CycloneDX
feat: support multi license mix
As discussed in ticket #454, this PR adds the following abilities:
- have multiple license expressions
- have a mix of license expressions, SPDX license IDs, and named licenses
Please read the original ticket and see the provided example data for use-cases.
fixes #454
TODO/DONE
- [x] showcase that this feature was not possible in 1.6
- [x] migrated now-passing tests from 1.6
- [x] add examples for XML
- [x] add examples for JSON
- [x] add examples for ProtoBuf
- [x] implement for XML
- [x] implement for JSON
- [x] implement for ProtoBuf
RFC notice sent. https://groups.io/g/CycloneDX/message/304 https://cyclonedx.slack.com/archives/CVA0G10FN/p1738861352347449
Public RFC period ends March 6, 2025
RFC notice sent. https://groups.io/g/CycloneDX/message/304 https://cyclonedx.slack.com/archives/CVA0G10FN/p1738861352347449
Public RFC period ends March 6, 2025
Period ended today, change was promoted to TC54.
In today's TC54 meeting, some members rejected the feature as it is today, and rejected the original promoted feature. Reason: they expressed, that allowing multiple licenses was a bad idea.
The discussion about that shall be continued in the original ticket: https://github.com/CycloneDX/specification/issues/454
Incorporated the latest development of 1.7-dev into the examples. This will add additional justification to this feature.
Good for me... we can always refine it later! Sorry to have taken so much time to review and come to an agreement.
no worries, @pombredanne, Some things just take longer. I mean, it took me half a year to understand community needs fully, and come up with a solution that actually helps. I can clearly understand that you had questions and fears. Now that this is ready for merging, a followup is needed, to minimize ambiguity - one of the things you feared:
- https://github.com/CycloneDX/specification/issues/619