-
There are a few discrepancies in the SPDX headers on files in the bindings:
* gpiod/_internal.py has GPL instead of LGPL like the rest of the files
* tests/tests_line_settings.py has LGPL instead …
-
With most packages converted to SPDX, I propose that rpmlint (in F42) should warn when the package use Callaway syntax.
-
## current situation (CDX 1.6):
- it is allowed to have EITHER one spdx license expression OR multiple named/spdx licenses. see [spec](https://cyclonedx.org/docs/1.6/json/#components_items_licenses)
…
-
Dulwich is licensed under Apache License (version 2.0 or later) or the GNU General Public License, version 2.0 or later. This is not easy to understand, especially for tools to detect licenses. I prop…
-
Which means SPDX license expressions, and `LicenseRef-*` for custom licenses, are possible.
Reference:
https://spdx.github.io/spdx-spec/v3.0.1/annexes/spdx-license-expressions/#composite-license-e…
txtsd updated
2 weeks ago
-
## Description
We can only use licenses from [SPDX license list](https://spdx.org/licenses/) in `licenseConcluded` and `licenseDeclared` fields.
For other licenses, we should create new `LicenseRef-…
-
Nuget documentation defines UNLICENSED as a valid license-expression: https://github.com/nuget/home/wiki/packaging-license-within-the-nupkg-(technical-spec)#nugets-license-expression-abnf
dotnet-Cycl…
-
**What happened**:
Given a very minimal CycloneDX SBOM as input:
```
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"components": [
{
"type": "library",
"name":…
-
"matching guidelines" text on https://spdx.org/licenses/ still link to v2.3 spec
- https://spdx.github.io/spdx-spec/v2.3/license-matching-guidelines-and-templates/)
May need to ask LF team to upda…
-
Hi All,
Would it be possible for the plugin to deliver known licenses in its jar and only go to the internet if absolutely required?
Without internet access you get:
```
[INFO] --- spdx:0.7.4:…