SPDX Technical team invites your participation!
Just a quick blast to the larger SPDX mailing list to update you on the goings-on of the Technical team and invite your participation.
For a while now SPDX 1.1 has been out in the field, and over the past 6 months or more the Tech team has been studying the areas of improvement to target for an SPDX 2.0 specification.
There have also been contributions to the set of tools around SPDX, which will be presented at the Linux Collaboration Summit next month.
Regarding SPDX 2.0 we received tremendous industry and open source community input in the form of Use Cases and conceptual model proposals. A big thanks to all who contributed their time and ideas to that exercise!
Those Use Cases have given us a valuable point of reference for the areas where the SPDX 1.1 model could be expanded to support greater adoption.
More recently we are transitioning from conceptual modeling discussions / proposals into concrete proposals and we would welcome your involvement.
An example of some proposals under consideration for 2.0:
- exactly how a 'later' SPDX document references earlier SPDX documents to reuse/add/subtract/amend data
- how to indicate Usage of individual files (as this may relate to obligations...)
- how to indicate that a binary was derived from sources (and therefore license discoveries/assertions about the source may apply to the binary)
- how to indicate that a snippet within a file is derived from another file and what licensing info applies to the snippet
If you would like to help steer the technical proposals and decisions, please feel free to chime in on the spdx-tech@... mailing list and join our weekly concalls Tuesdays 2pm Eastern time.
See http://spdx.org/content/participation-guidelines-sign-0 for details
Senior Director, KnowledgeBase
Black Duck Software, Inc.
8 New England Executive Park
Burlington, MA 01803