Date   

Re: Reminder: meeting tomorrow Nov 16th

Maximilian Huber
 

Hey Rose,

I would love to join, but as said in the beginning, this slot collides
for me with a non-movable reporting meeting. Will there be a recording?

As mentioned yesterday, I have implemented SPDX3 (or what I think SPDX3
currently looks like) and there are already some example JSON files
generated in [1]. ("Implemented" here has the meaning of an 80% complete
implementation, ignoring some of the typing and ENUM restrictions)

Best
Max

[1] https://github.com/maxhbr/spdx-3-model.hs/tree/main/_testOut

"Rose Judge via lists.spdx.org" <rjudge=vmware.com@...> writes:

There is a scheduled SPDX implementers call tomorrow, November 16th (8am PST/11am EST/5pm CEST -
https://meet.jit.si/SPDXImplementersMeeting).



I’ll plan to join tomorrow and host whoever shows up. Do folks want to meet or have topics to discuss?



Thanks,

Rose


--
TNG Technology Consulting GmbH, Beta-Str. 13a, 85774 Unterföhring
Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Thomas Endres
Aufsichtsratsvorsitzender: Christoph Stock
Sitz: Unterföhring * Amtsgericht München * HRB 135082


Reminder: meeting tomorrow Nov 16th

Rose Judge
 

There is a scheduled SPDX implementers call tomorrow, November 16th (8am PST/11am EST/5pm CEST - https://meet.jit.si/SPDXImplementersMeeting).

 

I’ll plan to join tomorrow and host whoever shows up. Do folks want to meet or have topics to discuss?

 

Thanks,

Rose


June 15th Implementers meeting minutes available for review

Rose Judge
 

We didn’t cover much given the short meeting but a PR for this week’s meeting minutes is available for review: https://github.com/spdx/meetings/pull/191/files#diff-b6d198f07f2d146f3e04889b30268a504b8a0fa858dd337ed945dffb92216a5e

 

We’ll merge this at the beginning of the next call on June 29th.

 

Thanks,

Rose


Reminder: SPDX Implementers meeting tomorrow, June 15th

Rose Judge
 

The SPDX implementers meeting is tomorrow, June 15th (8am PDT/11am EDT/5pm CEST - https://meet.jit.si/SPDXImplementersMeeting). Here’s the agenda:

 

 

If you have any other topics you would like to cover, please add them to the agenda here: https://spdx.swinslow.net/p/spdx-implementers-minutes

 

Talk to you soon,

Rose


June 1st meeting minutes available for review

Rose Judge
 

Hello SPDX Implementers,

 

Last week’s meeting minutes are available to review: https://github.com/spdx/meetings/pull/185.

 

Please take a look and let me know if there’s anything that needs changing (you can comment directly on the PR). We will merge this PR at the beginning of the call next week.

 

Thank you,

-Rose

 


Re: SPDX Implementers meeting Wednesday June 1st

Dick Brooks
 

Thank you, Rose. Much appreciated.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, June 1, 2022 2:02 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] SPDX Implementers meeting Wednesday June 1st

 

Hi Dick,

 

For future reference, the meeting is link is:

https://meet.jit.si/SPDXImplementersMeeting

 

To subscribe to the meeting invite please do so here: https://lists.spdx.org/g/spdx-implementers/calendar using the “Subscribe to calendar” button. The next meeting is scheduled for June 15th.

 

Thanks,

Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Wednesday, June 1, 2022 at 4:58 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] SPDX Implementers meeting Wednesday June 1st

Rose,

 

Please resend the Wednesday invitation. It’s not on my calendar.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, June 1, 2022 12:00 AM
To: spdx-implementers@...
Subject: [spdx-implementers] SPDX Implementers meeting Wednesday June 1st

 

Hello SPDX Implementers,

 

The second SPDX implementers meeting is tomorrow, June 1st (8am PDT/11am EDT/5pm CEST). Here’s the agenda:

 

  • Approve meeting minutes from the last call.
  • Please add your tool to the SPDX SBOM landscape.
  • Follow-up discussion about SPDX formats: What’s needed? What’s most useful? Should any be deprecated?
  • Open table

 

 

If you have any other topics you would like to cover, please feel free to add to the agenda here: https://spdx.swinslow.net/p/spdx-implementers-minutes

 

Talk to you soon,

Rose

 

 



Re: SPDX Implementers meeting Wednesday June 1st

Rose Judge
 

Hi Dick,

 

For future reference, the meeting is link is:

https://meet.jit.si/SPDXImplementersMeeting

 

To subscribe to the meeting invite please do so here: https://lists.spdx.org/g/spdx-implementers/calendar using the “Subscribe to calendar” button. The next meeting is scheduled for June 15th.

