Re: Import and export function of SPDX

Michael J. Herzog
+1 650 380 0680 | mjherzog_at_nexB.com
nexB [Open by Design] http://www.nexb.com

CONFIDENTIALITY NOTICE:  This e-mail (including attachments) may contain information that is proprietary or confidential. If you are not the intended recipient or a person responsible for its delivery to the intended recipient, do not copy or distribute it. Please permanently delete the e-mail and any attachments, and notify us immediately at (650) 380-0680.

Re: Import and export function of SPDX Gary O'Neall #622 I believe the current SPDX tools will treat both RDF and Tag/Value in the same manner - the documents will be readable by the tools but it will fail a validation (missing required field). For the command line tools, the conversions or pretty printing will still work but you will get warning. In terms of making the fields optional - I can see this as a valuable change for some of the use cases where that information is not available. There is need to make sure the components described in the SPDX file match the actual file artifacts, but that need can be filled by the per-file information. Michel - Which use case best describes your use of SPDX (http://spdx.org/wiki/spdx-20-use-cases). If there isn't a good representation of your use case(s), could you provide a brief description? I want to make sure we cover this when working on SPDX 2.0. Thanks, Gary toggle quoted message Show quoted text -----Original Message----- From: spdx-tech-bounces@... [mailto:spdx-tech-bounces@...] On Behalf Of Peter Williams Sent: Tuesday, June 12, 2012 9:27 AM To: RUFFIN, MICHEL (MICHEL) Cc: spdx-tech@...; spdx@... Subject: Re: Import and export function of SPDX On Tue Jun 12 06:02:03 2012, RUFFIN, MICHEL (MICHEL) wrote: We have an issue with 2 fields that do not exist in our database.: the name of the archive file and the checksum. In the SPDX standard they are mandatory and I do not see why would it be possibly to make them optional? I think making those fields optional would be advantageous. Would you mind filing a bug[1] so that we don't forget to look into the issue for the next version. As for your immediate issues of not having data for those fields, if you are using RDF i'd just skip them altogether in the SPDX file. While your file will technically be invalid all reasonable SPDX consumers will not have a problem with that information being absent unless they need it to accomplish their goal. (In which case they cannot use your SPDX files, anyway.) If you are using the tag-value format skipping the fields altogether will, i think, prove problematic due to that format's stricter syntactic constraints. (Kate or Gary, can you confirm this?) [1]: https://bugs.linuxfoundation.org/enter_bug.cgi?product=SPDX&component=Spec Peter PS: I am cc-ing the technical working group because it's participants are best suited to answer these sorts of issues. _______________________________________________ Spdx-tech mailing list Spdx-tech@... https://lists.spdx.org/mailman/listinfo/spdx-tech
More All Messages By This Member
Re: Import and export function of SPDX Peter Williams <peter.williams@...> #621 On Tue Jun 12 06:02:03 2012, RUFFIN, MICHEL (MICHEL) wrote: We have an issue with 2 fields that do not exist in our database.: the name of the archive file and the checksum. In the SPDX standard they are mandatory and I do not see why would it be possibly to make them optional? I think making those fields optional would be advantageous. Would you mind filing a bug[1] so that we don't forget to look into the issue for the next version. As for your immediate issues of not having data for those fields, if you are using RDF i'd just skip them altogether in the SPDX file. While your file will technically be invalid all reasonable SPDX consumers will not have a problem with that information being absent unless they need it to accomplish their goal. (In which case they cannot use your SPDX files, anyway.) If you are using the tag-value format skipping the fields altogether will, i think, prove problematic due to that format's stricter syntactic constraints. (Kate or Gary, can you confirm this?) [1]: https://bugs.linuxfoundation.org/enter_bug.cgi?product=SPDX&component=Spec Peter PS: I am cc-ing the technical working group because it's participants are best suited to answer these sorts of issues.
