Combining code from different sources in a free or open source
software project requires making sure that the licences of each
component are compatible. As an example, the GNU General Public
Licence version 2 is incompabible with the Apache Licence version 2.
However, GPLv3 is compatible with it.

Checking things manually is tedious and error prone. For the most
common licences compatibilities are pretty clear, and when each
component declares its licences, a program can check the easy cases.

Idea: Write a program that can do "licence arithmetic", by checking if
combinations of licences are OK. The program would be given a "licence
expression" giving the licences of its components, and outputs the
effective licence, or "error", or "unknown".

Use SPDX licence expressions as input and output.
See <https://spdx.org/licenses/> for a list of licence identifiers.
Assume AND and OR operators, and parentheses.

Examples:

* "GPL-2.0-only AND Apache-2" => "error"
  * the licenses are known to be incompatible, so the result is not
    free software; using it may be OK, but the combination is not
    re-distributable
* "GPL-2.0-or-later AND Apache-2" => "GPL-3.0-or-later"
  * version 3 of the GPL is, however, compatible with Apache licence
    version 2, so using the "or later" of the GPL'd component results
    in an effective licence of GPL version 3 or later
* "unknown AND BSD-2-Clause" = "error"
  * a component whose licence is unknown cannot be combined with
    anything; the result may be useable locally, but it's not
    distributable
* "other AND BSD-2-Clause" = "unknown"
  * other means the licence is one that SPDX does not have a symbol
    for; the result is unknown

The program should probably read a data file that explains the known
cases. Something like this:

~~~yaml
rules:
  - expr: GPL-2.0-only AND BSD-2-Clause
    result: GPL-2.0-only

  - expr: GPL-3.0-or-later AND (BSD-2-Clause OR Apache-2)
    result: GPL-3.0-or-later
    
  - expr: GPL-2.0-or-later AND Apache-2
    result: GPL-3.0-or-later

  - expr: GPL-2.0-only AND Apache-2
    result: error
    url: https://url.to.explanation
    explanation: "explanation of why the result"
~~~

The program would extract the SPDX licence expressions of all
components, combine them with OR, and simplify the result, then check
against it against the rules in its data file.

# Consult a lawyer

Software can't give legal advice. It should only be used in entirely
unambiguous cases and even then the result should be checked by a
competent human.