On Thu, Oct 12, 2017 at 06:21:05PM +0000, Wheeler, David A wrote:
> The section you want to consult is SPDX specification version 2.1,
> Appendix IV ("SPDX License Expressions"):
> https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60
>
> Subsection "Composite License Expressions" says:
> "More expressive composite license expressions can be constructed
> using "OR", "AND", and "WITH" operators similar to constructing
> mathematical expressions using arithmetic operators. For the
> Tag:value format, any license expression that consists of more than
> one license identifier and/or LicenseRef, should be encapsulated by
> parentheses: "( )". This has been specified to facilitate expression
> parsing. Nested parentheses can also be used to specify an order of
> precedence which is discussed in more detail in subsection (4)."
>
> So the spec recommends using parentheses when there are multiple
> license identifiers. Again, this is only a SHOULD, not a MUST. I
> view this as a stylistic recommendation.Hmm, I'd read that differently, based on: SPDX-License-Identifier: (GPL-2.0 OR MIT) and similar examples in [1]. The Appendix V wording for that is: Representing Multiple Licenses Multiple licenses can be represented using a SPDX license expression as defined in Appendix IV. A set of licenses must be enclosed in parentheses (this is a convention for SPDX expressions). which is a strange combination of “must” and “convention”. But it sounded to me like a requirement for parens around the whole license expression, and not a suggestion for additional parens within the license expression. In [2], I tried to express that with the ‘enclosed-license-expression’ rule [3] and its explanatory paragraph [4]. With that SPDX-License-Identifier background, I'd read the wording as recommending: Whatever-A: (EPL-2.0 OR LicenseRef-GPL-2.0-with-Assembly-exception OR GPL-2.0 WITH Classpath-exception-2.0 OR Apache-2.0) Grudgingly accepting the unenclosed ‘OR Apache-2.0’ in: Whatever-B: (EPL-2.0 OR (LicenseRef-GPL-2.0-with-Assembly-exception OR GPL-2.0 WITH Classpath-exception-2.0)) OR Apache-2.0 as long as ‘Whatever-B’ wasn't ‘SPDX-License-Identifier’. And not distinguishing at all between Whatever-A and: Whatever-C: ((EPL-2.0 OR (LicenseRef-GPL-2.0-with-Assembly-exception OR GPL-2.0 WITH Classpath-exception-2.0)) OR Apache-2.0) Cheers, Trevor [1]: https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b Appendix V: Using SPDX short identifiers in Source Files [2]: https://github.com/spdx/spdx-spec/pull/37 Subject: appendix-IV: Refactor the license expression appendix [3]: https://github.com/spdx/spdx-spec/pull/37/files#diff-f006efd0d473205cd5b1f2fee088e3f1R27 [4]: https://github.com/spdx/spdx-spec/pull/37/files#diff-f006efd0d473205cd5b1f2fee088e3f1R36 -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