More
Import and export function of SPDX RUFFIN MICHEL #620 Dear all As you probably noticed Alcatel-Lucent is trying to implement the SPDX standard. We have an internal database on FOSS IP issues that has been created in 2002. and we are trying to implement an import/export function in SPDX standard. We have an issue with 2 fields that do not exist in our database.: the name of the archive file and the checksum. In the SPDX standard they are mandatory and I do not see why would it be possibly to make them optional? See bellow details Michel There are two fields that are mandatory in SPDX but have no equivalent in the Alcatel-Lucent FOSS database. These fields are: 4.3 Package File Name 4.3.1 Purpose: Provide the actual file name of the package. This may include the packaging and compression methods used as part of the file name. 4.3.2 Intent: Here, the actual file name of the compressed file containing the package is a significant technical element that needs to be included with each package identification information. 4.3.3 Cardinality: Mandatory, one. 4.7 Package Verification Code 4.7.1 Purpose: This field provides an independently reproducible mechanism identifying specific contents of a package based on the actual files (except the SPDX file itself, if it is included in the package) that make up each package and that correlates to the data in this SPDX file. This identifier enables a recipient to determine if any file in the original package (that the analysis was done on) has been changed and permits inclusion of an SPDX file as part of a package. 4.7.2 Intent: Providing a unique identifier based on the files inside each package, eliminates confusion over which version or modification of a specific package the SPDX file refers to. The SPDX file can be embedded within the package without altering the identifier. 4.7.3 Cardinality: Mandatory, one. Michel.Ruffin@..., PhD Software Coordination Manager, Bell Labs, Corporate CTO Dpt Distinguished Member of Technical Staff Tel +33 (0) 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux Route De Villejust, 91620 Nozay, France
More All Messages By This Member
Re: Problem with PackageSourceInfo Gary O'Neall #619 Hi Marc-Etienne, Thanks for catching these. The property name is rdfs:comment for Review. I went ahead and submitted bug 1046 to fix the spec. For 1.1, there is also a web page with the rdf terms at http://spdx.org/system/files/terms.html I went through looking for inconsistencies between the terms and the spec, but missed this one. Gary toggle quoted message Show quoted text -----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Marc-Etienne Vargenau Sent: Monday, June 11, 2012 6:21 AM To: VARGENAU, MARC-ETIENNE (MARC-ETIENNE) Cc: spdx@... Subject: Re: Problem with PackageSourceInfo Le 11/06/2012 15:16, VARGENAU, MARC-ETIENNE (MARC-ETIENNE) a écrit : Hello, In the SPDX 1.0 and spdx-1.1-rc20120403.pdf I read: 7.3.6 RDF: property spdx:comment in class spdx:Review Example: <Review> <rdfs:comment> All of the licenses seen in the file, are matching what was seen during manual inspection. There are some terms that can influence the concluded license, and some alternatives may be possible, but the conluded license is one of the options. </rdfs:comment> </Review> What is correct: "spdx:comment" or "<rdfs:comment>"? Best regards, Marc-Etienne Sorry, the Subject of the message should read "Problem with Review Comments" -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@... _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx
More All Messages By This Member
Re: Problem with PackageSourceInfo Marc-Etienne Vargenau #618 Le 11/06/2012 15:16, VARGENAU, MARC-ETIENNE (MARC-ETIENNE) a écrit : Hello, In the SPDX 1.0 and spdx-1.1-rc20120403.pdf I read: 7.3.6 RDF: property spdx:comment in class spdx:Review Example: <Review> <rdfs:comment> All of the licenses seen in the file, are matching what was seen during manual inspection. There are some terms that can influence the concluded license, and some alternatives may be possible, but the conluded license is one of the options. </rdfs:comment> </Review> What is correct: "spdx:comment" or "<rdfs:comment>"? Best regards, Marc-Etienne Sorry, the Subject of the message should read "Problem with Review Comments" -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
More All Messages By This Member
