SPDX report is missing detailed license texts for LicenseRef

aboutcode-org / scancode.io

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

https://scancodeio.readthedocs.io

Apache License 2.0

108 stars 83 forks source link

SPDX report is missing detailed license texts for LicenseRef #841

Open pombredanne opened 1 year ago

pombredanne commented 1 year ago

Describe the bug https://spdx.github.io/spdx-spec/v2.3/other-licensing-information-detected/ demands we include the texts and metadata of the LicenseRef.

DennisClark commented 1 year ago

Here is a test file

theora-1.0.tar.gz_scan.json.zip

pombredanne commented 1 year ago

We need also to put package notice text in attributionText

pombredanne commented 1 year ago

And we would need also the link to the licenseDB and ScanCode in the "seeAlsos" of each license. These are the properties named "scancode_url" and "licensedb_url" on the License object

pombredanne commented 1 year ago

This may needs to be revisited

tdruez commented 1 year ago

@pombredanne Could you provide more context?