You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The REUSE tool currently generates a SPDX software bill of materials only in the SPDX-2.1 format. As an example, I attached the output of reuse spdx of this repository. There are a number of issues:
SPDX-2.3 is the current version.
Somehow, the FileCopyrightText do not look right, especially when using the SPDX-FileCopyrightText tags.
It might make sense to follow the minimal set of requirements of the NTIA which officially accepted SPDX as one way to create SBOMs. @kestewart may help here.
It seems we generate this document manually in spdx.py and report.py. Perhaps there is some spdx library that we can use?
Also, generating an optional JSON/YAML version would be great.
The text was updated successfully, but these errors were encountered:
I wouldn't wait for packaging, packaging a pypi module is quite easy. I'd volunteer if I didn't already have too many things to do... (And I'm not a DD so it would need a sponsor anyway). I'm any case, reuse itself isn't packaged I don't think, so no big deal.
The REUSE tool currently generates a SPDX software bill of materials only in the SPDX-2.1 format. As an example, I attached the output of
reuse spdx
of this repository. There are a number of issues:SPDX-FileCopyrightText
tags.It seems we generate this document manually in
spdx.py
andreport.py
. Perhaps there is some spdx library that we can use?Also, generating an optional JSON/YAML version would be great.
The text was updated successfully, but these errors were encountered: