Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(spdx): Report detected root licenses as a fallback
The SPDX `licenseDeclared` field [1] is not a declared license in the ORT sense, meaning that it must originate from package metadata only, but lists any "licenses that have been declared by the authors of the package" in any way, including as part of a `LICENSE` file, which in the ORT sense would be a detected license. To account for that, fall back to using the detected licenses of root license files as the package license if no license from metadata is available. This solves the case for Go packages so far not having any `licenseDeclared` set, as they are just pointers to Git repositories which have to metadata associated. [1]: https://spdx.github.io/spdx-spec/v2.2.2/package-information/#715-declared-license-field Signed-off-by: Sebastian Schuberth <[email protected]>
- Loading branch information