 

Thanks,

Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Wednesday, June 1, 2022 at 4:58 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] SPDX Implementers meeting Wednesday June 1st

Rose,

 

Please resend the Wednesday invitation. It’s not on my calendar.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, June 1, 2022 12:00 AM
To: spdx-implementers@...
Subject: [spdx-implementers] SPDX Implementers meeting Wednesday June 1st

 

Hello SPDX Implementers,

 

The second SPDX implementers meeting is tomorrow, June 1st (8am PDT/11am EDT/5pm CEST). Here’s the agenda:

 

  • Approve meeting minutes from the last call.
  • Please add your tool to the SPDX SBOM landscape.
  • Follow-up discussion about SPDX formats: What’s needed? What’s most useful? Should any be deprecated?
  • Open table

 

 

If you have any other topics you would like to cover, please feel free to add to the agenda here: https://spdx.swinslow.net/p/spdx-implementers-minutes

 

Talk to you soon,

Rose

 

 



Re: SPDX Implementers meeting Wednesday June 1st

Dick Brooks
 

Rose,

 

Please resend the Wednesday invitation. It’s not on my calendar.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, June 1, 2022 12:00 AM
To: spdx-implementers@...
Subject: [spdx-implementers] SPDX Implementers meeting Wednesday June 1st

 

Hello SPDX Implementers,

 

The second SPDX implementers meeting is tomorrow, June 1st (8am PDT/11am EDT/5pm CEST). Here’s the agenda:

 

  • Approve meeting minutes from the last call.
  • Please add your tool to the SPDX SBOM landscape.
  • Follow-up discussion about SPDX formats: What’s needed? What’s most useful? Should any be deprecated?
  • Open table

 

 

If you have any other topics you would like to cover, please feel free to add to the agenda here: https://spdx.swinslow.net/p/spdx-implementers-minutes

 

Talk to you soon,

Rose

 


SPDX Implementers meeting Wednesday June 1st

Rose Judge
 

Hello SPDX Implementers,

 

The second SPDX implementers meeting is tomorrow, June 1st (8am PDT/11am EDT/5pm CEST). Here’s the agenda:

 

  • Approve meeting minutes from the last call.
  • Please add your tool to the SPDX SBOM landscape.
  • Follow-up discussion about SPDX formats: What’s needed? What’s most useful? Should any be deprecated?
  • Open table

 

 

If you have any other topics you would like to cover, please feel free to add to the agenda here: https://spdx.swinslow.net/p/spdx-implementers-minutes

 

Talk to you soon,

Rose

 


SPDX Implementers meeting update + minutes

Rose Judge
 

Hello SPDX Implementers,

 

As discussed in the inaugural call today, the SPDX Implementers meeting will take place every other Wednesday at 8am PDT/11am EDT/5pm CEST moving forward. I have updated the calendar invite to reflect the day change (time of meeting remains the same). The next meeting will take place on June 1st.

 

I’ve also opened a PR capturing the meeting minutes from today’s call: https://github.com/spdx/meetings/pull/161. Please take a look and let me know if there’s anything that needs changing (you can comment directly on the PR). We’ll merge this PR at the beginning of next call.

 

Thanks,

Rose

 


Updated Event: SPDX Implementers Meeting #cal-invite

Group Notification <noreply@...>
 

SPDX Implementers Meeting

When:
Wednesday, June 1, 2022
8:00am to 9:00am
(UTC-07:00) America/Los Angeles
Repeats: Every 2 weeks on Wednesday

Where:
https://meet.jit.si/SPDXImplementersMeeting

Organizer: Rose Judge rjudge@...

View Event

Description:
A meeting for developers implementing SPDX-interoperable consumption or document creation tools to discuss best practices around how fields are populated, identify instances where different use cases might lead to different choices for fields and structures of documents.

