-
Notifications
You must be signed in to change notification settings - Fork 314
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(reporter): Align setting
licenseInfoFromFiles
with the spec v2.2
The description for the `filesAnalyzed` attribute says that "If false, the package shall not contain any files.", see [1]. This in turn implies that `licenseInfoFromFiles` must be empty in that case. Running [2] against an SPDX document which has a package with `filesAnalyzed=false` and a non-empty value for `licenseInfoFromFiles` yields an error saying that the document is not valid for mentioned reason. Fix that issue by reporting non-empty `licenseInfoInFiles` only for VCS and source artifact packages. [1] https://github.com/spdx/spdx-spec/blob/development/v2.2.1/chapters/package-information.md#78-files-analyzed-field- [2] https://github.com/spdx/tools-python Signed-off-by: Frank Viernau <[email protected]>
- Loading branch information
Showing
3 changed files
with
13 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters