8000 Do not use hashes for SPDX license names/expressions by spiffcs · Pull Request #3844 · anchore/syft · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Do not use hashes for SPDX license names/expressions #3844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 2, 2025
Merged

Do not use hashes for SPDX license names/expressions #3844

merged 2 commits into from
May 2, 2025

Conversation

spiffcs
Copy link
Contributor
@spiffcs spiffcs commented May 1, 2025
edited by wagoodman
Loading

This PR takes the recent full text license work and updates how we're interpreting the value field when converting to spdx. Given that we no longer worry about fullText being included in this field, value is now treated like Expressions when calculating the ID for SPDX licenses in the format helpers.

This means longer value that exceeded 64 characters in length do not lose information when being set to the SPDX license ID. We previously because value was a dump for both full text and anything NOT valid spdx expressions.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

spiffcs added 2 commits May 1, 2025 19:06
@spiffcs
feat: remove value constraint for hashing contents of license
36f6f3c 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@spiffcs
chore: add new tests for generate license ID
5c23f67 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@spiffcs spiffcs changed the title 3780 valid spdx 3780 do not hash license 'value' for spdx format May 1, 2025
@spiffcs spiffcs added the enhancement New feature or request label May 1, 2025
@spiffcs spiffcs self-assigned this May 2, 2025
@wagoodman wagoodman changed the title 3780 do not hash license 'value' for spdx format Do not use hashes for SPDX license names/expressions May 2, 2025
@spiffcs spiffcs merged commit 6ba087c into main May 2, 2025
13 checks passed
@spiffcs spiffcs deleted the 3780-valid-spdx-id branch May 2, 2025 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees

@spiffcs spiffcs

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Return full license string instead of SHA256 hash when license string exceeds 64 characters.
2 participants
@spiffcs @wagoodman
0