-
As suggested by @goneall, I would like to propose a new SPDX profile for the 3.0 spec. At [REUSE](https://reuse.software) we're looking for a more flexible and human-editable solution to deprecate our…
-
Just a request to tag each source file with the correct SPDX-License-Identifier.
Example
```
/* SPDX-License-Identifier: LGPL-2.1-or-later */
```
-
Each package / package version should have a `license` field. This field should be a SPDX ID of a license.
This license should be visible via the API and UI, and could be useful for auditing purpos…
-
FORD currently has its own metadata field for specifying the license on a file. However, it should also be able to parse the standard [`SPDX-License-Identifier`](https://spdx.dev/ids/) and provide a l…
-
Hi,
I have been browsing the official 2.3 spec and I cannot find a comprehensive description of the property `hasExtractedLicensingInfos` and the best practices on how to use it.
It seems to thr…
-
### Is your feature request related to a problem? Please describe.
Specifying license and copyright in source files in always an interesting challenge, more so if you want to consume that informa…
-
Reuse 4.0.2 takes 8 seconds to start without any parameters, just to show help. Reuse 3.0.2 takes 0.2 second.
This is caused by scanning for `REUSE.toml` in all subdirectories:
https://github.co…
nijel updated
2 months ago
-
**Describe the bug**
When ingesting some SBOMs we sometimes encounter the error:
```
{"level":"error","ts":1726087820.935968,"caller":"collector/collector.go:108","msg":"emit error: unable to i…
-
## What/Why
### What are you proposing?
All source code should have an SPDX license header.
### What users have asked for this feature?
Standard org-wide practice.
### What problems are y…
-
Issue #1736 includes the interesting point that AppStream (widely used in Linux distributions) is yet another program which uses SPDX License Identifiers to attempt to determine whether software is fr…