Meeting minutes: https://spdx.swinslow.net/p/spdx-implementers-minutes
Github minutes: https://github.com/spdx/meetings/tree/main/implementors


First implementers meeting tomorrow, May 17th

Rose Judge
 

Hi folks,

 

The first SPDX implementers meeting is scheduled for tomorrow. Here’s the agenda for the kick-off call:

 

  • Introductions
  • Procedure for meeting minutes/approval of minutes
  • Confirm that this day works for folks to meet. Originally we had talked about using the same time slot as the Open Chain Tooling work group but I am realizing that their call is on Wednesdays. I must’ve accidentally scheduled this meeting the wrong day of the week when I setup the invite.
    • Would folks prefer Tuesday or Wednesday at this time?
  • Does everyone feel that their tooling can cover the minimum elements for an SBOM?

 

 

If you have any other topics you would like to cover, please feel free to add to the agenda here: https://spdx.swinslow.net/p/spdx-implementers-minutes

 

Talk to you soon,

Rose


Re: Question about optional License fields

Gary O'Neall
 

Thanks Dick – I’ll take you up on the testing 😊

 

Gary

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Dick Brooks
Sent: Monday, May 2, 2022 2:59 PM
To: spdx-implementers@...; 'Rose Judge' <rjudge@...>
Subject: Re: [spdx-implementers] Question about optional License fields

 

Excellent – Thanks, Gary. Just let me know when you’re ready to do some testing.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Gary O'Neall
Sent: Monday, May 2, 2022 4:19 PM
To: 'Rose Judge' <rjudge@...>; spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Yep – that would be me 😊

 

I’ll update the validation tool once the PR’s are merged and the 2.3 version is a bit more stable.

 

Best,
Gary

 

From: Rose Judge <rjudge@...>
Sent: Monday, May 2, 2022 12:35 PM
To: spdx-implementers@...; Gary O'Neall <gary@...>
Subject: Re: [spdx-implementers] Question about optional License fields

 

I’ll defer to @Gary O'Neall on this but I suspect he’s working on it.

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 10:30 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

One last item.

 

Is anyone working on updates to the online validation tool to address these changes?

 

If so I would like to  submit some candidate SBOM’s in V 2.3 for testing.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: Dick Brooks <dick@...>
Sent: Monday, May 2, 2022 12:52 PM
To: 'spdx-implementers@...' <spdx-implementers@...>
Subject: RE: [spdx-implementers] Question about optional License fields

 

Thanks, Rose.

Attribute

Value

Required

No

Cardinality

1..*

 

Should we also change Cardinality to 0..* instead of 1..* to show that this item in optional?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 12:39 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Correct --  PackageLicenseConcluded, PackageLicenseDeclared, PackageCopyrightText will all be optional for 2.3 once the PR is merged.

 

As for package checksum, it is currently optional in the 2.2 spec and I don’t remember any discussions around making it mandatory in 2.3…

 

-Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:02 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

 

Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?

 

PackageLicenseConcluded: NOASSERTION

PackageLicenseDeclared: NOASSERTION

PackageCopyrightText: NOASSERTION

 

Also, did we also decide to make PackageChecksum optional in V 2.3?

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Sunday, May 1, 2022 11:42 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 



Re: Question about optional License fields

Dick Brooks
 

Excellent – Thanks, Gary. Just let me know when you’re ready to do some testing.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Gary O'Neall
Sent: Monday, May 2, 2022 4:19 PM
To: 'Rose Judge' <rjudge@...>; spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Yep – that would be me 😊

 

I’ll update the validation tool once the PR’s are merged and the 2.3 version is a bit more stable.

 

Best,
Gary

 

From: Rose Judge <rjudge@...>
Sent: Monday, May 2, 2022 12:35 PM
To: spdx-implementers@...; Gary O'Neall <gary@...>
Subject: Re: [spdx-implementers] Question about optional License fields

 

I’ll defer to @Gary O'Neall on this but I suspect he’s working on it.

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 10:30 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

One last item.

 

Is anyone working on updates to the online validation tool to address these changes?

 

If so I would like to  submit some candidate SBOM’s in V 2.3 for testing.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: Dick Brooks <dick@...>
Sent: Monday, May 2, 2022 12:52 PM
To: 'spdx-implementers@...' <spdx-implementers@...>
Subject: RE: [spdx-implementers] Question about optional License fields

 

Thanks, Rose.

Attribute

Value

Required

No

Cardinality

1..*

 

Should we also change Cardinality to 0..* instead of 1..* to show that this item in optional?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 12:39 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Correct --  PackageLicenseConcluded, PackageLicenseDeclared, PackageCopyrightText will all be optional for 2.3 once the PR is merged.

