On Tue, Nov 21, 2017 at 5:28 PM, Wheeler, David A <dwheeler@...> wrote:
J Lovejoy [mailto:opensource@...]:David,If this is a potential problem once GPL-2.0 is changed to GPL-2.0-only, thenYes indeed, that's my point :-).
Speaking as the author of a fine license detection engine, I think
this is a red herring.
A license detection result can be: "I am 95% sure this is GPL-2.0-only
but it could be GPL-2.0+: please review me to fill in your
So detection does not have to be binary as in either 100% right or
100% wrong. If a tool can only report red or blue binary results,
that's a possibly fine but weak tool.
For instance scancode-toolkit can cope with ambiguity alright and
surface this for review when it cannot come with a definitive
detection answer. Therefore I have no issue whatsoever to implement
Jilyane's comprehensive proposal and I can always output something on
So since this can be done by one tool alright this is NOT an issue for
the SPDX spec to worry about and tools should adjust: that's for tools
implementors to cope with ambiguity, not something to specify here.
Please let's keep this spec simple!