SPDX coverage from what FOSSology covers

[mcjaeger]

Proposed (!!! I feel sorry for putting it into your issue tracker thought it would be actually helping to bring transparency) is a meta issue that shows what FOSSology covers in terms of license analysis use cases and which of the issues in this issue tracker are connected with this.

Please note also that there is a meta issue on the FOSSology side, summarising captured shortcomings of the FOSSology w.r..t the SPDX spc:

https://github.com/fossology/fossology/issues/1079

FOSSology use cases

• [ ] Obligations, risks, restrictions as part of the SPDX https://github.com/spdx/spdx-spec/issues/111
• [ ] ECC information https://github.com/spdx/spdx-spec/issues/35
• [ ] IPR limitations (trademarks?) could be also covered by risks or here https://github.com/spdx/spdx-spec/issues/35
• [ ] identified files that do not get distributed https://github.com/spdx/spdx-spec/issues/92
• [x] import SPDX files issue for large OSS components or shipped products https://github.com/spdx/spdx-spec/issues/96
• [x] acknowledgement on file level https://github.com/spdx/spdx-spec/issues/28

Admitted that #92 is maybe covered by the relations construct, although I am not convinced it represents a solution that as intended

[iamwillbar]

A lot of these feel they would fit nicely into the profiles model in 3.0. I suggest we move this issue to the 3.0 milestone.

[swinslow]

Agree, I think this is more appropriate to consider as part of 3.0.

[goneall]

This may be a good issue to add to the operations profile team.

[goneall]

Moving to 3.1 - the target for the profiles team.

[swinslow]

I've commented within the sub-issues linked from here (and/or closed them) to reflect where I think these currently stand.

Short version, I don't think there's anything left in here that is licensing-related that hasn't either already been addressed, or else is a "wontfix" for 3.0 and going forward. I'll leave this open to the extent that parts of it may touch on other profiles.