Problem with PackageSourceInfo Marc-Etienne Vargenau #617 Hello, In the SPDX 1.0 and spdx-1.1-rc20120403.pdf I read: 7.3.6 RDF: property spdx:comment in class spdx:Review Example: <Review> <rdfs:comment> All of the licenses seen in the file, are matching what was seen during manual inspection. There are some terms that can influence the concluded license, and some alternatives may be possible, but the conluded license is one of the options. </rdfs:comment> </Review> What is correct: "spdx:comment" or "<rdfs:comment>"? Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
More All Messages By This Member
Problem with PackageSourceInfo Marc-Etienne Vargenau #616 Hello, In the SPDX 1.0 and spdx-1.1-rc20120403.pdf I read: 4.9.4 Data Format: free form text that can span multiple lines. In tag format this is delimited by <text> .. </text>. 4.9.5 Tag: “PackageSourceInfo:” Example: PackageSourceInfo: uses glibc-2_11-branch from git://sourceware.org/git/glibc.git. What is wrong: the Data Format or the Example? Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
More All Messages By This Member
Re: Comments in SPDX files Marc-Etienne Vargenau #615 Le 06/06/2012 01:50, kate.stewart@... a écrit : Hello Marc-Etienne, Good catch. Looks like you've got two bugs there, one against the translation tool, and one against the spec. Please file the bugs from https://bugs.linuxfoundation.org, For translation tool: Product: SPDX, Component: Pretty Printer, Version: 1.1. For SPEC: Product: SPDX, Component: SPEC, Version 1.1 Hello Kate, It's done. Bugs 1040 and 1041. Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
More All Messages By This Member
Re: Comments in SPDX files kate.stewart@... #614 Hello Marc-Etienne, Good catch. Looks like you've got two bugs there, one against the translation tool, and one against the spec. Please file the bugs from https://bugs.linuxfoundation.org, For translation tool: Product: SPDX, Component: Pretty Printer, Version: 1.1. For SPEC: Product: SPDX, Component: SPEC, Version 1.1 Thanks! :) Kate toggle quoted message Show quoted text --- On Tue, 6/5/12, Marc-Etienne Vargenau <Marc-Etienne.Vargenau@...> wrote: From: Marc-Etienne Vargenau <Marc-Etienne.Vargenau@...> Subject: Comments in SPDX files To: "spdx@..." <spdx@...> Date: Tuesday, June 5, 2012, 2:43 AM Hello, I have questions regarding the syntax of comments in an SPDX file in tag format. From the examples, it seems that ## starts a comment. For example: ## Creation Information But I do not see where this is documented in the SPDX spec. When I use the TagToRdf tool on my files, I get: line 39:78: expecting '#', found '3' This line contains an URL: http://example.com/foo#bar Should I file a bug report? Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@... _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx
More All Messages By This Member
Comments in SPDX files Marc-Etienne Vargenau #613 Hello, I have questions regarding the syntax of comments in an SPDX file in tag format. From the examples, it seems that ## starts a comment. For example: ## Creation Information But I do not see where this is documented in the SPDX spec. When I use the TagToRdf tool on my files, I get: line 39:78: expecting '#', found '3' This line contains an URL: http://example.com/foo#bar Should I file a bug report? Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
More All Messages By This Member
FW: May 31 General Meeting Minutes - IMPORTANT Philip Odence #612 Arrgggh. Sorry for the volume. In my earlier note, I provided the wrong link for the Biz Team work looking to be reviewed. Use this one: http://spdx.org/wiki/spdx-vision-mission From: Michael Herzog <mjherzog@...> Organization: nexB Inc Reply-To: Michael Herzog <mjherzog@...> Date: Thu, 31 May 2012 09:28:02 -0700 To: Phil Odence <podence@...> Cc: "Manbeck, Jack" <j-manbeck2@...>, "Lamons, Scott" <scott.lamons@...>, Pierre Lapointe <plapointe@...