Hello,

  for FOSSology we have the export functionality for SPDX rdf and tag-value 
files (and debian copyright as well).

  A new use case is how to review SPDX documents that we receive from other 
parties? With 1000s of files in an OSS package you quickly get lost and switch 
between file browsing in your shell and the SPDX document view.

  The basic idea is to use the FOSSology license review user interface to 
review SPDX file input - just as this would be a result from a license scanner 
finding.

  The current status of discussion can be reviewed here:

https://github.com/fossology/fossology/issues/669

and the current work status is here:

https://github.com/fossology/fossology/tree/dev/addSPDX2ImportAgent

  Now we have questions about the handling of the SPDX data in FOSSology and 
would like to ask you for feedback (general and this particular question):

How should FOSSology identify files between oss packages and SPDX file: by 
"filename/-path and hash" or hash value only?

Kind regards, Michael

_______________________________________________
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Reply via email to