for FOSSology we have the export functionality for SPDX rdf and tag-value
files (and debian copyright as well).
A new use case is how to review SPDX documents that we receive from other
parties? With 1000s of files in an OSS package you quickly get lost and switch
between file browsing in your shell and the SPDX document view.
The basic idea is to use the FOSSology license review user interface to
review SPDX file input - just as this would be a result from a license scanner
The current status of discussion can be reviewed here:
and the current work status is here:
Now we have questions about the handling of the SPDX data in FOSSology and
would like to ask you for feedback (general and this particular question):
How should FOSSology identify files between oss packages and SPDX file: by
"filename/-path and hash" or hash value only?
Kind regards, Michael
Spdx-tech mailing list