Hello, for FOSSology we have the export functionality for SPDX rdf and tag-value files (and debian copyright as well).
A new use case is how to review SPDX documents that we receive from other parties? With 1000s of files in an OSS package you quickly get lost and switch between file browsing in your shell and the SPDX document view. The basic idea is to use the FOSSology license review user interface to review SPDX file input - just as this would be a result from a license scanner finding. The current status of discussion can be reviewed here: https://github.com/fossology/fossology/issues/669 and the current work status is here: https://github.com/fossology/fossology/tree/dev/addSPDX2ImportAgent Now we have questions about the handling of the SPDX data in FOSSology and would like to ask you for feedback (general and this particular question): How should FOSSology identify files between oss packages and SPDX file: by "filename/-path and hash" or hash value only? Kind regards, Michael
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
