-
There are a few discrepancies in the SPDX headers on files in the bindings:
* gpiod/_internal.py has GPL instead of LGPL like the rest of the files
* tests/tests_line_settings.py has LGPL instead …
-
Hello,
I am getting a warning since the schema does not correctly differentiate between the two options under `licenseChoice`. When filling more than one licenses (see example below), I am getting t…
-
With most packages converted to SPDX, I propose that rpmlint (in F42) should warn when the package use Callaway syntax.
-
## current situation (CDX 1.6):
- it is allowed to have EITHER one spdx license expression OR multiple named/spdx licenses. see [spec](https://cyclonedx.org/docs/1.6/json/#components_items_licenses)
…
-
**What would you like to be added**:
We are using a SPDX "user defined license references" (aka LicenseRef), which are not defined by a standard SPDX license identifier. When we let grant check the…
-
Which means SPDX license expressions, and `LicenseRef-*` for custom licenses, are possible.
Reference:
https://spdx.github.io/spdx-spec/v3.0.1/annexes/spdx-license-expressions/#composite-license-e…
txtsd updated
2 weeks ago
-
## Description
We can only use licenses from [SPDX license list](https://spdx.org/licenses/) in `licenseConcluded` and `licenseDeclared` fields.
For other licenses, we should create new `LicenseRef-…
-
Nuget documentation defines UNLICENSED as a valid license-expression: https://github.com/nuget/home/wiki/packaging-license-within-the-nupkg-(technical-spec)#nugets-license-expression-abnf
dotnet-Cycl…
-
"matching guidelines" text on https://spdx.org/licenses/ still link to v2.3 spec
- https://spdx.github.io/spdx-spec/v2.3/license-matching-guidelines-and-templates/)
May need to ask LF team to upda…
bact updated
17 hours ago
-
**What happened**:
Given a very minimal CycloneDX SBOM as input:
```
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"components": [
{
"type": "library",
"name":…