Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(spdx): Allow
LicenseRef-
exceptions for licenseInfoInFiles
SPDX v2 does not allow using custom (`LicenseRef-`) IDs as exceptions and an SPDX expression. Whether / how that could be supported in future is currently being discussed, see [1]. When the SPDX reporter creates an SPDX document containing `LicenseRef-` exceptions it crashes due to an exception from `SpdxExpression.validate()`. The only SPDX V2 compliant option for preventing that crash is to come up with a whole new `LicenseRef-` license ID which denotes a text containing both, the license and the exception. As a simple, maybe short term solution, relax the check so that the reporter no more crashes. This violates the SPDX v2 spec, but keeps the information about the association of the license and the exception. Users then patch up the license finding using a license finding curation to assign a dedicated custom license ID. [1] spdx/change-proposal#4 Signed-off-by: Marcel Bochtler <marcel.bochtler@bosch.com>
- Loading branch information