Can this updated to use the newest spdx license version (think its currently 3.21)

Hello!

I'm working on packaging this library to debian as a dependency to another project, and one thing that I need to clarify for the package is whether the vendored "licenses.json" file from SPDX has a different license from the rest of the code.

Judging from #2, the switch to using the json file directly was done in order to remove the need to include the full license for the code building the license list. But the resulting json file on SPDX's website still seems to fall into a license defined by them.

From what I was able to find so far:

• https://spdx.org/Trademark
• https://www.linuxfoundation.org/terms/

If I'm interpreting the information from those two sites forrectly, the file would be licensed under Creative Commons Attribution 3.0 License -- which would require the license attribution mention somewhere in this project.

Did someone in this project already figured all this out with SPDX to make sure the file needs a special attribution?

I've tried asking them already but as of now I've received no feedback: spdx/license-list-XML#986

cheers!

By now there is https://spdx.org/licenses/licenses.json. The spdx-license-list project does not use it yet because they need the full license text, but this project doesn't.

@domcleal So how about not depending on spdx-license-list and use https://spdx.org/licenses/licenses.json directly?

2.0 is in the works, which changes how "+" (or later) licenses are expressed.

http://wiki.spdx.org/view/Legal_Team/Decisions/license_expression_syntax has some information.

It might mean this library has to parse the licence text a little (it probably should already, to support and/or) and validate "GPL-3.0+" as being the "GPL-3.0" licence.