tools-python
tools-python copied to clipboard
spdx
A Python library to parse, validate and create SPDX documents.
This change allows multiple checksums and file types on Files. This improves compliance with the SPDX 2.1 and newer specifications. This was done to allow support for modern cryptographic hashes,...
4 fixes are addressed: 1. Relationship generation on non-TV output formats (was working only on TV). 2. Missing encoding when dumping to YAML. 3. Fixed Validation error not returning in...
The current SPDX spec allows for Files to be included in a Document with no associated Package. This is specified at https://spdx.github.io/spdx-spec/4-file-information/ in the following section (see bullet points 1...
In the examples directory, there are the following two scripts: - write_tv.py - pp_tv.py Running ``` python3 write_tv.py output ``` generates a spdx file without problem. Reading this file again:...
Getting this error when trying to convert SPDX 2.2 tag file to SPDX 2.2 json file: data:AnnotationType must be "REVIEW" or "OTHER". Line: 23 data:FileName Can not appear before PackageName,...
Would it be feasible to make this library packaged for Debian? A concrete use case: the REUSE helper tool is meanwhile available in the official Debian repos. If we include...
'ExternalPackageRef' is optional but we need to write it when it exist
In 0.7.0a3 relationships are only working on TV. Following my change the lib will generate them on other formats.
