Re: Question about optional License fields
|
Rose Judge
Yes, this was fixed with a PR I opened that was recently merged for 2.2.2. If you look at the latest github branch, you can see the changes reflected. I suspect the spec has not been updated yet with the latest 2.2.2 changes from GitHub but hopefully will be soon (I can ask at the tech call tomorrow).
From:
spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...> Thanks, Rose.
Should we also change Cardinality to 0..* instead of 1..* to show that this item in optional?
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From: spdx-implementers@... <spdx-implementers@...>
On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 12:39 PM To: spdx-implementers@... Subject: Re: [spdx-implementers] Question about optional License fields
Correct -- PackageLicenseConcluded, PackageLicenseDeclared, PackageCopyrightText will all be optional for 2.3 once the PR is merged.
As for package checksum, it is currently optional in the 2.2 spec and I don’t remember any discussions around making it mandatory in 2.3…
-Rose
From:
spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via
lists.spdx.org <dick=reliableenergyanalytics.com@...> Thanks, Rose.
Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?
PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION
Also, did we also decide to make PackageChecksum optional in V 2.3?
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From:
spdx-implementers@... <spdx-implementers@...>
On Behalf Of Rose Judge
Hi Dick,
I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635
Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.
-Rose From:
spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via
lists.spdx.org <dick=reliableenergyanalytics.com@...> Hello Everyone,
REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.
The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e.,
Will the Package License fields still be required?
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
|
||||||
|
|
