RFC: Display and use SPDX licenses ids throughout

[pombredanne]

As SBOMs start to get some adoption, we should consider using SPDX license identifiers for display and reporting throughout the AboutCode stack and demote our own license keys as secondary.

• DejaCode: Use SPDX license ids first, everywhere
• ScanCode.io: Use SPDX license ids first, everywhere
• PurlDB: Use SPDX license ids first, everywhere
• ScanCode Toolkit: Use SPDX license ids first, everywhere
• inspectors: Use SPDX license ids first, everywhere

[DennisClark]

This proposed enhancement is a rather major fundamental change. For DejaCode, perhaps an alternative, less invasive, approach would be to provide flyover/tool-tip SPDX license ids everywhere that we display a DejaCode/SCTK license id. We can try that approach in all the places where we have a UI, and figure out something for SCTK and the Inspectors.

[mjherzog]

I am concerned about the high verbosity of license expressions with frequent repetition of Licenseref-Scancode. Perhaps this should be some user or dataspace display option.

[DennisClark]

Please note that the LicenseRef-scancode* licenses are generally the least commonly used ones.

[pombredanne]

I am concerned about the high verbosity of license expressions with frequent repetition of Licenseref-Scancode. Perhaps this should be some user or dataspace display option.

@mjherzog you have a point, and we could devise a way to shorten them, but as @DennisClark pointed out these are less common.