 

As for package checksum, it is currently optional in the 2.2 spec and I don’t remember any discussions around making it mandatory in 2.3…

 

-Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:02 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

 

Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?

 

PackageLicenseConcluded: NOASSERTION

PackageLicenseDeclared: NOASSERTION

PackageCopyrightText: NOASSERTION

 

Also, did we also decide to make PackageChecksum optional in V 2.3?

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Sunday, May 1, 2022 11:42 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 



Re: Question about optional License fields

Gary O'Neall
 

Yep – that would be me 😊

 

I’ll update the validation tool once the PR’s are merged and the 2.3 version is a bit more stable.

 

Best,
Gary

 

From: Rose Judge <rjudge@...>
Sent: Monday, May 2, 2022 12:35 PM
To: spdx-implementers@...; Gary O'Neall <gary@...>
Subject: Re: [spdx-implementers] Question about optional License fields

 

I’ll defer to @Gary O'Neall on this but I suspect he’s working on it.

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 10:30 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

One last item.

 

Is anyone working on updates to the online validation tool to address these changes?

 

If so I would like to  submit some candidate SBOM’s in V 2.3 for testing.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: Dick Brooks <dick@...>
Sent: Monday, May 2, 2022 12:52 PM
To: 'spdx-implementers@...' <spdx-implementers@...>
Subject: RE: [spdx-implementers] Question about optional License fields

 

Thanks, Rose.

Attribute

Value

Required

No

Cardinality

1..*

 

Should we also change Cardinality to 0..* instead of 1..* to show that this item in optional?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 12:39 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Correct --  PackageLicenseConcluded, PackageLicenseDeclared, PackageCopyrightText will all be optional for 2.3 once the PR is merged.

 

As for package checksum, it is currently optional in the 2.2 spec and I don’t remember any discussions around making it mandatory in 2.3…

 

-Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:02 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

 

Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?

 

PackageLicenseConcluded: NOASSERTION

PackageLicenseDeclared: NOASSERTION

PackageCopyrightText: NOASSERTION

 

Also, did we also decide to make PackageChecksum optional in V 2.3?

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Sunday, May 1, 2022 11:42 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 



Re: Question about optional License fields

Dick Brooks
 

Gary,

 

I’m happy to do some V 2.3 testing whenever you’re ready. Just let me know.

 

Thanks, Rose. Appreciate your quick turn-around.  

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 3:35 PM
To: spdx-implementers@...; Gary O'Neall <gary@...>
Subject: Re: [spdx-implementers] Question about optional License fields

 

I’ll defer to @Gary O'Neall on this but I suspect he’s working on it.

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 10:30 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

One last item.

 

Is anyone working on updates to the online validation tool to address these changes?

 

If so I would like to  submit some candidate SBOM’s in V 2.3 for testing.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: Dick Brooks <dick@...>
Sent: Monday, May 2, 2022 12:52 PM
To: 'spdx-implementers@...' <spdx-implementers@...>
Subject: RE: [spdx-implementers] Question about optional License fields

 

Thanks, Rose.

Attribute

Value

Required

No

Cardinality

1..*

 

Should we also change Cardinality to 0..* instead of 1..* to show that this item in optional?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 12:39 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Correct --  PackageLicenseConcluded, PackageLicenseDeclared, PackageCopyrightText will all be optional for 2.3 once the PR is merged.

 

As for package checksum, it is currently optional in the 2.2 spec and I don’t remember any discussions around making it mandatory in 2.3…

 

-Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:02 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

 

Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?

 

PackageLicenseConcluded: NOASSERTION

PackageLicenseDeclared: NOASSERTION

PackageCopyrightText: NOASSERTION

 

Also, did we also decide to make PackageChecksum optional in V 2.3?

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Sunday, May 1, 2022 11:42 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 



Re: Question about optional License fields

Dick Brooks
 

Thanks, Rose.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 3:35 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Yes, this was fixed with a PR I opened that was recently merged for 2.2.2. If you look at the latest github branch, you can see the changes reflected. I suspect the spec has not been updated yet with the latest 2.2.2 changes from GitHub but hopefully will be soon (I can ask at the tech call tomorrow).

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:51 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

Attribute

Value

Required

No

Cardinality

1..*

 

Should we also change Cardinality to 0..* instead of 1..* to show that this item in optional?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 12:39 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Correct --  PackageLicenseConcluded, PackageLicenseDeclared, PackageCopyrightText will all be optional for 2.3 once the PR is merged.

