We could document how one can use a SPDX SBOM, e.g. produced by FOSSology or another tool, and use this as a basis to add REUSE information to the covered file.
As modern SBOMs are often JSON, it should be scriptable in a few lines. reuse addheader could be called for every listed file (with --skip-unrecognised to avoid the process to halt) that has at least licensing or copyright information available.
This would not replace sane manual intervention for when an entry in .reuse/dep5 would make more sense, but is a start.
@nicorikken, as REUSE scripts master, perhaps something you would like to work on?
We could document how one can use a SPDX SBOM, e.g. produced by FOSSology or another tool, and use this as a basis to add REUSE information to the covered file.
As modern SBOMs are often JSON, it should be scriptable in a few lines.
reuse addheader
could be called for every listed file (with--skip-unrecognised
to avoid the process to halt) that has at least licensing or copyright information available.This would not replace sane manual intervention for when an entry in
.reuse/dep5
would make more sense, but is a start.@nicorikken, as REUSE scripts master, perhaps something you would like to work on?