Re: SPDX license question

J Lovejoy

Hi Michael, Bob,

Apologies for the delayed response here, this got a bit buried in the old Inbox.

I had a look at the table in the link Michael provided.  For ease of reference, I cut and pasted your table in a spreadsheet and added a column with my notes on what the proper SPDX license expression would be, using the SPDX license identifiers and expression syntax.  If there was not a direct link to the project named, I put a link to what I think was intended and then provided the SPDX license expression.  

As far as mapping this onto the greater SPDX specification fields, I’d expect to see these license expressions in 3.14 Declared License (for the package) or 4.6 License Information in File (for the file) or both, as applicable.  The Concluded License field (3.12 and 4.5 for package and file level, respectively) would be used by the SPDX document creator to indicate, for example, which license in a disjunctive choice they choose to use.

Does that help?

I got a little lost with the rest of your email below about full text matching, etc. so let me know if this doesn’t answer all of your questions!

As for Bob’s question as to what kind of licenses are accepted on the list - so long as they are open source, we’ll consider them.  The guidelines for how to request a license is here:  If you want to submit multiple licenses at once, feel free to put it into a spreadsheet format and submit that way (instead of individual emails) or even a Google doc with a link, etc.


SPDX Legal Team co-lead

On Aug 11, 2015, at 5:54 AM, Jaeger, Michael C. <michael.c.jaeger@...> wrote:

   I am sorry it took so much time to pick this thread below up. I am still not sure I got the idea for the problem with Fossology …
In the spec (SPDX-2.0-Appendix-IV): using operands for expressing dual license statements. As a consequence, the Gephi license statement would / should result in a lic conclusion (or maybe also in a extracted license text):
  GPL-3.0 OR CDDL-1.0
We have an issue when implementing a full a text matcher, begin capable of matching reference license texts. Full text matching can yield some confidence when scanning texts with the goal to avoid (or reduce) manual inspection. Our goal is to do as much auto conclusion as possible. Accordingly, we are considering this and 17 other texts to the fossology license text db (see link below).
If we have such reference texts in the application, they need identification: internally, but also to the user in the UI. With the SPDX 2.0 proposed syntax (referring to the appendix IV again) I have a problem:
There could  be multiple reference texts targeting the same license-or-combination, for example, several text variants pointing to MIT and GPL-2.0 -> not nice in the application to do things like “MIT OR GPL-2 variant 01”, ““MIT OR GPL-2 variant 02” …
In addition, this syntax is referring to two text entities. in the application handling it seems odd to have such meta entries given the fact that we have text associated with a finding.
Our goal is to be “SPDX license list compliant” when setting license ids when adding reference texts to the database, but apparently for defining ids for such reference license texts we need to diverge from this?
I am not sure, I am seeing a good solution that can be implemented in the application - what would be consistent way for reference texts?
Admitted that I may be too much on the Fossology database model side.
Kind regards, Michael
From: Gobeille, Robert [mailto:bob.gobeille@...] 
Sent: Mittwoch, 22. Juli 2015 22:59
To: J Lovejoy
Cc: Kate Stewart; SPDX-legal; Jaeger, Michael C.
Subject: Re: SPDX license question
Hi Jilayne,
We are discussing this in one of our issues:
Michael (cc’d) has added a table of new licenses we are considering.  One issue for us is that we report all licenses by a name (short form identifier).  A “LicenseRef-“ doesn’t have any meaning to us, but we are trying to be as compatible to SPDX as possible.
The page on requesting a new license ( doesn’t tell us what types of licenses you will accept (other than they have to be open source).  Somehow I suspect it won’t be fruitful if we submitted all the licenses we have that are currently not in SPDX.  We have 759 licenses last I looked.   I think SPDX list is 301 + exceptions.
Bob Gobeille
On Jul 16, 2015, at 4:17 PM, J Lovejoy <opensource@...> wrote:
Hi Bob,
Thanks for asking!  My additional comments to Kate’s also below:
On Jul 16, 2015, at 5:33 AM, Kate Stewart <kstewart@...> wrote:
Hi Bob,
     Comments inline...
On Wed, Jul 15, 2015 at 4:54 PM, Gobeille, Robert <bob.gobeille@...> wrote:
We (FOSSology project) are having a discussion about how to name dual licenses.  What is the SPDX policy on naming dual licenses?  Here are some examples:

