DocumentRef-1:LicenseRef-XY flagged as invalid

spdx / tools

SPDX Tools

Apache License 2.0

123 stars 68 forks source link

DocumentRef-1:LicenseRef-XY flagged as invalid #214

Open tbetker opened 4 years ago

tbetker commented 4 years ago

"PackageLicenseConcluded: DocumentRef-1:LicenseRef-XY" in an SPDX document is valid according to Appendix IV of the spec., but the verifier fails:

Invalid license id 'DocumentRef-1:LicenseRef-XY'. Must start with 'LicenseRef-' and made up of the characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', '.', and '-'.

The spdx-tools version I tested was release 2.1.20.

goneall commented 4 years ago

It looks like the SPDX tools doesn't support external license ref declarations. We will need to add support similar to the ExternalSpdxElement class.