On Mon, 2020-11-16 at 09:28 -0600, Ryan Pavlik wrote: > Yes, it's disappointing that licensecheck doesn't handle the SPDX > tags. Fortunately, SPDX tags are very close, if not identical, to the Debian short form of the license. So, in theory, you can grep for 'GPL-v2' for example. But SPDX-License-Identifier is easier to grep for since the string SPDX is kinda uncommon. > I also have used "CME" for a variety of maintenance tasks, including > copyright-file creation/analysis. It's pretty good, if somewhat more > verbose that I would be writing it by hand. See my personal packaging > notes here for some info and links: > https://gist.github.com/rpavlik/0e68877cd47396d39366ae3a59e8fafd > Ryan > > On Fri, Nov 13, 2020 at 7:46 PM Paul Wise <pabs@debian.org> wrote: > > > > On Fri, Nov 13, 2020 at 4:08 PM Marc Haber wrote: > > > > > after a second look, licensecheck doesn't look too good any more. > > > It > > > doesn't grok the quite common SPDX notation, and I would love a > > > tool > > > that also checks debian/copyright (it's machine readable for a > > > reason) > > > and tells me which files are not listed in there. > > > > The available copyright review tools are documented here: > > > > https://wiki.debian.org/CopyrightReviewTools > > > > I hear that scanCode is the best one, but it isn't in Debian. ScanCode is terrific, but it is undergoing a move from python 2.7 to 3.6 and is not yet packaged. I have a plan to add spdx support to licensecheck, I think the best place for that is the Debian bug tracker. Cheers, Jeremiah > > -- > > bye, > > pabs > > > > https://wiki.debian.org/PaulWise > > >
Attachment:
signature.asc
Description: This is a digitally signed message part