On Mon, 15 Jan 2024 at 07:26, Alexander Kanavin via lists.openembedded.org <[email protected]> wrote:
> I'm also curious about what osselot outputs that can't be done with a > oe-core class directly? Is something missing in existing create-spdx > classes? Here's for example what osselot provides for busybox, but I > can't really make sense of it: > > https://github.com/Open-Source-Compliance/package-analysis/tree/main/analysed-packages/busybox/version-1.36.1 Okay, I've read the README file in that repo, and if i understood it right, the process is: - run fossology - have a human inspect the output, and correct it on a file by file basis (tremendous waste of time and limited developer resources even when done the 'open source way' if you ask me but whatevs) - place the corrected output into the above repository Do you really really need the 'human corrected' part of all this? It will never possibly cover all of the packages you need to ship and match all their versions. If not, then maybe using and improving this layer is a better way out? https://git.yoctoproject.org/meta-spdxscanner/ Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193634): https://lists.openembedded.org/g/openembedded-core/message/193634 Mute This Topic: https://lists.openembedded.org/mt/103730186/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
