Re: In favour of what are §4.9–4.11 deprecated?
toggle quoted messageShow quoted text
From: spdx@... <spdx@...> On Behalf Of Matija ?uklje
Sent: Wednesday, July 24, 2019 7:19 AM
Subject: [spdx] In favour of what are §4.9–4.11 deprecated?
I notice that in 2.1 spec the following are marked as deprecated on the file-level:
• 4.9 Artifact of Project name
• 4.10 Artifact of Project Homepage
• 4.11 Artifact of Projecr Uniform Resource Identifier
…and I wonder what was the new equivalent to get information of origin for a
file in the package. Is the assumption now that files of alien origin to the
analysed package must belong to a different package and that package should
have its own SPDX file, to which the first SPDX file should refer to?
[G.O.] The idea is that there would be a package definition. It could be in a separate SPDX document, or more likely, as a separate SPDX package definition within the same SPDX document. The originating package definition could have the FilesAnalyzed set to false which allows for a rather small number of required fields. The origin could then be indicated by a relationship between the file and the package.
Join firstname.lastname@example.org to automatically receive all group messages.