Use SPDX License Expressions to expose a package's licenses
Problem
Historically, distros use their own language to serialize a list of licenses for a certain package. Designing a format or a language not only poses a design problem, but also potentially poses an interpretation problem.
Let's say we chose to use a simple list of SPDX identifiers for a package's licenses. Considering Rust, we would write:
- MIT
- Apache-2.0
How do the MIT and Apache licenses interact in the Rust repository? Are they tied together? Can a user choose either of them when shipping Rust? As clarified in the COPYRIGHT file, one can choose. This intention cannot be represented by a simple list.
Solution
SPDX License Expressions solve this exact problem, as they offer a ready-to-use language to unequivocally expose license compliance. Considering the aforementioned Rust case, we'd have:
- MIT OR Apache-2.0
We must still use a list, as a project may be licensing different portions under different licenses. Suppose Rust had a manual section licensed under Creative Commons:
- MIT OR Apache-2.0
- CC-BY-4.0