On 13.03.2025 15:29, Jonas Smedegaard wrote:
Quoting Dom Rodriguez (2025-03-13 14:48:21)
On 13.03.2025 11:01, Jonas Smedegaard wrote:
>Quoting Dom Rodriguez (2025-03-13 01:18:03)
>> It would be useful for `licensecheck` to output SPDX-compliant license
>> identifiers, so that it can be used in SPDX/CycloneDX SBOMs.
>
>Do you mean like this?:
>
>```
>licensecheck --shortname-scheme=spdx *
>```
Perfect, I missed that in the docs.
However, I note that, for example, GPLv2 licenses are reported as
`GPL-2.0`, which is deprecated by the SPDX license list[0], which
should - probably - be addressed.
The license fulltext itself does not cover any work, so cannot decide if
it is -only or -or-later.
I can open a different bug report and close this one if that works for
the team. I'm running `licensecheck` v3.3.9.
If you only needed what --shortname-scheme=spdx then yes, makes sense to
close this bugreport.
If that other issue you wanted to open another bugreport for is the
above about GPL-3, then please first check if covered in either of bugs
#1052259 or #1081421.
You might also be interested in bug#950363 :-)
I'll close this for now, as those other bug reports seem to -
partially, one way or another - cover the -only/-or-later bits we need.
Thanks for your help on this, Jonas - I spent a long time implementing
ScanCode for this project, only to find it was too slow on CI - and
naturally, Perl is perfect for this kind of text processing.
Best regards,
--
Dom Rodriguez (he/him)
Software Engineer
Codethink Ltd
Codethink delivers cutting edge open source design, development and
integration services.
https://codethink.co.uk
