License namespaces

Steve Winslow

Hello spdx-legal team (cc spdx-tech team),

Some of you may recall the conversations in 2019 and 2020 around the idea of adding a "license namespace" concept to the SPDX spec. This was intended to be a mechanism to leverage the existing LicenseRef- syntax for custom license definitions in SPDX Documents, and was discussed for the SPDX 2.2 spec but wasn't included at the time.

The idea would be that certain formats of LicenseRef- IDs would be given an additional semantic meaning. Specifically, that a second hyphen or a period immediately following `LicenseRef-` would indicate that a license namespace is being used, which would tie that LicenseRef- ID to a license defined in a separate SPDX Document at a web-accessible location. E.g., `` and `LicenseRef--ExampleCorp--EULA-v3.1` would be two different ways to refer to a `EULA-v3.1` license defined by or ExampleCorp in an SPDX Document hosted on ExampleCorp's website.

I'm mentioning this because Alexios has graciously resurrected this for SPDX 2.3 (thank you Alexios!)  I would encourage anyone who is interested, or who has thoughts or input on this, to review issue 681 at in the next couple of days and weigh in with any feedback (I need to do this as well).

My understanding is that the tech team plans to move forward with merging this shortly in order to get it in for the upcoming 2.3 spec release, so if you want to weigh in with feedback, now's the time.


Join to automatically receive all group messages.