Re: New proposed field for project that a file came from

Home Messages Hashtags Subgroups

Re: New proposed field for project that a file came from

Gary O'Neall

#70

I’ll be on the call, but I thought I would throw in my 2 cents in advance of the call.

I like and agree with the proposal. I think it adds a lot of value to the spec.

One slight modification/addition. Having just the name of the OSS package may not be sufficient to uniquely identify the package. I would propose having a URL which references the OSS project homepage – or – a free text field with the OSS project name. To make this easier to parse by non-humans, I would suggest having 2 optional fields:

5.6 OSS Project (ass proposed)

5.7 OSS Project URL

5.7.1 Purpose: Identify the project home page of the open source package or project where this file originated.
5.7.2 Intent: By providing the URL for the open source package, the reader can uniquely identify the source and use it to do further research if needed.
5.7.3 Cardinality: Optional, single instance
5.7.4 Tag: "ProjectURL"
5.7.5 RDF: /RDF/SPDXDoc/Describes/File/ProjectURL
5.7.6 Data Format: URL
5.7.7 Example: Project: http://www.junit.org

Gary

Show quoted text

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@...
Sent: Wednesday, September 08, 2010 7:20 PM
To: spdx@...; Kim Weins
Subject: Re: New proposed field for project that a file came from

Thanks Kim,

Will add it into the agenda to discuss tomorrow on the SPEC section.

If anyone feels strongly about this field, and can't attend the call, please send email to the list so we have your input.

Thanks, Kate

--- On Wed, 9/8/10, Kim Weins <kim.weins@...> wrote:

From: Kim Weins <kim.weins@...>
Subject: New proposed field for project that a file came from
To: spdx@...
Date: Wednesday, September 8, 2010, 6:18 PM

I would like to propose a new field in the file section. The field would be used to identify the OSS component/package that a file originated from. This is important since many packages will bundle other packages. Knowing the license is important, but if you need to do any research on the file, knowing the component is even more important.

I am proposing this would be an Optional field.

5.6 OSS Project
5.6.1 Purpose: Identify the name of the open source package or project where this file originated.
5.6.2 Intent: By providing the open source package, the reader can better identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "Project"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/Project
5.6.6 Data Format: Freeform text string
5.6.7 Example: Project: jUnit

Kim

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @OpenLogic

OpenLogic, Inc.
Headquarters, Broomfield, Colorado

-----Inline Attachment Follows-----

_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

View All 4 Messages In Topic

Join spdx@lists.spdx.org to automatically receive all group messages.