Hi Mark On 2017-02-18 04:54, Gisi, Mark wrote:
At Kate's talk [1] (can't find the slides online, btw) she showed a Wind River dashboard which mentioned that the WR scanner (proprietary?) identified keyring as having no license info.Wind River has provided a free SPDX creation service for more than three years including the dashboard view: http://spdx.windriver.com/pkg_upload.aspx We did this to allow one to obtain instance access to the SPDX creation process to promote the adoption of SPDX. All you need is a software package and an email address (actually you only need an email since we provide sample packages as well). We make it so easy that even your grandmother can create an SPDX file - provide she has an email account (at least that was a core design principle that guided us).
Given that the service you're mentioning is proprietary, I'm not sure whether the algorithm is the same as what led to Kate's slide or not. But in any case the keyring upstream maintainer points out that his licensing is detected at https://pypi.org/project/keyring/ and it seems that the service Kate used did not detect it.
br Paul _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
