Re: [spdx] Specific SPDX identifier question I didn't see addressed in the specification

J Lovejoy

Hi McCoy!

I’m moving the SPDX-general list to BCC and replying to SPDX-legal as that is the right place for this discussion.

Where is this question coming up in terms of context? That is, are you thinking in the context of an SPDX document and capturing  the licensing info for a file that is under MIT originally but then redistributed under BSD-2-Clause? Or are you thinking in the context of using an SPDX license identifiers in the source files?


On Jul 1, 2022, at 12:01 PM, McCoy Smith <mccoy@...> wrote:

I didn’t see this particular topic addressed in the specification (although I’m happy to be correcedt if I missed it), so I thought I’d post and see whether there is a solution that’s commonly used, or if there’s room for a new identifier.
Virtually all so-called “permissive” licenses permit the recipient of code to license out under different terms, as long as all the requirements of the in-bound license are met. In almost all of these permissive licenses those requirement boil down to:
  1. Preserve all existing IP notices (or in some cases, just copyright notices)
  2. Provide a copy of the license (or something to that effect: retaining “this permission notice” (ICU/Unicode/MIT)  or “this list of conditions” (BSD) or providing “a copy of this License” (Apache 2.0))
The rules around element 1 and SPDX are well-described.
With regard to element 2, a fully-compliant but informative notice when there is a change from the in-bound to the out-bound license would look something like this (with the square bracketed part being an example of a way to say this):
SPDX-License-Identifier: MIT
[This file/package/project contains code originally licensed under:]
SPDX-License-Identifier: BSD-2-Clause
The point being to express that the outbound license is MIT, but in order to fully comply with the requirements of BSD-2-Clause, one must retain “ this list of conditions and the following disclaimer” which including a copy of BSD-2-Clause accomplishes. Without the square bracketed statement above, it seems confusing as to what the license is (or whether, for example, the code is dual-licensed MIT AND BSD-2-Clause.

One way to do this I suppose is to use the LicenseComment: field to include this information, but it seems to me that this is enough of a common situation that there ought to be something more specific to address this situation.
Thoughts? Am I missing something?

Join to automatically receive all group messages.