>> But you can't define a LicenseRef in sitations (like npm [1]) where the only >> thing you can set is a license expression and you don't have access to the >> broader >> SPDX spec. >> [1]: https://docs.npmjs.com/files/package.json#license
This is not a problem with the license expression language. It is a problem with the SPDX identifier mechanism. LicenseRefs are SPDX's cornerstone way of handling the many many non-standard license notices found every day in source code. In the above example you don't need an "only" operator you need a way to include LicenseRefs when using SPDX identifiers. LicenseRefs are so important that they need to be addressed in the SPDX identifier mechanism independent of your situation. - Mark -----Original Message----- From: W. Trevor King [mailto:wk...@tremily.us] Sent: Monday, September 11, 2017 12:18 PM To: Gisi, Mark Cc: J Lovejoy; Marc Jones; SPDX-legal Subject: Re: GPLv2 - Github example On Mon, Sep 11, 2017 at 07:04:57PM +0000, Gisi, Mark wrote: > >> With the ‘only’ operator proposal [1], this situation can be > >> represented by ‘CDDL-1.0 only’. > > … Finally this case can be elegantly handled with a LicenseRef… But you can't define a LicenseRef in sitations (like npm [1]) where the only thing you can set is a license expression and you don't have access to the broader SPDX spec. > That is, the example represents a rare edge case that does not present > a situation that can't be express with today's current constructs. > Therefore it does not represent a good example > (justification) for adding the "only" operator. It's not the only justification. Having an ‘only’ operator also lets you give a very clear license expression (e.g. ‘GPL-2.0 only’) for grants like: This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. which is one of the goals listed in [2]. That's a distinct license expression from ‘GPL-2.0’ for cases like “I found this license text in a separate file, but no clear grant applying it to this project” which is the “GitHub example” that spawned this thread. Although as discussed in this thread, some SPDX authors and tools may feel uncomfortable making a concluded-license call in that case. However, I expect tools like licensee, which only look for stand-alone license files and ignore grant comments [3], will be concluding ‘GPL-2.0’ and similar, and having an explicit ‘only’ operator allows consumers to distinguish those ambiguous conclusions from an explicit ‘GPL-2.0+’ or ‘GPL-2.0 only’. Cheers, Trevor [1]: https://docs.npmjs.com/files/package.json#license [2]: https://wiki.spdx.org/view/Legal_Team/only-operator-proposal#Goals [3]: https://github.com/benbalter/licensee/blob/v9.2.0/docs/what-we-look-at.md#what-about-checking-every-single-file-for-a-copyright-header -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
