Hey Can i know which languages are used in backend of spdx?

#spdx

Sure. Were just now starting the process of applying to Google for their Summer of Code 2019. If we do get awarded slots there is a specific process you must follow. I suggest you get signed up with t

#spdx

I would like to contribute to the open source community ..I have majorly worked on backend on 2 college sponsored projects and working currently on a project by Government Organization. I have fair kn

#spdx

Hi Varshak, Welcome! Glad you're interested in participating in our community. I am copying the spdx-tech mail list where we discuss the GSoC efforts. Ideas we've come up with so far are listed on: ht

#spdx

Hello! My name is Belen Guaranda. I am an undergraduate Computer Science student from Ecuador, in my last semester of studies. I am interested in working on the project "Develop a Distributed License

#spdx #gsoc

Hi Belen, Welcome to SPDX, We are glad you find our project idea interesting. Join the developers community on gitter at https://gitter.im/spdx-org/Lobby to discuss your ideas and questions. Best rega

#spdx #gsoc

In addition to Java, we have quite a few tools written in Python. We just added libraries written in go. Gary

#spdx

Hi, Have just finished setting up a #spdx IRC channel on freenode, to be used for ongoing SPDX project communication and collaboration. Was just going to send this to the tech list, but realized its m

#spdx

Hi Sandeep, There is a pull request expected shortly from the Usage profile team, to add this specific field to 2.3. When it comes in, please feel free to review and make sure it's going to suffice fo

#spdx

Hi All, We have requirement to specify End Of Life as part of package information in SBoM , Is there way current SPDX format support this ? Regards Sandeep

#spdx

Kate and Sandeep, Our customers are also interested in this information. There are two concepts to consider: Commercial Status: <enumeration value="Available"></enumeration> <enumeration value="Retire

#spdx

Armijn raises a valid concern. We’ve avoided dynamic information in the past, but even with version 1.0 you could argue the “Concluded License” could change over time if new information is available a

#spdx

Armijn said: > Current information inside SPDX documents is largely static […] > This would make SPDX a lot more cumbersome, as not only do the documents need to be generated, but they also need to be

#spdx

Steve, Regarding: “I have no opinion on end-of-life either way, but wouldn’t the same argument apply to security vulnerabilities?” Yes, if a software vendor chooses to list each known vulnerability wi

#spdx

Sort of. Security information is even more likely to change after release, EOL for open source components supported by the community may, but much less frequently. Thinking so far, is that this would

#spdx

NTIA Framing document has the mapping you seek: see page 13 https://www.ntia.gov/files/ntia/publications/ntia_sbom_framing_2nd_edition_20211021.pdf However the “EO 14028 NTIA min element list is a lit

#spdx

You’re welcome. You will most likely need SPDX V2.3 if you have any “FILE” components that need to specify version info. The new PackagePurpose field supports the version info for “FILE” artifacts. Th

#spdx

Thanks you Dick, This is useful

#spdx

Hi Sandeep – Moving the conversation over to the SPDX-tech mailing list. Unfortunately, adding in a CPE ID or pURL would include characters disallowed in the SPDX ID. Fortunately, there is a way to ex

#spdx

Hi , Is there any document reference which can be used to see mapping between SPDX tags and NTIA Minimum elements ? Some element names can be easily confused , something like "Author of SBOM Data" in

#spdx