Topics

New proposed field for project that a file came from

Kim Weins
 


I would like to propose a  new field in the file section.  The field would be used to identify the OSS component/package that a file originated from.  This is important since many packages will bundle other packages.  Knowing the license is important, but if you need to do any research on the file, knowing the component is even more important.

I am proposing this would be an Optional field.

5.6
OSS Project  
5.6.1 Purpose: Identify the name of the open source package or project where this file originated.
5.6.2 Intent: By providing the open source package, the reader can better identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "Project"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/Project
5.6.6 Data Format: Freeform text string
5.6.7 Example: Project: jUnit

Kim

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @OpenLogic

OpenLogic, Inc.
Headquarters, Broomfield, Colorado




kate.stewart@...
 

Thanks Kim,

    Will add it into the agenda to discuss tomorrow on the SPEC section.

    If anyone feels strongly about this field, and can't attend the call,  please send email to the list so we have your input.

Thanks, Kate


--- On Wed, 9/8/10, Kim Weins <kim.weins@...> wrote:

From: Kim Weins <kim.weins@...>
Subject: New proposed field for project that a file came from
To: spdx@...
Date: Wednesday, September 8, 2010, 6:18 PM


I would like to propose a  new field in the file section.  The field would be used to identify the OSS component/package that a file originated from.  This is important since many packages will bundle other packages.  Knowing the license is important, but if you need to do any research on the file, knowing the component is even more important.

I am proposing this would be an Optional field.

5.6
OSS Project  
5.6.1 Purpose: Identify the name of the open source package or project where this file originated.
5.6.2 Intent: By providing the open source package, the reader can better identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "Project"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/Project
5.6.6 Data Format: Freeform text string
5.6.7 Example: Project: jUnit

Kim

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @OpenLogic

OpenLogic, Inc.
Headquarters, Broomfield, Colorado





-----Inline Attachment Follows-----

_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

Gary O'Neall
 

I’ll be on the call, but I thought I would throw in my 2 cents in advance of the call.

 

I like and agree with the proposal.  I think it adds a lot of value to the spec.

 

One slight modification/addition.  Having just the name of the OSS package may not be sufficient to uniquely identify the package.  I would propose having a URL which references the OSS project homepage – or – a free text field with the OSS project name.  To make this easier to parse by non-humans, I would suggest having 2 optional fields:

 

5.6 OSS Project (ass proposed)

5.7 OSS Project URL

5.7.1 Purpose: Identify the project home page of the open source package or project where this file originated.
5.7.2 Intent: By providing the URL for the open source package, the reader can uniquely identify the source and use it to do further research if needed.
5.7.3 Cardinality: Optional, single instance
5.7.4 Tag: "ProjectURL"
5.7.5 RDF: /RDF/SPDXDoc/Describes/File/ProjectURL
5.7.6 Data Format: URL
5.7.7 Example: Project: http://www.junit.org

 

Gary

From: spdx-bounces@... [mailto:spdx-bounces@...] On Behalf Of kate.stewart@...
Sent: Wednesday, September 08, 2010 7:20 PM
To: spdx@...; Kim Weins
Subject: Re: New proposed field for project that a file came from

 

Thanks Kim,

    Will add it into the agenda to discuss tomorrow on the SPEC section.

    If anyone feels strongly about this field, and can't attend the call,  please send email to the list so we have your input.

Thanks, Kate

--- On Wed, 9/8/10, Kim Weins <kim.weins@...> wrote:


From: Kim Weins <kim.weins@...>
Subject: New proposed field for project that a file came from
To: spdx@...
Date: Wednesday, September 8, 2010, 6:18 PM


I would like to propose a  new field in the file section.  The field would be used to identify the OSS component/package that a file originated from.  This is important since many packages will bundle other packages.  Knowing the license is important, but if you need to do any research on the file, knowing the component is even more important.

I am proposing this would be an Optional field.

