Representing Projects Using SPDX 2.0

Robin Gandhi

Hello all,

In our work with a industry partner at the University of Nebraska-Omaha, a request that has come up often is related to project-level visibility of license information. While project-level information can be managed separately from SPDX, there is value in maintaining  the project-level information in a manner similar to the individual project components. However, from a tooling perspective, the project-level view is different from the typical “one-shot” SPDX document generation for a directory or compressed files. After examining the possibilities with the SPDX 2.0 spec, we have come-up with a proposal to handle project-level information in DoSOCSV2 implementation. Please see the attached document. Any and all feedback is welcome in helping us “figure” this out. Especially, if our interpretation and usage of the SPDX spec is appropriate. We also had some early discussions with Kate regarding this. 

Best Regards,

Robin and the UNO DoSOCSv2 team (Matt, Uday and Josiah)

Join to automatically receive all group messages.