Hi there, This is a question regarding LicenseRefs, specifically for the PackageLicenseDeclared field.
Tern is a tool that can generate SPDX documents for containers. When we are collecting license information for Debian packages inside a container, we must scan the copyright files to gather any type of license information for that package. We do this with the Debian-inspector library; other package managers like apk or rpm can provide a direct license for a package with a straightforward command. This means that licenses associated with a debian package typically look something like this after scanning the copyright text: GPL-2, GPL-2+, GPL-3+, LGPL, LGPL-3+, MIT, public-domain Is it possible to create a LicenseRef of the entire string of multiple licenses? I.e.: PackageLicenseDeclared: LicenseRef-123456 . . LicenseID: LicenseRef-123456 ExtractedText: <text>Original license: GPL-2, GPL-2+, GPL-3+, LGPL, LGPL-3+, MIT, public-domain</text> Or, does the spec require that we separate each license into a separate LicenseRef? The issue with the latter option is I’m not sure choosing AND or OR to join the various license refs is something Tern should be doing as each infers a different compliance obligation. Thanks in advance for any thoughts on the matter. -Rose -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4866): https://lists.spdx.org/g/Spdx-tech/message/4866 Mute This Topic: https://lists.spdx.org/mt/95416586/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