 

As for package checksum, it is currently optional in the 2.2 spec and I don’t remember any discussions around making it mandatory in 2.3…

 

-Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:02 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

 

Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?

 

PackageLicenseConcluded: NOASSERTION

PackageLicenseDeclared: NOASSERTION

PackageCopyrightText: NOASSERTION

 

Also, did we also decide to make PackageChecksum optional in V 2.3?

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Sunday, May 1, 2022 11:42 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 



Re: Question about optional License fields

Rose Judge
 

I’ll defer to @Gary O'Neall on this but I suspect he’s working on it.

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 10:30 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

One last item.

 

Is anyone working on updates to the online validation tool to address these changes?

 

If so I would like to  submit some candidate SBOM’s in V 2.3 for testing.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: Dick Brooks <dick@...>
Sent: Monday, May 2, 2022 12:52 PM
To: 'spdx-implementers@...' <spdx-implementers@...>
Subject: RE: [spdx-implementers] Question about optional License fields

 

Thanks, Rose.

Attribute

Value

Required

No

Cardinality

1..*

 

Should we also change Cardinality to 0..* instead of 1..* to show that this item in optional?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 12:39 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Correct --  PackageLicenseConcluded, PackageLicenseDeclared, PackageCopyrightText will all be optional for 2.3 once the PR is merged.

 

As for package checksum, it is currently optional in the 2.2 spec and I don’t remember any discussions around making it mandatory in 2.3…

 

-Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:02 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

 

Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?

 

PackageLicenseConcluded: NOASSERTION

PackageLicenseDeclared: NOASSERTION

PackageCopyrightText: NOASSERTION

 

Also, did we also decide to make PackageChecksum optional in V 2.3?

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Sunday, May 1, 2022 11:42 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 



Re: Question about optional License fields

Rose Judge
 

Yes, this was fixed with a PR I opened that was recently merged for 2.2.2. If you look at the latest github branch, you can see the changes reflected. I suspect the spec has not been updated yet with the latest 2.2.2 changes from GitHub but hopefully will be soon (I can ask at the tech call tomorrow).

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:51 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

Attribute

Value

Required

No

Cardinality

1..*

 

Should we also change Cardinality to 0..* instead of 1..* to show that this item in optional?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 12:39 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Correct --  PackageLicenseConcluded, PackageLicenseDeclared, PackageCopyrightText will all be optional for 2.3 once the PR is merged.

 

As for package checksum, it is currently optional in the 2.2 spec and I don’t remember any discussions around making it mandatory in 2.3…

 

-Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:02 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

 

Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?

 

PackageLicenseConcluded: NOASSERTION

PackageLicenseDeclared: NOASSERTION

PackageCopyrightText: NOASSERTION

 

Also, did we also decide to make PackageChecksum optional in V 2.3?

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Sunday, May 1, 2022 11:42 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 



Re: Question about optional License fields

Dick Brooks
 

One last item.

 

Is anyone working on updates to the online validation tool to address these changes?

 

If so I would like to  submit some candidate SBOM’s in V 2.3 for testing.

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: Dick Brooks <dick@...>
Sent: Monday, May 2, 2022 12:52 PM
To: 'spdx-implementers@...' <spdx-implementers@...>
Subject: RE: [spdx-implementers] Question about optional License fields

 

Thanks, Rose.

Attribute

Value

Required

No

Cardinality

1..*

 

Should we also change Cardinality to 0..* instead of 1..* to show that this item in optional?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Monday, May 2, 2022 12:39 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Correct --  PackageLicenseConcluded, PackageLicenseDeclared, PackageCopyrightText will all be optional for 2.3 once the PR is merged.

 

As for package checksum, it is currently optional in the 2.2 spec and I don’t remember any discussions around making it mandatory in 2.3…

 

-Rose

 

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Monday, May 2, 2022 at 9:02 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: Re: [spdx-implementers] Question about optional License fields

Thanks, Rose.

 

Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?

 

PackageLicenseConcluded: NOASSERTION

PackageLicenseDeclared: NOASSERTION

PackageCopyrightText: NOASSERTION

 

Also, did we also decide to make PackageChecksum optional in V 2.3?

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Sunday, May 1, 2022 11:42 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 


1 - 20 of 27