-
SPDX License IDs are standardized short identifiers used to accurately and concisely identify the licenses associated with open source software (https://spdx.dev/learn/overview/). These identifiers ar…
-
When reviewing our statistics shown at https://commons.datacite.org/repositories/dryad.dryad, and we were surprised to see the Licenses graph showing that 63% of our DOIs have “missing” licenses. I sp…
-
It would be helpful if the LICENSE for this repository reflected a widely known license that github could automatically detect and could be annotated with a SPDX identifier
-
See https://github.com/columbia-irt/rtptools/pull/18 for the various licenses of various files.
Find the corresponding SPDX ids of those licenses in https://spdx.org/license-list
and put them into …
-
You mention that official licenses denote licenses from the Software Package Data Exchange (SPDX) and that you collect and annotate these licenses for their rights, obligations and conditions. But I c…
-
I think it would be useful if `reuse lint` has an option to verify that contents of the license file is valid.
This means that an error will be returned in the following cases:
- `GPL-3.0-or-lat…
-
For package `pkg:golang/github.com/klauspost/compress@1.17.8`, Parlay incorrectly returns
> "licenseConcluded": "(Apache-2.0 OR BSD-3-Clause OR MIT)",
where it should be
> "licenseConcluded"…
-
If a license is only used in the `REUSE.toml` and not as a header/`.license`-file, `reuse download` will not download it and `reuse lint` will identify it as unused.
```bash
cd $(mktemp -d)
touch…
-
**What would you like to be added**:
SBOM formats such as CycloneDX and SPDX support including the full text of a license with a component. It would be great if syft could extract this information wh…
-
[//]: # "SPDX-FileCopyrightText: Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved."
[//]: # "SPDX-License-Identifier: Apache-2.0"
[//]: # ""
[//]: # "Licensed under the …