kraih
commented
1 year ago As a first step it would probably make sense to update our database schema with an optional SPDX expression in addition to the current legacy license identifier. And add support for it to the UI. Afterwards we can slowly fill in the missing data, which can then be utilised in future updates to our reports.
Alternatively we could also try to replace the current license identifiers with SPDX expressions. We would have to be careful about possible side effects of such changes however.
Much of our license pattern data predates the existence of SPDX, so we rely on mostly arbitrarily chosen identifiers. Recently there has been growing interest in reports that also include SPDX identifiers. This has many advantages, such as the ability to exchange reports in standard formats with tools like Fossology. Which in turn would also allow us to cooperate more with open source projects like OSSelot (see #64).