Description
There is a discrepancy in how license expressions are validated based on their complexity. Simple expressions using the WITH operator are validated case-insensitively (allowing lowercase with), whereas complex expressions (using parentheses or multiple operators) require strict uppercase WITH.
This leads to a confusing user experience where MIT with Bison-exception-2.2 passes validation, but the same expression fails when wrapped in a compound statement.
Steps to Reproduce
Simple expression (lowercase 'with'):
printf "GPL-2.0 with Bison-exception-2.2" | ./spdx-validate
# Result: Success (Exit code 0)
Complex Expression (lowercase 'with'):
printf "AFL-1.1 OR (GPL-2.0 with Bison-exception-2.2)" | ./spdx-validate
# line 1: invalid SPDX expression: "AFL-1.1 OR (GPL-2.0 with Bison-exception-2.2)"
# no valid expressions found
Desired Behavior
GPL-2.0 with Bison-exception-2.2 fails as well. According to the spec, "License expression operators (AND, OR and WITH) should be matched in a case-sensitive manner." (Source: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/ D2: Case Sensitivity section).
Description
There is a discrepancy in how license expressions are validated based on their complexity. Simple expressions using the WITH operator are validated case-insensitively (allowing lowercase with), whereas complex expressions (using parentheses or multiple operators) require strict uppercase WITH.
This leads to a confusing user experience where MIT with Bison-exception-2.2 passes validation, but the same expression fails when wrapped in a compound statement.
Steps to Reproduce
Simple expression (lowercase 'with'):
Complex Expression (lowercase 'with'):
Desired Behavior
GPL-2.0 with Bison-exception-2.2fails as well. According to the spec, "License expression operators (AND, OR and WITH) should be matched in a case-sensitive manner." (Source: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/ D2: Case Sensitivity section).