enhanced structured data for copyright tracking
At work, we are writing a build-tool which generates APKv3 files as output. However, we would like to capture more of the copyright/license metadata than just the license
field of APKBUILD
.
I propose the following:
copyright:
- path: "[glob mask relevant to $srcdir]"
license: "[SPDX identifier, like old `license` field]"
attestations:
- "Copyright (c) 20XX foobar"
- "Copyright (c) 20XX baz"
An APKBUILD
with license="ISC"
would then map to:
copyright:
- path: "*"
license: "ISC"
If this seems agreeable, I can work on a patch next week for this. It is related to the SBOM work, see #10780.