘only’ operator proposal [1], this situation can be > >> represented by ‘CDDL-1.0 only’. > > … Finally this case can be elegantly handled with a LicenseRef…
But you can't define a LicenseRef in sitations (like npm [1]) where the only thing you can set is a license expression and you don't have access to the broader SPDX spec. > That is, the example represents a rare edge case that does not > present a situation that can't be express with today's current > constructs. Therefore it does not represent a good example > (justification) for adding the "only" operator. It's not the only justification. Having an ‘only’ operator also lets you give a very clear license expression (e.g. ‘GPL-2.0 only’) for grants like: This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. which is one of the goals listed in [2]. That's a distinct license expression from ‘GPL-2.0’ for cases like “I found this license text in a separate file, but no clear grant applying it to this project” which is the “GitHub example” that spawned this thread. Although as discussed in this thread, some SPDX authors and tools may feel uncomfortable making a concluded-license call in that case. However, I expect tools like licensee, which only look for stand-alone license files and ignore grant comments [3], will be concluding ‘GPL-2.0’ and similar, and having an explicit ‘only’ operator allows consumers to distinguish those ambiguous conclusions from an explicit ‘GPL-2.0+’ or ‘GPL-2.0 only’. Cheers, Trevor [1]: https://docs.npmjs.com/files/package.json#license [2]: https://wiki.spdx.org/view/Legal_Team/only-operator-proposal#Goals [3]: https://github.com/benbalter/licensee/blob/v9.2.0/docs/what-we-look-at.md#what-about-checking-every-single-file-for-a-copyright-header -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal