-
## Background
* Wikipedia article [about ASN.1](https://en.wikipedia.org/wiki/ASN.1)
* ISO Standard [ISO/IEC 8824-1:2021](ISO/IEC 8824-1:2021), including the [RSS](https://www.iso.org/contents/dat…
-
Nowadays lots of software pieces are put together via tools like composer.
In such cases a license identifier is provided in the config file (like composer.json).
SPDX has been declaring unambiguous …
-
Idea (see, also #5) by @im397:
```
-f, --list-fsf List only packages with FSF compatible licenses
-o, --list-osi List only packages with OSI compatible licenses
-d, --list-DFSG List only package…
-
After we come closer to the System SBOM, we should also have HBOM in mind.
It can also cover topics like VHDL and Verilog elements.
-
Like npm [just](https://github.com/npm/npm/blob/master/CHANGELOG.md#v2100-2015-05-8) [did](https://docs.npmjs.com/files/package.json#license)
-
There are some licenses on the OSI website which are not present in the metadata (e.g. 0BSD).
I noticed a folder `licenses/autogenerated` that contain metadata for other licenses on the OSI website…
-
**Describe the bug**
There are 3 (debatable) problems with automatic adding of copyright with copyright.sh.
1. Using "IBM Corp." in the copyright is not very open source community friendly. The…
-
https://spdx.org/licenses/
https://choosealicense.com/
-
This file has mac line endings (CR line terminator)
https://raw.githubusercontent.com/qt/qtbase/dev/tests/auto/tools/moc/os9-newlines.h
```bash
$ file os9-newlines.h
os9-newlines.h: ASCII tex…
-
As per the below code snippet, if filesAnalyzed is true, files array must contain any files related to the package.
No clear correlation between the **files** and the **filesAnalyzed** field has bee…