Closed hesa closed 4 months ago
Currently the option --validate-spdx checks if the licenses are known to [license_expression](https://github.com/nexB/license-expression), which is the same database of licenses as [ScanCode LicenseDB](https://scancode-licensedb.aboutcode.org/.
--validate-spdx
[license_expression](https://github.com/nexB/license-expression)
Instead, a check against should be implemented
Currently the option
--validate-spdx
checks if the licenses are known to[license_expression](https://github.com/nexB/license-expression)
, which is the same database of licenses as [ScanCode LicenseDB](https://scancode-licensedb.aboutcode.org/.Instead, a check against should be implemented