> Subject: Re: May 31 General Meeting Minutes - IMPORTANT Phil, The latest version of the Vision-Mission discussion is a wiki-page at http://spdx.org/wiki/spdx-vision-mission, not the PDF file which has a lot of other topics from my original slides. The current Vision-Mission wiki-page includes the latest edits from the Business Team and focuses on the charter/vision/mission points without digging into the next level of points about product management roles and the organization in general. We probably need to work the discussion from the top down - agree on the Vision/Mission and whether our charter is to keep developing the spec or whether we expand to developing more software. cheers, Michael Michael J. Herzog +1 650 380 0680 \| mjherzog_at_nexB.com nexB [Open by Design] http://www.nexb.com CONFIDENTIALITY NOTICE: This e-mail (including attachments) may contain information that is proprietary or confidential. If you are not the intended recipient or a person responsible for its delivery to the intended recipient, do not copy or distribute it. Please permanently delete the e-mail and any attachments, and notify us immediately at (650) 380-0680. On 5/31/2012 9:13 AM, Philip Odence wrote: toggle quoted message Show quoted text Please take the time to review Legal Team description and License List description as well as Mission/Vision work from Business Team. Attendance: 10 May 17 minutes approved Legal Team Report - Jilayne Finalizing work defining the team's mission purpose of License List that were published two weeks ago. Please comment now or hold your peace. Latest draft: Legal Work Group description: "The SPDX Legal Team supports and provides recommendations to the SPDX working groups regarding licensing issues for the specification itself; maintains the SPDX License List; and promotes the SPDX specification to the legal community at-large." SPDX License List description: "The SPDX License List is a list of commonly found open source software licenses for the purposes of being able to easily and efficiently identify such licenses in an SPDX document. The SPDX License List includes a standardized short identifier, full name for each license, vetted license text, other basic information, and a canonical permanent URL. By providing a short identifier, users can efficiently refer to a license without having to redundantly reproduce the full license." Have been providing input to 1.1 spec to incorporate latest thinking on License List and to ensure consistent vocabulary. Working to make sure new website content is up to date. Turning attention back to matching guidelines. Aiming to reach closure with 1.1 release (about a month) Business Team Report - Scott/Jack Business Team is eager for feedback from other team's on Mission/Vision. Looking to come to closure in the next few weeks. Expectation is that this will help with prioritization of use cases for the 2.0 effort. Latest version (embedded in a set of slides): http://www.spdx.org/system/files/spdx_mission_review_may_2012_v2.pdf Also, pulling together a description of Business Team's function. Scott has drafted and will be working on this in the next Business Team meeting. Technical Team Report - Kate 2.0 work A little over half the use cases have been fleshed out. Others are considering in a "graveyard" unless more work gets done on them. http://www.spdx.org/wiki/spdx-20-use-cases 1.1 work Hoping to bring to closure in the next few weeks. Near final draft to be posted next week, then open for two weeks of comment. Cross Functional Issues – Phil Website Update - Pierre The effort has been rejuvinated. Content is moving to the new staging area. Web team is ready to flip the switch when content is set. No date set. Pierre is confirming that Steve is prepared to move wholesale sections (past meeting minutes, License List, etc.) LinuxCon Papers Scott submitting 1.1 update proposal Gary has submitted a proposal for talking about the OSS tools Attendees Phil Odence, Black Duck Software Pierre LaPonte, nexB Kate Stewart, Canonical Michael Herzog, nexB Scott Lamons, HP Jack Manbeck, TI Jilayne Lovejoy, OpenLogic Chuck Gaudreau, Protecode Gary O'Neall, SourceAuditor Mark Gisi, WindRiver _______________________________________________ Spdx mailing list Spdx@...https://lists.spdx.org/mailman/listinfo/spdx
More All Messages By This Member
May 31 General Meeting Minutes - IMPORTANT Philip Odence #611 Please take the time to review Legal Team description and License List description as well as Mission/Vision work from Business Team. Attendance: 10 May 17 minutes approved Legal Team Report - Jilayne Finalizing work defining the team's mission purpose of License List that were published two weeks ago. Please comment now or hold your peace. Latest draft: Legal Work Group description: "The SPDX Legal Team supports and provides recommendations to the SPDX working groups regarding licensing issues for the specification itself; maintains the SPDX License List; and promotes the SPDX specification to the legal community at-large." SPDX License List description: "The SPDX License List is a list