Re: [spdx-tech] RFC: Creating a fairly complex SPDX document for an open source project (Julia)


Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay)
 

Hi all,

 

Great news: ISO SPDX standard is now publicly available at:

https://standards.iso.org/ittf/PubliclyAvailableStandards/

 

Best regards,

 

Marc-Etienne

 

From: Spdx-tech@... <Spdx-tech@...> On Behalf Of Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) via lists.spdx.org
Sent: Monday, September 13, 2021 12:04 PM
To: savery@...; Spdx-tech@...
Cc: Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) <marc-etienne.vargenau@...>
Subject: Re: [spdx-tech] RFC: Creating a fairly complex SPDX document for an open source project (Julia)

 

Hi Simon,

 

About the availability of the SPDX spec.

 

It is the other way round. Since SPDX was not developed by ISO itself, the ISO standard should be available for free on this website: https://standards.iso.org/ittf/PubliclyAvailableStandards/

 

But it might take some time before it is put there.

 

Best regards,

 

Marc-Etienne

 

From: Spdx-tech@... <Spdx-tech@...> On Behalf Of Simon Avery via lists.spdx.org
Sent: Thursday, September 9, 2021 10:17 PM
To: Spdx-tech@...
Subject: [spdx-tech] RFC: Creating a fairly complex SPDX document for an open source project (Julia)

 

Hello everyone.  First time poster here, so I hope this topic is considered appropriate.

 

My favorite open source project is Julia (https://julialang.org).  It's build process pulls in a lot of code from many other repositories.  I thought that the project would benefit from having an SPDX document describing all these packages, streamlining the review and approval process at organizations that want to use Julia.

 

I've put together a pull request that adds an SPDX document to the repository. At this point it contains only a few packages to demonstrate what it looks like and will be filled in over time. If anyone on this list would like to provide feedback that would be appreciated.

 

 

On a related question since I see that SPDX just became an ISO standard. Does that mean that version 2.2.1 (and 3.0) of the specification will not be available for free at spdx.dev?  Will the spdx-spec repository on Github remain available so that open source developers can access the current specification?  If all developers had to pay $200, that would be a significant barrier to adoption in the OSS world.

 

Thank you in advance for any feedback provided.

 

Simon Avery

Join spdx@lists.spdx.org to automatically receive all group messages.