Checking Software License Compatibility with SPDX

[sneumann]

It might be comparatively easy to create machine readable software license information https://linuxfoundation.org/press-release/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials/

using the Maven plugin https://github.com/spdx/spdx-maven-plugin

Yours, Steffen

[meier-rene]

Hi, I integrated the spdx-maven-plugin, and it creates SPDX files during the normal maven livecycle. These SPDX files will not appear in the source repo, because they are generated files. This files would belong to a artifact if we would deploy to something like the maven central repository. Not all of the generated SPDX files are perfect, because spdx-maven-plugin does not support multi module maven builds. It is also very likely that one has to use mvn install once to deploy MassBank-lib to the local maven repo. I took the opportunity to get all license related meta data straight in our repo and configured the maven license plugin. Now one can create a listing of the licenses for all dependencies with mvn license:aggregate-add-third-party.

[sneumann]

Fixed in/around eddc651feb8eec2cd1fe5bbe6a369dc72db9f2a5

[meier-rene]

I left a comment in the source, because the commit also contains several other changes.