of commonly found open source software licenses for the purposes of being able to easily and efficiently identify such licenses in an SPDX document. The SPDX License List includes a standardized short identifier, full name for each license, vetted license text, other basic information, and a canonical permanent URL. By providing a short identifier, users can efficiently refer to a license without having to redundantly reproduce the full license." Have been providing input to 1.1 spec to incorporate latest thinking on License List and to ensure consistent vocabulary. Working to make sure new website content is up to date. Turning attention back to matching guidelines. Aiming to reach closure with 1.1 release (about a month) Business Team Report - Scott/Jack Business Team is eager for feedback from other team's on Mission/Vision. Looking to come to closure in the next few weeks. Expectation is that this will help with prioritization of use cases for the 2.0 effort. Latest version (embedded in a set of slides): http://www.spdx.org/system/files/spdx_mission_review_may_2012_v2.pdf Also, pulling together a description of Business Team's function. Scott has drafted and will be working on this in the next Business Team meeting. Technical Team Report - Kate 2.0 work A little over half the use cases have been fleshed out. Others are considering in a "graveyard" unless more work gets done on them. http://www.spdx.org/wiki/spdx-20-use-cases 1.1 work Hoping to bring to closure in the next few weeks. Near final draft to be posted next week, then open for two weeks of comment. Cross Functional Issues – Phil Website Update - Pierre The effort has been rejuvinated. Content is moving to the new staging area. Web team is ready to flip the switch when content is set. No date set. Pierre is confirming that Steve is prepared to move wholesale sections (past meeting minutes, License List, etc.) LinuxCon Papers Scott submitting 1.1 update proposal Gary has submitted a proposal for talking about the OSS tools Attendees Phil Odence, Black Duck Software Pierre LaPonte, nexB Kate Stewart, Canonical Michael Herzog, nexB Scott Lamons, HP Jack Manbeck, TI Jilayne Lovejoy, OpenLogic Chuck Gaudreau, Protecode Gary O'Neall, SourceAuditor Mark Gisi, WindRiver
More All Messages By This Member
Improvements in the SPDX examples Marc-Etienne Vargenau #610 Hello, I suggest the following improvements in the SPDX examples. They could be included in the final 1.1 spec. In 4.1.6 replace <name>glibc 2.11.1</name> with <name>glibc</name> In 4.3.6 replace <packageFileName>glibc 2.11.1</packageFileName> with <packageFileName>glibc-2.11.1.tar.gz</packageFileName> This would be more realistic and align the Tag and RDF examples. Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
More All Messages By This Member
Minutes from last SPDX General Meeting Philip Odence #609 All, I neglected to include the minutes from the last meeting in my reminder email. First order of business is to approve. http://www.spdx.org/wiki/20120517-general-meeting-minutes Phil
More All Messages By This Member
Today's SPDX general Meeting Philip Odence #607 Excuse the late notice. I am traveling. Normal time/ normal agenda today. Sent from my iPhone
More All Messages By This Member
Today's SPDX general Meeting Phil Odence <podence@...> #608 Excuse the late notice. I am traveling. Normal time/ normal agenda today.
More
Re: Questions on SPDX 1.0 Gary O'Neall #606 Thanks Marc - I corrected the tools page per your message below. In terms of case sensitive - I don't recall any discussion on this relative to the entire file. I know that some of the specific fields (such as verification code) specify case sensitivity, but only for that field. Gary toggle quoted message Show quoted text -----Original Message----- From: Marc-Etienne Vargenau [mailto:Marc-Etienne.Vargenau@...] Sent: Wednesday, May 30, 2012 6:04 AM To: Gary O'Neall Cc: spdx@... Subject: Re: Questions on SPDX 1.0 Le 29/05/2012 18:44, Gary O'Neall a écrit : Hi Marc-Etienne, Responses inline below Gary Hello Gary, Thank you for your quick answer. Responses inline also. 1) Is there a tool that check the syntactic validity of a file? [Gary] The SPDX Viewer tool found at spdx.org/tools will do some validation on a file 2) Is there a tool that converts one format to the other? [Gary] There are conversion tools on the same website. These are Java based command line tools. Let me know if you have any questions/problems with the tools. I had overlooked this page. In page http://spdx.org/tools I would replace "Rdf to XMLversion 0.9.6" by "Rdf to HTMLversion 0.9.6" 4) In the FAQ, licence examples are given as: GPL-2.0 OR MIT Apache-2.0 AND MIT AND GPL-2.0 From the spec, I consider it should be: (GPL-2.0 or MIT) (Apache-2.0 and MIT and GPL-2.0) Parentheses are missing? "and" and "or" should be lower case? [Gary] Great catch - I updated the FAQ's page to match the spec Is an SPDX file case-sensitive or not? Is this explained somewhere? Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
