Rename SPDX-License-Identifier to SPDX-License-Expression?

[wking]

Spun off from the mailing list, the appendix currently presents the values as:

The SPDX License Identifier syntax may consist of a single license (represented by a short identifier from the SPDX license list) or a compound set of licenses (represented by joining together multiple licenses using the license expression syntax).

But license short IDs are license expressions. Picking ABNF rules out of the expression appendix:

license-expression = 1*1(simple-expression / compound-expression)
simple-expression = license-id / license-id"+" / license-ref
license-id = <short form license identifier in Appendix I.1>

So really the value is just a license expression. I think the situation would be less confusing if we renamed the tag to SPDX-License-Expression with a long deprecation period. But I'm not sure if the benefits of that rename outweigh the migration cost, even though you could reliably accomplish the migration in a given codebase with grep and sed.

If we are thinking about migrating the tag, other factors to consider would be:

• Should we provide a way to declare the version of the license expression specification? This would allow parsers to distinguish between “this license expression is broken” and “this license expression uses the v3.0 syntax, but I can only parse the v2.1 syntax”. For example, if we added a PROXY operator (as discussed here and here), a parser could say “I don't understand v3.0 license expressions yet” instead of saying “invalid token: PROXY”.

• Should we provide a way to declare the version of the license list? The license list can shift independently of the expression syntax. For example, some projects have migrated to license list v3.0 identifiers like GPL-3.0-or-later despite the fact that no license expression spec has been cut since SPDX spec v2.1. The set of short IDs and the expression syntax are very weakly coupled when they're coupled at all (more on this in 6).

If we do decide to address both of the above, would we want a tag like:

SPDX-License-3.0-Expression-2.1: Apache-2.0 AND MIT

Or would we want to unpack it into separate tags:

SPDX-License-List-Version: 3.0
SPDX-License-Expression-Version: 2.1
SPDX-License-Expression: Apache-2.0 AND MIT

or some such?

[goneall]

From SPDX tech call 6/5/2018: This would be a long lead time item - concern about backlash from current users. Not something we want to tackle in the short term. Version 3.0 or later.

Proposal to support both formats in an interim period - perhaps several years

[jlovejoy]

for the use case in source files as described in the appendix, I really don't see this changing, especially with all the adoption this has gotten. horse. left. barn.

[jlovejoy]

There have been no further comments here, but I think we have discussed on a call, although I'm not finding any notes on that.

In any case, the use of SPDX-License-Identifier has gotten a lot of adoption and to change this would be unnecessarily disruptive. We have also now documented this "caveat" as compared to other SPDX tags in the last paragraph of Appendix IX here https://spdx.github.io/spdx-spec/appendix-IX-file-tags/