[
https://issues.apache.org/jira/browse/RAT-251?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17744692#comment-17744692
]
Gary O'Neall commented on RAT-251:
----------------------------------
I'm not a regular contributor to RAT, but I am familiar with SPDX and can help
with any mappings.
>From a quick look at the RAT code, it looks like there is an opportunity to
>include the SPDX license identifier in the
>[ApacheV2LicenseAppender.java|https://github.com/apache/creadur-rat/blob/master/apache-rat-core/src/main/java/org/apache/rat/annotation/ApacheV2LicenseAppender.java]
> output - adding the line "SPDX-License-Identifier: Apache-2.0" after the
>standard header. This would enable license scanners to easily identify the
>Apache 2.0 license using a standard syntax and identifier.
The other change mentioned above would be to update the license header matching
to search for the pattern "SPDX-License-Identifier:\s+([a-zA-Z0-9 ()+.-]+)".
The SPDX license ID can be captured from the group.
A more challenging update would be to match the actual license texts to the
full set of SPDX license ID's supported. This would greatly increase the
number of license texts that Rat reports on, but it would be quite a bit more
work.
The [SPDX Java Library|https://github.com/spdx/Spdx-Java-Library] supports some
license matching functions, but the performance is quite expensive and it only
works for the complete license text - not the headers as RAT does. If you're
interested in using the library, I am one of the maintainers and can answer any
questions.
> Support for SPDX identifiers
> ----------------------------
>
> Key: RAT-251
> URL: https://issues.apache.org/jira/browse/RAT-251
> Project: Apache Rat
> Issue Type: New Feature
> Reporter: Szymon Janc
> Priority: Major
>
> would be great if RAT could understand SPDX identifiers as this makes licence
> compliance checking much simpler
> https://spdx.org/
> https://spdx.org/licenses/
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
