Hi Stefano, > On 7 Jan 2026, at 18:15, Stefano Tondo via lists.openembedded.org > <[email protected]> wrote: > Add hasConcludedLicense relationship to SBOM packages with support for > manual license conclusion override via SPDX_CONCLUDED_LICENSE variable. > > The concluded license represents the license determination after manual > or external license analysis. This should be set manually in recipes or > layers when: > > 1. Manual license review identifies differences from the declared LICENSE > 2. External license scanning tools detect additional license information > 3. Legal review concludes a different license applies > > The hasConcludedLicense relationship is ONLY added to the SBOM when > SPDX_CONCLUDED_LICENSE is explicitly set. When unset or empty, no > concluded license is included in the SBOM, correctly indicating that > no license analysis was performed (per SPDX semantics).
Could you add a test case to oeqa to this, so that we know the conditional behaviour doesn’t change or break? Thanks Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230892): https://lists.openembedded.org/g/openembedded-core/message/230892 Mute This Topic: https://lists.openembedded.org/mt/117139043/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
