Re: License Identification

David Kemp

Using different technical mechanisms to identify source-available licenses and other licenses is not efficient, and we strongly support the use of a single technical mechanism (a deconflicted unified license identifier list) for use in SBOM files.
I interpret this as meaning you support the concept of having a more “transferable” way to use LicenseRef- as per the original intent of the proposal - that is, a license defined using LicenseRef- is not “limited” to just being identified in that specific SPDX Document. Note, there is also already a way to capture license text for LicenseRef- licenses and link it - this is part of an earlier call and there is a task to improve the explanation of this in the spec because no one was really aware (see previous meeting notes about that)

No, you are mistaken.  I am not looking for a way to use LicenseRef-, because LicenseRef- uses "a different technical mechanism" for different licenses.  Instead of jumping to the technical solution of using LicenseRef, I am looking at the problem LicenseRef- was created to solve and observing that there is a simpler alternative that applies to all licenses registered by a license registration authority.  License registration authorities, of which the SPDX legal team is one, assign license IDs to license texts using processes of their own choosing. The single technical requirement is trivial: IDs cannot be duplicated or re-used - once an ID has been assigned to a text by an authority, the same ID cannot be assigned to a different text.

David Kemp

(now subscribed to spdx-legal)

Join to automatically receive all group messages.