Re: A suggestion to use Relationships for the licence variants use-case


Sebastian Crane
 

Dear Ria,

LEGALLY-EQUIVALENT-TO bothers me since "the producer of the SPDX
document containing such a Relationship has made the claim that they
believe the two to be legally equivalent" - if I understand that these
tags are being assigned by the vendor, do I trust their legal
determination?
Indeed, LEGALLY_EQUIVALENT_TO would express a legal interpretation made
by the SPDX document productor (which could be the vendor of the
software or a third party). Whether or not this is to be trusted is up
to the consumer of the SPDX data, in the same way as with the existing
'License Concluded' field in SPDX 2.2.2:

https://spdx.github.io/spdx-spec/package-information/#713-concluded-license-field

MATCHES_LICENSE also bothers me because it feels so binary. But I may
be nitpicking there. I would be more inclined to SIMILAR_LICENSE.
I'm perfectly comfortable with using another name, although I would like
to clarify: I was intending this to be matching in the sense of the SPDX
Matching Guidelines (Annex B in SPDX 2.2.2). If I recall correctly, the
Matching Guidelines don't specify anything other than 'yes, the same
license' or 'no, a different license'.

Thank you for taking a look at this; please let me know if I
missed/misunderstood anything in your response :)

Best wishes,

Sebastian

Join Spdx-legal@lists.spdx.org to automatically receive all group messages.