-
Component: [dom4j/dom4j/1.6.1](https://clearlydefined.io/definitions/maven/mavencentral/dom4j/dom4j/1.6.1/1.6.1)
ScanCode detected the license as Plexus, but it did not show up as detected in the d…
-
Even after applying:
https://github.com/bluez/bluez/commit/b16b19885c5383cd0499503617b98ceb188c898e
Current build system installs dbussessionbus_DATA = obexd/src/org.bluez.obex.service only when s…
-
Please review a new Change Proposal for adding an ExceptionRef here: https://github.com/spdx/change-proposal/blob/main/proposals/ExceptionRef.md submitted by @zvr
To be reviewed by SPDX-legal and …
-
Originally from https://github.com/pombredanne/spdx-pypi-pep/pull/2#discussion_r330419938
Moved here as a ticket based on @pradyunsg suggestion to support a more focused discussion:
--------------…
-
For SPDX-Metadata not containing any copyright rights, you hereby agree and acknowledge that the SPDX-Metadata is provided to you "as-is" and without any representations or warranties of any kind conc…
-
The [setuptools documentation](https://setuptools.pypa.io/en/latest/pkg_resources.html) mentions:
> Use of pkg_resources is deprecated in favor of [importlib.resources](https://docs.python.org/3.11…
-
For example, `GPL (>= 3)` in DESCRIPTION should translate to `GPL-3.0-or-later`, both for Zenodo and for the cff format; the string is not to be copied as such (currently the case).
See https://spd…
-
I would consider changing the range to spdx:License, and constrain instances to the spdx reference dataset (https://github.com/spdx/license-list-data/tree/master/rdfturtle)
-
Hi, I am trying to validate a given `LicenseExpression` using `get_spdx_licensing().validate()`. This is very helpful in providing a list of unknown symbols not on the SPDX License and Exception Lists…
-
**What happened**:
When scanning an image such as `debian:bullseye`, `syft` will catalog the individual files found in the image and output that information apparently _only_ when using the `spdx-t…