Marc-Etienne Vargenau
Marc-Etienne Vargenau
### Description In the SPDX code, we have multiple times the same code, for example: ``` LicenseID: LicenseRef-scancode-unknown-license-reference LicenseName: Unknown License file reference LicenseComment: See details at https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/licenses/unknown-license-reference.yml ExtractedText: See...
Hi, I am trying to move code from Simplepie 1.1 to 1.5. I had done a new SimplePie() with 4 parameters, the fourth one being the proxy. As I understand,...
".xls spreadsheets" is in the list of possible formats for SPDX documents, but is not specified. We should at minimum: * give the list of tabs with their name, *...
In the SPDX standard, we have several fields for commenting various entities. In the list below, we have cases where delimiting the comment by .. is always mandatory, and cases...
Currently, the standard does not specify which licenses are compatible with the "+" operator. We should explicitly list in the standard the licenses that cannot use the "+" operator. We...
**What would you like to be added**: It would be nice to be able to run Syft on a Dockerfile. **Why is this needed**: **Additional context**: Tern allows this.
**What happened**: This is a follow-up of #950. The GPL family has been solved, but not all deprecated licenses. Please check the whole list of deprecated licenses at https://spdx.org/licenses/#Deprecated%20License%20Identifiers **What...
In file ```license-list-data/json/licenses.json``` you have: ``` { "reference": "https://spdx.org/licenses/GPL-3.0.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-3.0.json", "referenceNumber": 242, "name": "GNU General Public License v3.0 only", "licenseId": "GPL-3.0", "seeAlso": [ "https://www.gnu.org/licenses/gpl-3.0-standalone.html", "https://opensource.org/licenses/GPL-3.0" ], "isOsiApproved":...
In https://spdx.org/licenses/GCC-exception-2.0.html, replace "Typically used with GPL-2.0+" by "Typically used with GPL-2.0-only or GPL-2.0-and-later". In https://spdx.org/licenses/GCC-exception-3.1.html, replace "Typically used with GPL-3.0" by "Typically used with GPL-3.0-only or GPL-3.0-and-later". In https://spdx.org/licenses/Autoconf-exception-2.0.html,...
We now have SPDX 2.2 (the ISO version) and SPDX 2.3, and soon we will have SPDX 3.0. It would be good to be able to specify in which version...