license-list-XML icon indicating copy to clipboard operation
license-list-XML copied to clipboard
verified publisher icon spdx

Documentation for use cases

Open swinslow opened this issue 8 months ago • 4 comments

Based on the 2025-08-28 legal team call: There's a desire to add a new documentation file (e.g. DOCS/use-cases.md or something similar) to more clearly communicate the use cases for the License List.

Starting this issue to collaborate on the text for that documentation...

swinslow avatar Aug 28 '25 17:08 swinslow

Draft outline from call:

  • SBOMs: communicating externally about the licenses applicable to your software distributions; link out to other SPDX documentation / collateral about SBOM use cases beyond the licensing use case
    • Minimizes the need to reproduce the text of all licenses in every SBOM
    • Consider referencing usage by CycloneDX as well => https://cyclonedx.org/use-cases/open-source-licensing/
    • Regulatory references to the SPDX License List - OpenCode German - https://opencode.de/en/knowledge/general-conditions/standardised-open-source-licenses#2.-Open-Source-License-List
  • Mapping between different license identification systems: Common denominator for licenses that are on other lists and tools, e.g. OSI, ScanCode, Metaeffekt, others
  • Identifying licenses “in the wild”: e.g. spdx-license-diff; matching guidelines
  • Internal Policies: e.g. how does a company use this internally as part of their internal policies; automating with SPDX IDs; relationship to SPDX spec and machine-readable nature in general
  • Short-form identifiers in source code: why this is useful for developers (OSS and otherwise), tie into DCO, etc.
    • REUSE project => https://reuse.software/
  • Package manager metadata: . . .

swinslow avatar Aug 28 '25 17:08 swinslow

Couple specific package manager uses:

goneall avatar Aug 28 '25 17:08 goneall

Another use case you can add is the license matching guidelines for determining if 2 different blocks of texts represents the same license.

goneall avatar Aug 28 '25 17:08 goneall

Some fragments:

Recently guides and guidelines have included a dedicated strategy on the use of license identifiers. In general SPDX license identifiers and expressions are the default identification scheme. In case a license is not represented on the SPDX license list specific LicenseRef conventions are proposed. In the fashion License-Ref-- license identifiers from other license identification systems are used. Only in case no system represents a given license a fully custom LicenseRef is required. Compare:

  • https://opencode.de/knowledge/general-conditions/standardised-open-source-licenses#2.-Open-Source-License-List
  • https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03183/BSI-TR-03183-2_v2_1_0.pdf

For insights on other license identifier system see:

  • https://scancode-licensedb.aboutcode.org/
  • https://github.com/org-metaeffekt/metaeffekt-universe
  • https://opensource.org/licenses

karsten-klein avatar Sep 11 '25 15:09 karsten-klein