Open pmonks opened 2 years ago
When an SPDX document is found, only it should be used for license detection - the other mechanisms (pom file processing, finding probable license files and trying to identify the license(s) in them) should not be invoked.
Potential implementation notes:
The IModelStore
abstraction in Spdx-Java-Library
is stateful and pretty non-idiomatic for Clojure (it would be preferable to just return data structures, and let the caller decide what to do with them), so it would be ideal to find a way to unload files from memory after they've been read and returned.
Job Story
When a dependency's artifacts include SPDX documents, I want tools-licenses to process those documents and extract license information from them, so that I can be sure the most accurate and comprehensive license information available is being reported.
Potential Solutions:
Though it mostly seems to be overkill, Spdx-Java-Library may be useful here, at least for SPDX document parsing.