There is some discussion about this here: https://github.com/spdx/spdx-maven-plugin/issues/24
Personally I used the SPX URL for the Pom entry (but that has the disadvantage that some auditors want a tagged Repo location to the license). I think the SPDX maven plug-in can compare the url. Here are some OSI sourced entries as well: https://github.com/OpenSourceOrg/licenses/tree/master/licenses Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: Gary Gregory <garydgreg...@gmail.com> Gesendet: Friday, February 11, 2022 7:48:58 PM An: Maven Developers List <dev@maven.apache.org> Betreff: Formal identification of license in a POM license element Hi All: While researching GitHub's citation support [1], I found that there is a plugin to convert a pom.xml into a CFF file [2]. I'd like to generate a CFF file for Apache Commons Components like Commons Lang, Commons IO, and so on. This plugin works but does not generate a license field [3] because the POM license element does not hold a slot to identify a license with a formal ID, in this case, the Linux Foundation SPDX ID [4] https://spdx.dev/ids/ Any thoughts about supporting such a field for example "spdxID" or even just "id" ? 1. <licenses> 2. <license> 3. <id>Apache-2.0</id> <!-- This is a SPDX ID --> 4. <name>Apache License, Version 2.0</name> 5. <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url> 6. <distribution>repo</distribution> 7. <comments>A business-friendly OSS license</comments> 8. </license> 9. </licenses> ? Gary [1] https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-citation-files [2] https://github.com/hexatomic/cff-maven-plugin [3] https://github.com/hexatomic/cff-maven-plugin/issues/28 [4] https://spdx.dev/ids/
