Re: A proposal for SPDX Private License Identifiers. Example: .com.amazon.-.ASL-2.0
On Mon, Feb 4, 2019 at 9:57 PM Mark Atwood wrote:
Just following up, does anyone have any comments or suggestions for myWe surely could use a way to have namespaces of sorts for extra, non
SPDX-listed license identifiers. This is something that I could use
alright for ScanCode where we track roughly an extra 1000 licenses and
exceptions more than in the SPDX list (ScanCode has 1456 licenses and
exceptions and there are 415 in the SPDX list)
ScanCode handles this today by returning a well defined LicenseRef-xxx
in SPDX documents for non SPDX-listed licenses . And a recent
contribution by Tobias Furuholm created a "namespace"-like convention
to use this for ids for such licenses:
License-Ref-scancode-<scancode license key>
The project guarantees the <scancode license key> to be stable
overtime (e.g. they can be deprecated if needed but never deleted) .
See https://github.com/nexB/scancode-toolkit/issues/532 for some discussions
In a SPDX-License-identifier declaration, a Private License Identifier canSPDX-License-Identifier is not declaring an id, but instead using ids
in an expression so I think this would break the license expression
syntax may be? Otherwise how would express something such as:
my-private-license1 AND my-private-license2
As a recap I think that:
1. having some kind of namespacing is a great idea
2. I find reverse DNS and dots hard to read and I would likely make
many typos when writing/typing these down.
3. an SPDX-License-identifier is a whole expression so changes should
not break license expressions.
4. it might be clearer to distinguish naming (giving an id) and
documenting that id separately (providing extra information about this
id such as at a URL to a text or other data) and not try to put them
all in one place.
5. LicenseRef (and possibly some specified or conventional way to
structure them) may be a way to consider