Anthony: On Thu, Mar 16, 2023 at 7:41 PM Anthony Harrison <anthony.p.harri...@gmail.com> wrote: > In generating SBOMs, I am encountering a lot of issues with licence > information obtained from either ecosystem meta data or actual source files > most do not appear to be using SPDX license identifiers. If I report the > actual licence text then the generated SBOM is invalid; however reporting it > as NOSASSERTION or NONE doesn’t seem correct because the author has made some > attempt at identifying the license albeit incorrectly. > > What is the correct behaviour when an invalid license is detected?
Can you share some concrete examples? -- Cordially Philippe Ombredanne +1 650 799 0949 | pombreda...@nexb.com AboutCode - Open source for open source - https://www.aboutcode.org -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5042): https://lists.spdx.org/g/Spdx-tech/message/5042 Mute This Topic: https://lists.spdx.org/mt/97657161/21656 Group Owner: spdx-tech+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-