-
## Usecase:
Repo directly stores .patch and .diff files alongside normal code: buildroot, crosstool-ng, etc.
It's a mess to maintain proper SPDX for them.
## Situation:
1) Patch files require li…
-
**What happened**:
I am creating an SBOM for the `docker.io/bitnami/redis` image.
As I was looking at the artifacts, I noticed that the redis binary was absent from the list of artifacts in the SBOM…
-
I would like a tool that reads license info in DEP-5 format and outputs license info in SPDX format.
This may mostly be a superficial conversion, but may also require some full-text scanning.
sp…
-
When comparing 2 SPDX documents with a LicenseRef containing no text, the comparison of those LicenseRef's is false, but no explanation is given.
We probably do not want them to match since we don'…
-
The conversion of relationships from SPDX 2 to SPDX 3 needs to be updated to match the spec (cited below). A relationship to `NONE` or `NOASSERTION` affects the completeness of other relationships fro…
-
[//]: # "SPDX-FileCopyrightText: Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved."
[//]: # "SPDX-License-Identifier: Apache-2.0"
[//]: # ""
[//]: # "Licensed under the …
-
To cover both copyrights from The D Language Foundation and Taurus library I propose to use the same open-source license of Phobos, DMD and DRuntime, Boost 1.0 (`BSL-1.0`).
For consistent file lice…
-
As for now the license is getting published as `Apache 2 License` but according to https://spdx.org/licenses/Apache-2.0.html the SPDX-identifier would be `Apache-2.0`.
It would be nice to align it…
-
Visual Studio Code で開発を行うと,[バックグラウンド分析](https://docs.microsoft.com/ja-jp/visualstudio/code-quality/configure-live-code-analysis-scope-managed-code?view=vs-2022)により警告を表示してくれる.
大体は気になりつつも,その場しのぎで対応してしま…
ma96o updated
2 years ago
-
```
(augur-spdx) sean@facetrust:~/github/augur-spdx$ cat spdx-howison.log
.....
RECORD CREATED
('github.com/', 25446, 25155, 'thomasfmiller')
****************
25446
****************
github.c…