** For SPDX Legal WorkStream **

As a means to drive comments/redlines, below please find were we left off in the last SPDX Legal Workstream Call for the following Sections.

Many thanks,

Rockett

***

Proposal: section 5.3 (License(s)) of the spec will become 3 fields:


5.3a Concluded License(s)

5.3a.1 Purpose: This field contains the license concluded as governing the file, if it can be determined. If no license information can be concluded, the license is denoted as "Unknown". The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Concluded License is not one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is concluded in the file, then each should be listed. If any of the concluded licenses offer the recipient a choice of licenses, then each of the choices will be declared as a "disjunctive" license.

5.3a.2 Intent: Here, the intent is to have a uniform method to refer to the license that is concluded to represent the file with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD. If there is a conflict between the Concluded License(s) and Detected License(s) Information, the Concluded License(s) controls, and the rationale for the Concluded License must be recited in the License Comment field.

5.3a.3 Cardinality: Mandatory, one.

5.3a.4 Tag: "LicenseConcluded:"

5.3a.5 RDF: TBD (include Disjunctive form here)

5.3a.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N

5.3a.7 Example:

LicenseAsserted: GPL-2.0



5.3b Detected License(s) Information

5.3b.1 Purpose: This field contains the license information recited in the file, if any. It will be explicit from the file header or other information found in the file's source code. If no license information is found it should be denoted as "NotSpecified". If no license information can be determined, the license is denoted as "Unknown". The licenses should use the standard short form names. See Appendix I for standardized license short forms. If a Detected License Information does not correspond to one of the standardized license short forms, this field must contain a reference to the full licenses text included in this SPDX file in section 4. If more than one license is detected in the file, then each should be listed. If any of the detected licenses offer the recipient a choice of licenses, then each of the choices will be declared as a "disjunctive" license.

5.ba.2 Intent: Here, the intent is to have a uniform method to refer to each license objectively detected with specificity to eliminate any license confusion. For example, the 3 clause BSD would have a different license identifier then the 4 clause BSD.

5.3b.3 Cardinality: Mandatory, one or many.

5.3b.4 Tag: "LicenseDetected:"

5.3b.5 RDF: TBD (not including disjunctive form, if multiple many should be specified )

5.3b.6 Data Format: <short form identifier in Appendix I> | "FullLicense"-N

5.3b.7 Example:

LicenseDetected: GPL-2.0

LicenseDetected: FullLicense-2



5.3c License Comments

5.3c.1 Purpose: This field is a detailed description of the analysis and any relevent background references that went in to arriving at the Concluded License(s) for a file, if the Concluded License(s) does not match the Detected License(s) Information, such rationale must be recited by the reviewer in this field.

5.3c.2 Intent: Here, the intent is to provide technical readers/reviewers with a detailed technical explanation of how the Concluded License(s) was determined if it does not match the Detected License(s) Information.

5.3c.3 Cardinality: Optional, single instance

5.3c.4 Tag: "LicenseComments:"

5.3c.5 RDF: TBD

5.3c.6 Data Format: free form text than can span multiple lines, preceded with <text> and ending with </text>.

5.3c.7 Example: LicenseComments: <text> The Concluded License(s) was taken from the package level that the file was included in. </text>

***