5.6
OSS Project  
5.6.1 Purpose: Identify the name of the open source package or project where this file originated.
5.6.2 Intent: By providing the open source package, the reader can better identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "Project"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/Project
5.6.6 Data Format: Freeform text string
5.6.7 Example: Project: jUnit

Kim

Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @OpenLogic

OpenLogic, Inc.
Headquarters, Broomfield, Colorado




-----Inline Attachment Follows-----

_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx

 

Peter Williams <peter.williams@...>
 

On 9/8/10 11:58 PM, Gary O'Neall wrote:
One slight modification/addition. Having just the name of the OSS
package may not be sufficient to uniquely identify the package. I would
propose having a URL which references the OSS project homepage – or – a
free text field with the OSS project name. To make this easier to parse
by non-humans, I would suggest having 2 optional fields:
Rather than having two optional fields, perhaps we should have one optional field whose value is a doap:Project[1]. the DOAP[2] project has produced a great model of project information and we can easily leverage the subset of it that is useful to SPDX.

This would allow tools to embed as much or as little project information into the SPDX file as desired. It would also allow the utilization of existing data sources when they exist and doing so is desirable to participants of the data exchange.

5.6 Origin
5.6.1 Purpose: Identify the project where this file originated.
5.6.2 Intent: By providing data regarding the project where this file originated the reader can better identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "origin"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/origin
5.6.6 Data Format: doap:Project
5.6.7 Example:
Origin: Project: name: JUnit
homepage: http://www.junit.org

Peter
<http://openlogic.com>

[1]: http://en.wikipedia.org/wiki/Description_of_a_Project
[2]: http://trac.usefulinc.com/doap


5.6 OSS Project (ass proposed)

5.7 OSS Project URL

5.7.1 Purpose: Identify the project home page of the open source package
or project where this file originated.
5.7.2 Intent: By providing the URL for the open source package, the
reader can uniquely identify the source and use it to do further
research if needed.
5.7.3 Cardinality: Optional, single instance
5.7.4 Tag: "ProjectURL"
5.7.5 RDF: /RDF/SPDXDoc/Describes/File/ProjectURL
5.7.6 Data Format: URL
5.7.7 Example: Project: http://www.junit.org

Gary

*From:* spdx-bounces@... [mailto:spdx-bounces@...]
*On Behalf Of *kate.stewart@...
*Sent:* Wednesday, September 08, 2010 7:20 PM
*To:* spdx@...; Kim Weins
*Subject:* Re: New proposed field for project that a file came from

Thanks Kim,

Will add it into the agenda to discuss tomorrow on the SPEC section.

If anyone feels strongly about this field, and can't attend the call,
please send email to the list so we have your input.

Thanks, Kate

--- On *Wed, 9/8/10, Kim Weins /<kim.weins@...>/* wrote:


From: Kim Weins <kim.weins@...>
Subject: New proposed field for project that a file came from
To: spdx@...
Date: Wednesday, September 8, 2010, 6:18 PM


I would like to propose a new field in the file section. The field would
be used to identify the OSS component/package that a file originated
from. This is important since many packages will bundle other packages.
Knowing the license is important, but if you need to do any research on
the file, knowing the component is even more important.

I am proposing this would be an Optional field.

5.6 OSS Project
5.6.1 Purpose: Identify the name of the open source package or project
where this file originated.
5.6.2 Intent: By providing the open source package, the reader can
better identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "Project"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/Project
5.6.6 Data Format: Freeform text string
5.6.7 Example: Project: jUnit

Kim

*Kim Weins* | Senior Vice President, Marketing
_kim.weins@...
_Follow me on Twitter @KimAtOpenLogic

650 279 0410 | cell
_www.openlogic.com
_Follow OpenLogic on Twitter @OpenLogic

OpenLogic, Inc.
Headquarters, Broomfield, Colorado




-----Inline Attachment Follows-----

_______________________________________________
Spdx mailing list
Spdx@... </mc/compose?to=Spdx@...>
https://fossbazaar.org/mailman/listinfo/spdx



_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx