Re: Import and export function of SPDX

William Boyle

So, you want Alcalu to have a private version of SPDX? Why not just support the mandatory elements? Is it so hard? Of is it just difficult in the corporate political scene? :-(

William Boyle
Senior Systems Engineer
Nokia Mobile Phones

On Tue, Jun 12, 2012 at 7:02 AM, RUFFIN, MICHEL (MICHEL) <michel.ruffin@...> wrote:
Dear all
As you probably noticed Alcatel-Lucent is trying to implement the SPDX standard.
We have an internal database on FOSS IP issues that has been created in 2002. and we are trying to implement an import/export function in SPDX standard.
We have an issue with 2 fields that do not exist in our database.: the name of the archive file and the checksum. In the SPDX standard they are mandatory and I do not see why would it be possibly to make them optional?
See bellow details
There are two fields that are mandatory in SPDX but have no equivalent in the
Alcatel-Lucent FOSS database.
These fields are:
4.3 Package File Name
4.3.1 Purpose: Provide the actual file name of the package. This may include the
packaging and compression methods used as part of the file name.
4.3.2 Intent: Here, the actual file name of the compressed file containing the
package is a significant technical element that needs to be included with each
package identification information.
4.3.3 Cardinality: Mandatory, one.
4.7 Package Verification Code
4.7.1 Purpose: This field provides an independently reproducible mechanism
identifying specific contents of a package based on the actual files (except the
SPDX file itself, if it is included in the package) that make up each package
and that correlates to the data in this SPDX file. This identifier enables a
recipient to determine if any file in the original package (that the analysis
was done on) has been changed and permits inclusion of an SPDX file as part of a
4.7.2 Intent: Providing a unique identifier based on the files inside each
package, eliminates confusion over which version or modification of a specific
package the SPDX file refers to. The SPDX file can be embedded within the
package without altering the identifier.
4.7.3 Cardinality: Mandatory, one.
Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

Spdx mailing list

Join to automatically receive all group messages.