[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Model suggestions for the IP / licensing section



Hi Steve,

 

The model I plan on proposing allows for references to licenses defined within the SBOM document itself.

 

For example, lets say you find the complete text of a license that doesn’t match one of the standard SPDX license ID’s.

 

You would include in the SBOM an object which contains an ID (e.g. LicenseRef-1) and the complete text of the license as properties.  There are also optional fields for license name, URL, etc.

 

One detail that may be controversial (so I’ll point it out here) is whether the text for these “local licenses” is required or not.  In SPDX we require the text.  From a tools implementation point of view, this may be difficult or impossible depending on the situation.  Sometimes you only have a name or a URL. 

 

Gary

 

 

From: Steve Springett Gary O'Neall class=MsoNormal> 

Are SPDX license expressions something that can be validated with XML schema and/or JSON schema?

 

 

—Steve

On Dec 12, 2019, 1:32 PM -0600, Gary O'Neall <Email: