Re: A proposal for SPDX Private License Identifiers. Example: .com.amazon.-.ASL-2.0


Philippe Ombredanne
 

Hi Mark:

On Mon, Feb 4, 2019 at 9:57 PM Mark Atwood wrote:
Just following up, does anyone have any comments or suggestions for my
proposal for SPDX Private License Identifiers?
We surely could use a way to have namespaces of sorts for extra, non
SPDX-listed license identifiers. This is something that I could use
alright for ScanCode where we track roughly an extra 1000 licenses and
exceptions more than in the SPDX list (ScanCode has 1456 licenses and
exceptions and there are 415 in the SPDX list)

ScanCode handles this today by returning a well defined LicenseRef-xxx
in SPDX documents for non SPDX-listed licenses . And a recent
contribution by Tobias Furuholm created a "namespace"-like convention
to use this for ids for such licenses:

License-Ref-scancode-<scancode license key>

The project guarantees the <scancode license key> to be stable
overtime (e.g. they can be deprecated if needed but never deleted) .
See https://github.com/nexB/scancode-toolkit/issues/532 for some discussions

SPDX-License-Identifier: .com.amazon.-.ASL-2.0
https://aws.amazon.com/doc/ASL-2.0
[...]
In a SPDX-License-identifier declaration, a Private License Identifier can
optionally be followed by a URI pointing to the canonical license text.
This URI should be under the control of the entity that controls the DNS
namespace of the Private License Identifier.
SPDX-License-Identifier is not declaring an id, but instead using ids
in an expression so I think this would break the license expression
syntax may be? Otherwise how would express something such as:
my-private-license1 AND my-private-license2

As a recap I think that:
1. having some kind of namespacing is a great idea
2. I find reverse DNS and dots hard to read and I would likely make
many typos when writing/typing these down.
3. an SPDX-License-identifier is a whole expression so changes should
not break license expressions.
4. it might be clearer to distinguish naming (giving an id) and
documenting that id separately (providing extra information about this
id such as at a URL to a text or other data) and not try to put them
all in one place.
5. LicenseRef (and possibly some specified or conventional way to
structure them) may be a way to consider
--
Cordially
Philippe

Join Spdx-legal@lists.spdx.org to automatically receive all group messages.