Re: License namespaces
Thanks, Steve, for raising awareness!
Unfortunately, I will not be able to join the Legal Team call this week (public holiday here in Germany), but I can participate in asynchronous discussions via email or on GitHub.
From: Spdx-legal@... <Spdx-legal@...> On Behalf Of Steve Winslow
Sent: Saturday, 21 May, 2022 16:32
Subject: License namespaces
Hello spdx-legal team (cc spdx-tech team),
Some of you may recall the conversations in 2019 and 2020 around the idea of adding a "license namespace" concept to the SPDX spec. This was intended to be a mechanism to leverage the existing LicenseRef- syntax for custom license definitions in SPDX Documents, and was discussed for the SPDX 2.2 spec but wasn't included at the time.
The idea would be that certain formats of LicenseRef- IDs would be given an additional semantic meaning. Specifically, that a second hyphen or a period immediately following `LicenseRef-` would indicate that a license namespace is being used, which would tie that LicenseRef- ID to a license defined in a separate SPDX Document at a web-accessible location. E.g., `LicenseRef-.example.com.-EULA-v3.1` and `LicenseRef--ExampleCorp--EULA-v3.1` would be two different ways to refer to a `EULA-v3.1` license defined by example.com or ExampleCorp in an SPDX Document hosted on ExampleCorp's website.
I'm mentioning this because Alexios has graciously resurrected this for SPDX 2.3 (thank you Alexios!) I would encourage anyone who is interested, or who has thoughts or input on this, to review issue 681 at https://github.com/spdx/spdx-spec/pull/681 in the next couple of days and weigh in with any feedback (I need to do this as well).
My understanding is that the tech team plans to move forward with merging this shortly in order to get it in for the upcoming 2.3 spec release, so if you want to weigh in with feedback, now's the time.
Intel Deutschland GmbH