spdx-spec icon indicating copy to clipboard operation
spdx-spec copied to clipboard

Published 20 hours ago verified publisher icon spdx

Add `PROPRIETARY` to the license expression syntax

Open AldoMX opened this issue 2 years ago • 5 comments

I created this ticket in order to keep the discussion in #49 focused to NONE and move the discussion about PROPRIETARY here.

With the current status quo it is not possible to express a dual license like GPL-2.0 OR PROPRIETARY, which is a common practice in the industry.

There have been workarounds by users of SPDX, like adding UNLICENSED in npm.

But even the UNLICENSED workaround does not consider the dual license case.

AldoMX avatar Nov 17 '22 12:11 AldoMX

Welcome, @AldoMX!

ping for @swinslow and @jlovejoy (the SPDX Legal Team leads).

seabass-labrax avatar Nov 17 '22 17:11 seabass-labrax

Hi @AldoMX, thanks for asking this separately from the discussion about NONE in the other issue.

There is no single definition of what a "proprietary" license is or is not, so a general "PROPRIETARY" identifier defined in the license expression syntax would not be appropriate.

For licenses not on the SPDX license list, the appropriate way to identify them is with a LicenseRef- prefix for a custom license. See https://spdx.github.io/spdx-spec/other-licensing-information-detected/ and https://spdx.github.io/spdx-spec/SPDX-license-expressions/ for more details.

If downstream consumers of the SPDX license list such as npm have added their own non-compliant identifiers such as UNLICENSED, that's on them, and I suppose they're welcome to do the same thing for PROPRIETARY if they choose for their own ecosystem. But I wouldn't be in favor of incorporating this into the SPDX license expression syntax.

swinslow avatar Nov 17 '22 19:11 swinslow

I think part of the idea for PROPRIETARY is that it should be used when an organization is not willing to provide any text for a possible license they may offer for the software in question, because the terms of that license would be determined through direct negotiation. So a LicenseRef- prefix for a custom license would be of minimal value because the custom license would likely say something along the lines of "contact us for license terms" anyway.

alilleybrinker avatar Nov 17 '22 22:11 alilleybrinker

I'd like to +1 this issue. It would be nice to have a way, especially for internally owned components that aren't licensed, to assert that no license exists for this component and that's expected.

chalbersma avatar Aug 15 '23 16:08 chalbersma

FWIW, I raised this issue here: https://github.com/spdx/license-list-XML/issues/1856 and it was ultimately rejected.

rnjudge avatar Aug 15 '23 16:08 rnjudge

Given discussion in https://github.com/spdx/license-list-XML/issues/1856, I'm going to mark this as closed.

swinslow avatar Apr 04 '24 20:04 swinslow