Should license detection also return SPDX license expressions?

[pombredanne]

Today we have this:

• when the output is SPDX, we return proper SPDX license expressions using SPDX license ids
• otherwise (JSON, etc) we return
  • license expressions using ScanCode own license keys
  • a list licenses and for these that are known at SPDX the corresponding SPDX license key

In this later case I wonder if it could be useful to also return license expressions using SPDX license ids.
This would be eventually a new option and would be returned under its own file-level attribute.
This could also possibly apply to a companion to the license_expression returned with packages for a package manifest. Now, of the 1301 licenses that scancode knows, only 375 are referenced at SPDX, therefore there will be quite a few "LicenseRef" in this case. See #532 for this issue and #532 (comment) in particular.

@sschuberth @mjherzog @DennisClark @armijnhemel Any feedback?

[sschuberth]

Maybe @mnonnenmacher also has an opinion about this as we were just today discussing this in some other context.

[armijnhemel]

it makes sense to me. What I would love to see is the version of the SPDX standard that is used, so I don't have to guess :-)

[pombredanne]

@armijnhemel good point! We can set the version of the SPDX license list in the scan headers.

[pombredanne]

Maybe @mnonnenmacher also has an opinion about this as we were just today discussing this in some other context.

@mnonnenmacher ping?

[pombredanne]

This is going to be useful for ClearlyDefined and @dabutvin ... so this is going into 3.1 alright at the minimum.