Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: workflow commands that can patch and output an SBOM for declared vs concluded licenses #47

Open
spiffcs opened this issue Feb 5, 2024 · 0 comments
Open

feat: workflow commands that can patch and output an SBOM for declared vs concluded licenses #47

spiffcs opened this issue Feb 5, 2024 · 0 comments
Labels
feat New feature or request

Comments

@spiffcs
Copy link
Collaborator

spiffcs commented Feb 5, 2024
edited
Loading

SPDX makes a distinction between declared and concluded packages.

Declared: "List the licenses that have been declared by the authors of the package"
Concluded: "Contain the license the SPDX document creator has concluded as governing the package or alternative values, if the governing license cannot be determined."

Grant should provide a command that allows a user to 👍 or 👎 a license as concluded for a given package

SPDX documents output by this command would have the extra step of allowing a users to add information to the SPDX "Comments on license field". This field provides a place for the SPDX document creator to record any relevant background information or analysis that went in to arriving at the Concluded License for a package.
@spiffcs spiffcs added the feat New feature or request label Feb 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feat New feature or request
Projects
OSS
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@spiffcs