Bug#1100386: licensecheck should [optionally] output SPDX-compliant license identifiers.
Dom Rodriguez
Dom.Rodriguez at codethink.co.uk
Wed Mar 26 00:26:10 GMT 2025
On 13.03.2025 15:29, Jonas Smedegaard wrote:
>Quoting Dom Rodriguez (2025-03-13 14:48:21)
>> On 13.03.2025 11:01, Jonas Smedegaard wrote:
>> >Quoting Dom Rodriguez (2025-03-13 01:18:03)
>> >> It would be useful for `licensecheck` to output SPDX-compliant license
>> >> identifiers, so that it can be used in SPDX/CycloneDX SBOMs.
>> >
>> >Do you mean like this?:
>> >
>> >```
>> >licensecheck --shortname-scheme=spdx *
>> >```
>>
>> Perfect, I missed that in the docs.
>>
>> However, I note that, for example, GPLv2 licenses are reported as
>> `GPL-2.0`, which is deprecated by the SPDX license list[0], which
>> should - probably - be addressed.
>
>The license fulltext itself does not cover any work, so cannot decide if
>it is -only or -or-later.
>
>> I can open a different bug report and close this one if that works for
>> the team. I'm running `licensecheck` v3.3.9.
>
>If you only needed what --shortname-scheme=spdx then yes, makes sense to
>close this bugreport.
>
>If that other issue you wanted to open another bugreport for is the
>above about GPL-3, then please first check if covered in either of bugs
>#1052259 or #1081421.
>
>You might also be interested in bug#950363 :-)
I'll close this for now, as those other bug reports seem to -
partially, one way or another - cover the -only/-or-later bits we need.
Thanks for your help on this, Jonas - I spent a long time implementing
ScanCode for this project, only to find it was too slow on CI - and
naturally, Perl is perfect for this kind of text processing.
Best regards,
--
Dom Rodriguez (he/him)
Software Engineer
Codethink Ltd
Codethink delivers cutting edge open source design, development and
integration services.
https://codethink.co.uk
More information about the pkg-perl-maintainers
mailing list