PDF file for the SPDX 2.3 Specification - partial success!


Sebastian Crane
 

Dear all,

I have been able to generate a PDF file of the SPDX 2.3 Specification using
the TeX template which is present in our GitHub 'Org'. However, there are some
issues with text overlapping the margins on pages 36 and 183. Additionally, I
have not yet added the cover page or any headers/footers. Finally, the visual
presentation appears different from SPDX 2.2.1's PDF file (I haven't been able
to locate the theming information that's been used in the past. Given the
typeface used, it appears to have been generated using Microsoft Word rather
than TeX).

Please see the attached PDF file if you are interested, but don't consider it
to be an official SPDX document at this point, due to the aforementioned
typographical errors and any other issues that might be found before
publication.

If you want the 'real' SPDX 2.3 specification, please see our website for the
HTML version: https://spdx.dev/specifications/

Best wishes,

Sebastian


Kate Stewart
 

Thank you very much Sebastian!

That's an awesome start. 

I'm trying to remember if Jack had to hack on a cover or not.   Possibly that was how it was done?
Maybe Gary or Alexios remember.    

But getting the bulk of the spec translated into a .pdf like this moves us forward. 

On Tue, Aug 23, 2022 at 1:11 PM Sebastian Crane <seabass-labrax@...> wrote:
Dear all,

I have been able to generate a PDF file of the SPDX 2.3 Specification using
the TeX template which is present in our GitHub 'Org'. However, there are some
issues with text overlapping the margins on pages 36 and 183. Additionally, I
have not yet added the cover page or any headers/footers. Finally, the visual
presentation appears different from SPDX 2.2.1's PDF file (I haven't been able
to locate the theming information that's been used in the past. Given the
typeface used, it appears to have been generated using Microsoft Word rather
than TeX).

Please see the attached PDF file if you are interested, but don't consider it
to be an official SPDX document at this point, due to the aforementioned
typographical errors and any other issues that might be found before
publication.

If you want the 'real' SPDX 2.3 specification, please see our website for the
HTML version: https://spdx.dev/specifications/

Best wishes,

Sebastian






Manbeck, Jack
 

Hi Sebastian thanks for this. When I was converting to PDF I found I had to go to word first and then do the fixups there and then generate the PDF from word. Ideally it would be nice to fix it in the templates, etc.,. but I dint have skill.

Jack

-----Original Message-----
From: Spdx-tech@... <Spdx-tech@...> On Behalf Of Sebastian Crane
Sent: Tuesday, August 23, 2022 2:12 PM
To: SPDX Technical Mailing List <spdx-tech@...>
Subject: [EXTERNAL] [spdx-tech] PDF file for the SPDX 2.3 Specification - partial success!

Dear all,

I have been able to generate a PDF file of the SPDX 2.3 Specification using the TeX template which is present in our GitHub 'Org'. However, there are some issues with text overlapping the margins on pages 36 and 183. Additionally, I have not yet added the cover page or any headers/footers. Finally, the visual presentation appears different from SPDX 2.2.1's PDF file (I haven't been able to locate the theming information that's been used in the past. Given the typeface used, it appears to have been generated using Microsoft Word rather than TeX).

Please see the attached PDF file if you are interested, but don't consider it to be an official SPDX document at this point, due to the aforementioned typographical errors and any other issues that might be found before publication.

If you want the 'real' SPDX 2.3 specification, please see our website for the HTML version: https://spdx.dev/specifications/

Best wishes,

Sebastian


Dick Brooks
 

Hello Everyone,

Hoping someone can provide insights under the topic of "Fun with
FilesAnalyzed" in V 2.3.

Now that we have a PrimaryPackagePurpose with a "FILE" option, do we ever
need to produce a "FileName" object in a V 2.3 SPDX SBOM?
If no, should we always set FilesAnalyzed = false and just show PackageName
objects?

I welcome your insights.


Thanks,

Dick Brooks

Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership

Never trust software, always verify and report! T
http://www.reliableenergyanalytics.com
Email: dick@...
Tel: +1 978-696-1788

-----Original Message-----
From: Spdx-tech@... <Spdx-tech@...> On Behalf Of
Sebastian Crane
Sent: Tuesday, August 23, 2022 2:12 PM
To: SPDX Technical Mailing List <spdx-tech@...>
Subject: [spdx-tech] PDF file for the SPDX 2.3 Specification - partial
success!

