Re: In favour of what are §4.9–4.11 deprecated?

Gary O'Neall

Hi Matija,

-----Original Message-----
From: spdx@... <spdx@...> On Behalf Of Matija ?uklje
Sent: Wednesday, July 24, 2019 7:19 AM
To: spdx@...
Subject: [spdx] In favour of what are §4.9–4.11 deprecated?

Hi all,

I notice that in 2.1 spec the following are marked as deprecated on the file-level:

• 4.9 Artifact of Project name
• 4.10 Artifact of Project Homepage
• 4.11 Artifact of Projecr Uniform Resource Identifier

…and I wonder what was the new equivalent to get information of origin for a
file in the package. Is the assumption now that files of alien origin to the
analysed package must belong to a different package and that package should
have its own SPDX file, to which the first SPDX file should refer to?
[G.O.] The idea is that there would be a package definition. It could be in a separate SPDX document, or more likely, as a separate SPDX package definition within the same SPDX document. The originating package definition could have the FilesAnalyzed set to false which allows for a rather small number of required fields. The origin could then be indicated by a relationship between the file and the package.
[G.O.] Gary

Join to automatically receive all group messages.