1.  The Asterisk license is GPL-2.0 with exceptions: 
To me, I would call this an Asterisk license because of the number of specific permission granted.
This could be handled either as an explicit exception (add to exception list)  or as a new license
being added to the main list.    Legal team is probably best ones to make the judgement though
as to which way makes most sense. 
This should definitely be handled as a new exception added to the exception list; if you think this is something SPDX should have on its list, please have a look at information needed to request a new license and let the legal list know if you want to request it be added.  In which case, it would be expressed as: GPL-2.0 WITH Asterisk-exception (or whatever the exception ends up being called.)
As per SPDX 2.0, this license would currently be expressed as a Lic-Ref (section 5 of the spec), as we don’t currently have a way to represent a valid license identifier (e.g., “GPL-2.0”) with an exception not on our list.  This is functionality we discussed adding in a future version (e.g., a Lic-Ref equivalent for exceptions), but it remains to be seen when that will get added.
I would strongly urge against adding this as a new license in whole.  Now that we have the license expression syntax for exception (“WITH”), and have moved all such exceptions to their own list, we ought to be consistent in that going forward. :)


2. Gephi License
This is just a dual GPL-3.0, CDDL license.  So in FOSSology, I would call it "Dual GPL-3.0 - CDDL” and some others would call it “Dual Gephi License”.  We have several examples like this where the license is a straight dual license.  To me, “Dual GPL-3.0-CDDL” is more helpful than “Gephi License”.  If you name all these licenses by the project then you have to become familiar with them all (the ultimate in license proliferation).
This is a nice illustration of why the license expressions syntax was created. ;-)
"GPL-3.0 OR CDDL-1.0"  I think is the license expression that should be used. 
see: Appendix IV: SPDX License Expressions in SPDX-2.0 for more details on the
Assuming when you say “dual” you mean it’s a choice between GPL-3.0 and CDDL-x.y, then Kate is correct, that “OR” would be the correct license syntax.  Again, it would be preferably for any disjunctive or conjunctive license situations to use the short identifiers and the license expression syntax (“OR” or “AND”) rather than calling it a whole new license name.  

Hope this helps,

—— Gephi notice follows  ----
Copyright 2008-2010 Gephi
Authors : Mathieu Bastian <mathieu.bastian@...>
Website :
This file is part of Gephi.
Copyright 2011 Gephi Consortium. All rights reserved.
The contents of this file are subject to the terms of either the GNU
General Public License Version 3 only ("GPL") or the Common
Development and Distribution License("CDDL") (collectively, the
"License"). You may not use this file except in compliance with the
License. You can obtain a copy of the License at
or /cddl-1.0.txt and /gpl-3.0.txt. See the License for the
specific language governing permissions and limitations under the
License. When distributing the software, include this License Header
Notice in each file and include the License files at
/cddl-1.0.txt and /gpl-3.0.txt. If applicable, add the following below the
License Header, with the fields enclosed by brackets [] replaced by
your own identifying information:
"Portions Copyrighted [year] [name of copyright owner]"
If you wish your version of this file to be governed by only the CDDL
or only the GPL Version 3, indicate your decision by adding
"[Contributor] elects to include this software in this distribution
under the [CDDL or GPL Version 3] license." If you do not indicate a
single choice of license, a recipient has the option to distribute
your version of this file under either the CDDL, the GPL Version 3 or
to extend the choice of license to its licensees as provided above.
However, if you add GPL Version 3 code and therefore, elected the GPL
Version 3 license, then the option applies only if the new code is
made subject to such option by the copyright holder.
Portions Copyrighted 2011 Gephi Consortium.

Bob Gobeille

Spdx-legal mailing list

Join to automatically receive all group messages.