Wheeler>Careful there. SPDX cannot possibly replace a lawyer or a court
I'm sure that is obvious. That sentence is included in all the "license-related software", and that statement does not invalidate attempts of making license-information machine-readable. Can we just stop discussing lawyers and courts here? I fully understand that SPDX is useless, and the only viable option to analyze licenses is to ask a lawyer. However I still want to get basic machine-processing. For instance, machine can tell me like: "Hey, Vlad, it looks like you are using GPL dependency in a MIT project, and that is not typically allowed". Ok? Wheeler>So SPDX shouldn’t be trying to determine “these licenses are compatible” – it should just be recording “here are the licenses in use in this product”. What is the purpose of having SPDX then? It looks like you say that "license.txt is enough". I don't agree then. For instance, if SPDX-declared licenses can be automatically arranged/sorted/classified, then it would simplify human analysis and flag potential violations earlier. Of course, human would still have to process all the items, however the machine could suggest to look at the most promising (incompatible/unknown) cases first. Wheeler>Versions are compared using “natural sort order”, an ordering of strings in alphabetical order, except that multi-digit numbers are ordered as a single number and compared as numbers. E.g., the following is sorted using natural sort: “2.1, 2.2, 2.3, 2.20, 3.0”. How about Artistic-1.0 vs Artistic-1.0-cl8 vs Artistic-1.0-Perl vs Artistic-2.0? How about LPPL-1.0 vs LPPL-1.2 vs LPPL-1.3a vs LPPL-1.3c? Once I thought declaring "license version" in SPDX standard might be a good idea, however I don't think so anymore. I'm inclined that "later versions" should better be manually curated. At the end of the day, the number of licenses is very low, and we can just list all the relevant relations and that is it. 1) Version numbers sometimes include letters (e.g. 1.0-cl8), and I don't think a general rule can be invented around that. Unfortunately, SPDX can't influence license authors, so SPDX could easily face a license with insane "version". 2) Certain licenses (e.g. CC-BY-SA 2.0) explicitly allow use of later versions. In other words, even if software is declared as 2.0, later versions of the license can still be used. At the present time it would include 2.0, 2.5, 3.0, and 4.0. "Natural comparison" won't be able to express that. On the other hand, hard-coding that equivalence is trivial. Vladimir -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3728): https://lists.spdx.org/g/Spdx-tech/message/3728 Mute This Topic: https://lists.spdx.org/mt/32049933/21656 Group Owner: spdx-tech+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