Dear all,

I have been able to generate a PDF file of the SPDX 2.3 Specification using
the TeX template which is present in our GitHub 'Org'. However, there are
some issues with text overlapping the margins on pages 36 and 183.
Additionally, I have not yet added the cover page or any headers/footers.
Finally, the visual presentation appears different from SPDX 2.2.1's PDF
file (I haven't been able to locate the theming information that's been used
in the past. Given the typeface used, it appears to have been generated
using Microsoft Word rather than TeX).

Please see the attached PDF file if you are interested, but don't consider
it to be an official SPDX document at this point, due to the aforementioned
typographical errors and any other issues that might be found before
publication.

If you want the 'real' SPDX 2.3 specification, please see our website for
the HTML version: https://spdx.dev/specifications/

Best wishes,

Sebastian


Gary O'Neall
 

Hi Dick,

If you have a package with a PrimaryPackagePurpose of "FILE", I would agree
you could just have a packageName property and not be required to have an
additional SpdxFile object. Also, setting FilesAnalyze to false would be
correct IMO.

Regards,
Gary

-----Original Message-----
From: Spdx-tech@... <Spdx-tech@...> On Behalf Of
Dick
Brooks
Sent: Saturday, August 27, 2022 9:37 AM
To: 'SPDX Technical Mailing List' <spdx-tech@...>
Subject: Re: [spdx-tech] PDF file for the SPDX 2.3 Specification - partial
success!

Hello Everyone,

Hoping someone can provide insights under the topic of "Fun with
FilesAnalyzed" in V 2.3.

Now that we have a PrimaryPackagePurpose with a "FILE" option, do we ever
need to produce a "FileName" object in a V 2.3 SPDX SBOM?
If no, should we always set FilesAnalyzed = false and just show
PackageName
objects?

I welcome your insights.


Thanks,

Dick Brooks

Active Member of the CISA Critical Manufacturing Sector, Sector
Coordinating
Council - A Public-Private Partnership

Never trust software, always verify and report! T
http://www.reliableenergyanalytics.com
Email: dick@...
Tel: +1 978-696-1788

-----Original Message-----
From: Spdx-tech@... <Spdx-tech@...> On Behalf Of
Sebastian Crane
Sent: Tuesday, August 23, 2022 2:12 PM
To: SPDX Technical Mailing List <spdx-tech@...>
Subject: [spdx-tech] PDF file for the SPDX 2.3 Specification - partial
success!

Dear all,

I have been able to generate a PDF file of the SPDX 2.3 Specification
using the
TeX template which is present in our GitHub 'Org'. However, there are some
issues with text overlapping the margins on pages 36 and 183.
Additionally, I have not yet added the cover page or any headers/footers.
Finally, the visual presentation appears different from SPDX 2.2.1's PDF
file (I
haven't been able to locate the theming information that's been used in
the
past. Given the typeface used, it appears to have been generated using
Microsoft Word rather than TeX).

Please see the attached PDF file if you are interested, but don't consider
it to
be an official SPDX document at this point, due to the aforementioned
typographical errors and any other issues that might be found before
publication.

If you want the 'real' SPDX 2.3 specification, please see our website for
the
HTML version: https://spdx.dev/specifications/

Best wishes,

Sebastian









Dick Brooks
 

Thanks Gary much appreciate the direction

On Aug 27, 2022, at 1:55 PM, Gary O'Neall <gary@...> wrote:

Hi Dick,

If you have a package with a PrimaryPackagePurpose of "FILE", I would agree
you could just have a packageName property and not be required to have an
additional SpdxFile object. Also, setting FilesAnalyze to false would be
correct IMO.

Regards,
Gary

-----Original Message-----
From: Spdx-tech@... <Spdx-tech@...> On Behalf Of
Dick
Brooks
Sent: Saturday, August 27, 2022 9:37 AM
To: 'SPDX Technical Mailing List' <spdx-tech@...>
Subject: Re: [spdx-tech] PDF file for the SPDX 2.3 Specification - partial
success!

Hello Everyone,

Hoping someone can provide insights under the topic of "Fun with
FilesAnalyzed" in V 2.3.

Now that we have a PrimaryPackagePurpose with a "FILE" option, do we ever
need to produce a "FileName" object in a V 2.3 SPDX SBOM?
If no, should we always set FilesAnalyzed = false and just show
PackageName
objects?

I welcome your insights.


Thanks,

Dick Brooks

Active Member of the CISA Critical Manufacturing Sector, Sector
Coordinating
Council - A Public-Private Partnership

Never trust software, always verify and report! T
http://www.reliableenergyanalytics.com
Email: dick@...
Tel: +1 978-696-1788

-----Original Message-----
From: Spdx-tech@... <Spdx-tech@...> On Behalf Of
Sebastian Crane
Sent: Tuesday, August 23, 2022 2:12 PM
To: SPDX Technical Mailing List <spdx-tech@...>
Subject: [spdx-tech] PDF file for the SPDX 2.3 Specification - partial
success!

