Anthony: On Thu, Mar 16, 2023 at 7:41 PM Anthony Harrison <[email protected]> wrote: > In generating SBOMs, I am encountering a lot of issues with licence > information obtained from either ecosystem meta data or actual source files > most do not appear to be using SPDX license identifiers. If I report the > actual licence text then the generated SBOM is invalid; however reporting it > as NOSASSERTION or NONE doesn’t seem correct because the author has made some > attempt at identifying the license albeit incorrectly. > > What is the correct behaviour when an invalid license is detected?
Can you share some concrete examples? -- Cordially Philippe Ombredanne +1 650 799 0949 | [email protected] AboutCode - Open source for open source - https://www.aboutcode.org -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5042): https://lists.spdx.org/g/Spdx-tech/message/5042 Mute This Topic: https://lists.spdx.org/mt/97657161/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