More All Messages By This Member
Re: Questions on SPDX 1.0 Marc-Etienne Vargenau #605 Le 29/05/2012 18:44, Gary O'Neall a écrit : Hi Marc-Etienne, Responses inline below Gary Hello Gary, Thank you for your quick answer. Responses inline also. 1) Is there a tool that check the syntactic validity of a file? [Gary] The SPDX Viewer tool found at spdx.org/tools will do some validation on a file 2) Is there a tool that converts one format to the other? [Gary] There are conversion tools on the same website. These are Java based command line tools. Let me know if you have any questions/problems with the tools. I had overlooked this page. In page http://spdx.org/tools I would replace "Rdf to XMLversion 0.9.6" by "Rdf to HTMLversion 0.9.6" 4) In the FAQ, licence examples are given as: GPL-2.0 OR MIT Apache-2.0 AND MIT AND GPL-2.0 From the spec, I consider it should be: (GPL-2.0 or MIT) (Apache-2.0 and MIT and GPL-2.0) Parentheses are missing? "and" and "or" should be lower case? [Gary] Great catch - I updated the FAQ's page to match the spec Is an SPDX file case-sensitive or not? Is this explained somewhere? Best regards, Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
More All Messages By This Member
Re: Questions on SPDX 1.0 Gary O'Neall #604 Hi Marc-Etienne, Responses inline below Gary toggle quoted message Show quoted text -----Original Message----- From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of Marc-Etienne Vargenau Sent: Tuesday, May 29, 2012 2:32 AM To: spdx@... Subject: Questions on SPDX 1.0 Hello, I am trying to understand the SPDX 1.0 spec so that I can export our FOSS database in SPDX format. I have the following questions: The are two formats, one in text and one in XML/RDF. 1) Is there a tool that check the syntactic validity of a file? [Gary] The SPDX Viewer tool found at spdx.org/tools will do some validation on a file 2) Is there a tool that converts one format to the other? [Gary] There are conversion tools on the same website. These are Java based command line tools. Let me know if you have any questions/problems with the tools. 3) In the FAQ: http://spdx.org/wiki/spdx-faqs the sentence: "You may choose to use software tools that can scan software and validate the accuracy of the SPDX file." appears twice. Why? [Gary] This looks like an error - I updated the page to remove the second line 4) In the FAQ, licence examples are given as: GPL-2.0 OR MIT Apache-2.0 AND MIT AND GPL-2.0 From the spec, I consider it should be: (GPL-2.0 or MIT) (Apache-2.0 and MIT and GPL-2.0) Parentheses are missing? "and" and "or" should be lower case? [Gary] Great catch - I updated the FAQ's page to match the spec Thank you for your help. Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@... _______________________________________________ Spdx mailing list Spdx@... https://lists.spdx.org/mailman/listinfo/spdx
More All Messages By This Member
Questions on SPDX 1.0 Marc-Etienne Vargenau #603 Hello, I am trying to understand the SPDX 1.0 spec so that I can export our FOSS database in SPDX format. I have the following questions: The are two formats, one in text and one in XML/RDF. 1) Is there a tool that check the syntactic validity of a file? 2) Is there a tool that converts one format to the other? 3) In the FAQ: http://spdx.org/wiki/spdx-faqs the sentence: "You may choose to use software tools that can scan software and validate the accuracy of the SPDX file." appears twice. Why? 4) In the FAQ, licence examples are given as: GPL-2.0 OR MIT Apache-2.0 AND MIT AND GPL-2.0 From the spec, I consider it should be: (GPL-2.0 or MIT) (Apache-2.0 and MIT and GPL-2.0) Parentheses are missing? "and" and "or" should be lower case? Thank you for your help. Marc-Etienne -- Marc-Etienne Vargenau Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE +33 (0)1 30 77 28 33, Marc-Etienne.Vargenau@...
More All Messages By This Member