Date   

Re: Question about optional License fields

Dick Brooks
 

Thanks, Rose.

 

Much appreciate the quick response. Just to confirm, all of these fields shown below will be optional after the changes – correct?

 

PackageLicenseConcluded: NOASSERTION

PackageLicenseDeclared: NOASSERTION

PackageCopyrightText: NOASSERTION

 

Also, did we also decide to make PackageChecksum optional in V 2.3?

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx-implementers@... <spdx-implementers@...> On Behalf Of Rose Judge
Sent: Sunday, May 1, 2022 11:42 PM
To: spdx-implementers@...
Subject: Re: [spdx-implementers] Question about optional License fields

 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 



Re: Question about optional License fields

Rose Judge
 

Hi Dick,

 

I have a PR open right now to make PackageLicenseConcluded (among other currently required licensing fields) optional in 2.3: https://github.com/spdx/spdx-spec/pull/635

 

Assuming the PR is merged, if the Concluded License field is not present for a file, it implies an equivalent meaning to `NOASSERTION`.

 

-Rose

From: spdx-implementers@... <spdx-implementers@...> on behalf of Dick Brooks via lists.spdx.org <dick=reliableenergyanalytics.com@...>
Date: Saturday, April 30, 2022 at 10:56 AM
To: spdx-implementers@... <spdx-implementers@...>
Subject: [spdx-implementers] Question about optional License fields

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

 



Question about optional License fields

Dick Brooks
 

Hello Everyone,

 

REA has started working on SPDX V 2.3 enhancements and we have a question regarding optional License fields.

 

The current 2.3 branch shows that certain License elements are still required, but I seem to recall some discussion about making license elements optional in V 2.3, i.e., PackageLicenseConcluded, etc..

 

Will the Package License fields still be required?

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 


Updated Event: SPDX Implementers Meeting #cal-invite

spdx-implementers@lists.spdx.org Calendar <noreply@...>
 

SPDX Implementers Meeting

When:
Tuesday, May 17, 2022
8:00am to 9:00am
(UTC-07:00) America/Los Angeles
Repeats: Every 2 weeks on Tuesday

Where:
https://meet.jit.si/SPDXImplementersMeeting

Organizer: Rose Judge rjudge@...

View Event

Description:
A meeting for developers implementing SPDX-interoperable consumption or document creation tools to discuss best practices around how fields are populated, identify instances where different use cases might lead to different choices for fields and structures of documents.

Meeting minutes: https://spdx.swinslow.net/p/spdx-implementers-minutes
Github minutes: https://github.com/spdx/meetings/tree/main/implementors


Event: Rose Judge #cal-invite

spdx-implementers@lists.spdx.org Calendar <noreply@...>
 

Rose Judge

When:
Tuesday, May 17, 2022
8:00am to 9:00am
(UTC-07:00) America/Los Angeles
Repeats: Every 2 weeks on Tuesday

Where:
https://meet.jit.si/SPDXImplementersMeeting

Organizer: Rose Judge rjudge@...

View Event

Description:
A meeting for developers implementing SPDX-interoperable consumption or document creation tools to discuss best practices around how fields are populated, identify instances where different use cases might lead to different choices for fields and structures of documents.

Meeting minutes: https://spdx.swinslow.net/p/spdx-implementers-minutes
Github minutes: https://github.com/spdx/meetings/tree/main/implementors

21 - 25 of 25