Hi Richard, Here are some minutes from a previous review mentioning a potential long term solution for non-listed exceptions: https://wiki.spdx.org/view/Legal_Team/Archive/license_expression_syntax
I also recall a discussion on the topic. It has been a while (and my memory is far from perfect), but I recall the conclusion being not to introduces such a construct at the time due to the additional complexity and the assumption that any non-listed exception text would require a similar level of manual review as reviewing the full LicenseRef. Gary > -----Original Message----- > From: Spdx-legal@lists.spdx.org <Spdx-legal@lists.spdx.org> On Behalf Of > Richard Fontana > Sent: Friday, April 24, 2020 2:08 PM > To: spdx-legal@lists.spdx.org > Subject: Re: documentation/examples of License Ref? > > If you have a standard license text (that maps to one of the SPDX license > identifiers) coupled with some additional nonstandardized terms, which are not > captured by anything in the exceptions list (which IIRC are not supposed to > cover supplementary restrictive terms anyway, though I seem to remember a > debate many years ago about that topic), would the only SPDX-sanctioned way > of expressing this be to use a LicenseRef for the whole expression? For > example, suppose you have a project that says it's licensed under GPL version > 2 > along with an attribution-like requirement for web services (this is a real > case I > was pointed to today, see: > https://github.com/drwetter/testssl.sh/blob/3.0.1/Readme.md#license ) > > To represent that in SPDX notation, I assume you wouldn't refer to "GPL-2.0" > unless you prefixed it with a LicenseRef, something like LicenseRef-GPL-2.0- > Web-Services-Attribution > where "GPL-2.0" doesn't particularly have any precise connection to the SPDX > GPL-2.0 identifier, but might have the benefit of communicating to humans > that the license in question here is, in part, textually-intact GPL version 2. > > This is a common enough case, though, that I wonder if there is some value to > having a way of representing it in an SPDX expression that uses the official > SPDX identifier in an official sort of way, not prefixed by LicenseRef. Maybe > you'd have to define a new operator and perhaps SPDX wouldn't want to go > down that road. I assume from reading the spec that LicenseRef can't be used > inside an expression to cover just the identifier that follows the WITH > operator. > > Richard > > On Fri, Apr 17, 2020 at 12:49 PM Steve Winslow > <swins...@linuxfoundation.org> wrote: > > > > Hi Luis, hope you (and others) are staying safe and healthy as well. > > > > Echoing Kyle, "LicenseRef-" is part of the spec syntax and is defined > > in Appendix IV of the spec. [1] In an actual SPDX document, it would > > be defined in a corresponding "Other License" section. [2] > > > > In the v2.2 release of the spec (for which a release candidate was > > circulated > this morning), the spec now explicitly clarifies that LicenseRefs can be used > in > short-form identifiers in source code. [3] REUSE has also implemented this in > their spec and described a mechanism for including the corresponding license > text directly in a repo. > > > > Hope this helps! > > Steve > > > > (links below are to sections of the v2.2 release candidate) > > > > [1] > > https://spdx.github.io/spdx-spec/v2-draft/appendix-IV-SPDX-license-exp > > ressions/ [2] > > https://spdx.github.io/spdx-spec/v2-draft/6-other-licensing-informatio > > n-detected/ [3] > > https://spdx.github.io/spdx-spec/v2-draft/appendix-V-using-SPDX-short- > > identifiers-in-source-files/, scroll to the bottom [4] > https://reuse.software/spec/, search for "LicenseRef" > > > > On Fri, Apr 17, 2020 at 12:39 PM Kyle Mitchell <k...@kemitchell.com> wrote: > >> > >> Luis, > >> > >> `LicenseRef-*` is technically part of the license expression syntax, > >> too. But it mostly comes up in the context of (private, shared) SPDX > >> XML files. I'm not aware of any package managers that leverage it as > >> a way for package authors to express their own license terms. > >> > >> -- > >> Kyle Mitchell, attorney // Oakland // (510) 712 - 0933 > >> > >> > >> > > > > > > -- > > Steve Winslow > > Director of Strategic Programs > > The Linux Foundation > > swins...@linuxfoundation.org > > > > > > -- > Richard Fontana > Senior Commercial Counsel > Red Hat, Inc. > +1 212 689-4350 (mobile) > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2795): https://lists.spdx.org/g/Spdx-legal/message/2795 Mute This Topic: https://lists.spdx.org/mt/73085652/21656 Group Owner: spdx-legal+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