Dear all,

I have been able to generate a PDF file of the SPDX 2.3 Specification
using the
TeX template which is present in our GitHub 'Org'. However, there are some
issues with text overlapping the margins on pages 36 and 183.
Additionally, I have not yet added the cover page or any headers/footers.
Finally, the visual presentation appears different from SPDX 2.2.1's PDF
file (I
haven't been able to locate the theming information that's been used in
the
past. Given the typeface used, it appears to have been generated using
Microsoft Word rather than TeX).

Please see the attached PDF file if you are interested, but don't consider
it to
be an official SPDX document at this point, due to the aforementioned
typographical errors and any other issues that might be found before
publication.

If you want the 'real' SPDX 2.3 specification, please see our website for
the
HTML version: https://spdx.dev/specifications/

Best wishes,

Sebastian














Dick Brooks
 

Hello Everyone,

REA has created a SPDX V 2.3 Tag Value SBOM, that we "hope" is valid.

Will share this SBOM with anyone interested in testing/validating/discussing SPDX V2.3 SBOM.
NOTE: This SBOM is used for software supply chain risk assessment ONLY and does not include license use case information.

Thanks,

Dick Brooks

Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council – A Public-Private Partnership

Never trust software, always verify and report! ™
http://www.reliableenergyanalytics.com
Email: dick@...
Tel: +1 978-696-1788

-----Original Message-----
From: Spdx-tech@... <Spdx-tech@...> On Behalf Of Dick Brooks
Sent: Saturday, August 27, 2022 2:45 PM
To: Gary O'Neall <gary@...>
Cc: SPDX Technical Mailing List <spdx-tech@...>
Subject: Re: [spdx-tech] PDF file for the SPDX 2.3 Specification - partial success!

Thanks Gary much appreciate the direction
On Aug 27, 2022, at 1:55 PM, Gary O'Neall <gary@...> wrote:

Hi Dick,

If you have a package with a PrimaryPackagePurpose of "FILE", I would
agree you could just have a packageName property and not be required
to have an additional SpdxFile object. Also, setting FilesAnalyze to
false would be correct IMO.

Regards,
Gary

-----Original Message-----
From: Spdx-tech@... <Spdx-tech@...> On Behalf
Of
Dick
Brooks
Sent: Saturday, August 27, 2022 9:37 AM
To: 'SPDX Technical Mailing List' <spdx-tech@...>
Subject: Re: [spdx-tech] PDF file for the SPDX 2.3 Specification -
partial success!

Hello Everyone,

Hoping someone can provide insights under the topic of "Fun with
FilesAnalyzed" in V 2.3.

Now that we have a PrimaryPackagePurpose with a "FILE" option, do we
ever need to produce a "FileName" object in a V 2.3 SPDX SBOM?
If no, should we always set FilesAnalyzed = false and just show
PackageName
objects?

I welcome your insights.


Thanks,

Dick Brooks

Active Member of the CISA Critical Manufacturing Sector, Sector
Coordinating
Council - A Public-Private Partnership

Never trust software, always verify and report! T
http://www.reliableenergyanalytics.com
Email: dick@...
Tel: +1 978-696-1788

-----Original Message-----
From: Spdx-tech@... <Spdx-tech@...> On Behalf
Of Sebastian Crane
Sent: Tuesday, August 23, 2022 2:12 PM
To: SPDX Technical Mailing List <spdx-tech@...>
Subject: [spdx-tech] PDF file for the SPDX 2.3 Specification -
partial
success!

Dear all,

I have been able to generate a PDF file of the SPDX 2.3 Specification
using the
TeX template which is present in our GitHub 'Org'. However, there are
some issues with text overlapping the margins on pages 36 and 183.
Additionally, I have not yet added the cover page or any headers/footers.
Finally, the visual presentation appears different from SPDX 2.2.1's
PDF
file (I
haven't been able to locate the theming information that's been used
in
the
past. Given the typeface used, it appears to have been generated
using Microsoft Word rather than TeX).

Please see the attached PDF file if you are interested, but don't
consider
it to
be an official SPDX document at this point, due to the aforementioned
typographical errors and any other issues that might be found before
publication.

If you want the 'real' SPDX 2.3 specification, please see our website
for
the
HTML version: https://spdx.dev/specifications/

Best wishes,

Sebastian