validate license identifier against whitelist

[MartinNowak]

We should provide nicer guidelines for the license field and validate that as well. Whitelist: https://spdx.org/licenses/

Intuitively I'd pick / to separate multiple licenses, but we should look at what is there first. References: https://docs.npmjs.com/files/package.json#license http://guides.rubygems.org/specification-reference/#license= http://doc.crates.io/manifest.html#package-metadata

[AntonMeep]

Also, dub should warn if license is invalid (just like it warns about invalid package name).

I like / too, but adding a new option to dub.json, for example "licenses", which will take an array of license names is also a possibility.

[0xEAB]

I would prefer to use an array for this, too.

Another advantage of dub using the SPDX list would be support of many more licenses. It would even allow to specify a particular PD license (Unlicense, CC0). The only problem I see is that this list contains some inappropriate licenses that should not be used for software (e.g. CC-BY...).

[AntonMeep]

The only problem I see is that this list contains some inappropriate licenses that should not be used for software (e.g. CC-BY...).

Dub package can contain artwork, fonts or music, so those licenses can still be useful in some cases.

[s-ludwig]

The reason why I picked "or" to separate multiple licenses is that a common case is also "and", for example when code with different licenses is mixed withing the same repository. Apparently NPM also does it in a similar way. IMO, there is no point in changing the existing guidelines here. It just makes things more difficult once the semantics start to get checked.