|
I would like to propose a new field in the file section. The field would be used to identify the OSS component/package that a file originated from. This is important since many packages will bundle other packages. Knowing the license is important, but if you need to do any research on the file, knowing the component is even more important.
I am proposing this would be an Optional field.
5.6 OSS Project
5.6.1 Purpose: Identify the name of the open source package or project where this file originated.
5.6.2 Intent: By providing the open source package, the reader can better identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "Project"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/Project
5.6.6 Data Format: Freeform text string
5.6.7 Example: Project: jUnit
Kim
Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic
650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @OpenLogic
OpenLogic, Inc.
Headquarters, Broomfield, Colorado
|
|
|
Thanks Kim,
Will add it into the agenda to discuss tomorrow on the SPEC section.
If anyone feels strongly about this field, and can't attend the call, please send email to the list so we have your input.
Thanks, Kate
|
--- On Wed, 9/8/10, Kim Weins <kim.weins@...> wrote:
From: Kim Weins <kim.weins@...>
Subject: New proposed field for project that a file came from
To: spdx@...
Date: Wednesday, September 8, 2010, 6:18 PM
I would like to propose a new field in the file section. The field would be used to identify the OSS component/package that a file originated from. This is important since many packages will bundle other packages. Knowing the license is important, but if you need to do any research on the file, knowing the component is even more important.
I am proposing this would be an Optional field.
5.6 OSS Project
5.6.1 Purpose: Identify the name of the open source package or project where this file originated.
5.6.2 Intent: By providing the open source package, the reader can better identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "Project"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/Project
5.6.6 Data Format: Freeform text string
5.6.7 Example: Project: jUnit
Kim
Kim Weins | Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic
650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @OpenLogic
OpenLogic, Inc.
Headquarters, Broomfield, Colorado
-----Inline Attachment Follows-----
|
|
|
I’ll be on the call, but I thought I would throw in my 2
cents in advance of the call.
I like and agree with the proposal. I think it adds a lot
of value to the spec.
One slight modification/addition. Having just the name of
the OSS package may not be sufficient to uniquely identify the package. I
would propose having a URL which references the OSS project homepage – or
– a free text field with the OSS project name. To make this easier
to parse by non-humans, I would suggest having 2 optional fields:
5.6 OSS Project (ass proposed)
5.7 OSS Project URL
5.7.1 Purpose: Identify the project home page of the open source
package or project where this file originated.
5.7.2 Intent: By providing the URL for the open source package, the reader can uniquely
identify the source and use it to do further research if needed.
5.7.3 Cardinality: Optional, single instance
5.7.4 Tag: "ProjectURL"
5.7.5 RDF: /RDF/SPDXDoc/Describes/File/ProjectURL
5.7.6 Data Format: URL
5.7.7 Example: Project: http://www.junit.org
Gary
toggle quoted message
Show quoted text
From: spdx-bounces@...
[mailto:spdx-bounces@...] On Behalf Of kate.stewart@...
Sent: Wednesday, September 08, 2010 7:20 PM
To: spdx@...; Kim Weins
Subject: Re: New proposed field for project that a file came from
|
Thanks Kim,
Will add it into the agenda to discuss tomorrow on the
SPEC section.
If anyone feels strongly about this field, and can't
attend the call, please send email to the list so we have your input.
Thanks, Kate
--- On Wed, 9/8/10, Kim Weins <kim.weins@...>
wrote:
From: Kim Weins <kim.weins@...>
Subject: New proposed field for project that a file came from
To: spdx@...
Date: Wednesday, September 8, 2010, 6:18 PM
I would like to propose a new field in the file section. The
field would be used to identify the OSS component/package that a file
originated from. This is important since many packages will bundle
other packages. Knowing the license is important, but if you need to do
any research on the file, knowing the component is even more important.
I am proposing this would be an Optional field.
5.6 OSS Project
5.6.1 Purpose: Identify the name of the open source package or project where
this file originated.
5.6.2 Intent: By providing the open source package, the reader can better
identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "Project"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/Project
5.6.6 Data Format: Freeform text string
5.6.7 Example: Project: jUnit
Kim
Kim
Weins
| Senior Vice President, Marketing
kim.weins@...
Follow me on Twitter @KimAtOpenLogic
650 279 0410 | cell
www.openlogic.com
Follow OpenLogic on Twitter @OpenLogic
OpenLogic, Inc.
Headquarters, Broomfield, Colorado
-----Inline Attachment Follows-----
|
|
|
|
Peter Williams <peter.williams@...>
On 9/8/10 11:58 PM, Gary O'Neall wrote: One slight modification/addition. Having just the name of the OSS
package may not be sufficient to uniquely identify the package. I would
propose having a URL which references the OSS project homepage – or – a
free text field with the OSS project name. To make this easier to parse
by non-humans, I would suggest having 2 optional fields: Rather than having two optional fields, perhaps we should have one optional field whose value is a doap:Project[1]. the DOAP[2] project has produced a great model of project information and we can easily leverage the subset of it that is useful to SPDX. This would allow tools to embed as much or as little project information into the SPDX file as desired. It would also allow the utilization of existing data sources when they exist and doing so is desirable to participants of the data exchange. 5.6 Origin 5.6.1 Purpose: Identify the project where this file originated. 5.6.2 Intent: By providing data regarding the project where this file originated the reader can better identify the source and use it to do further research if needed. 5.6.3 Cardinality: Optional, single instance 5.6.4 Tag: "origin" 5.6.5 RDF: /RDF/SPDXDoc/Describes/File/origin 5.6.6 Data Format: doap:Project 5.6.7 Example: Origin: Project: name: JUnit homepage: http://www.junit.orgPeter < http://openlogic.com> [1]: http://en.wikipedia.org/wiki/Description_of_a_Project[2]: http://trac.usefulinc.com/doap
5.6 OSS Project (ass proposed)
5.7 OSS Project URL
5.7.1 Purpose: Identify the project home page of the open source package
or project where this file originated.
5.7.2 Intent: By providing the URL for the open source package, the
reader can uniquely identify the source and use it to do further
research if needed.
5.7.3 Cardinality: Optional, single instance
5.7.4 Tag: "ProjectURL"
5.7.5 RDF: /RDF/SPDXDoc/Describes/File/ProjectURL
5.7.6 Data Format: URL
5.7.7 Example: Project: http://www.junit.org
Gary
*From:* spdx-bounces@... [mailto:spdx-bounces@...]
*On Behalf Of *kate.stewart@...
*Sent:* Wednesday, September 08, 2010 7:20 PM
*To:* spdx@...; Kim Weins
*Subject:* Re: New proposed field for project that a file came from
Thanks Kim,
Will add it into the agenda to discuss tomorrow on the SPEC section.
If anyone feels strongly about this field, and can't attend the call,
please send email to the list so we have your input.
Thanks, Kate
--- On *Wed, 9/8/10, Kim Weins /<kim.weins@...>/* wrote:
From: Kim Weins <kim.weins@...>
Subject: New proposed field for project that a file came from
To: spdx@...
Date: Wednesday, September 8, 2010, 6:18 PM
I would like to propose a new field in the file section. The field would
be used to identify the OSS component/package that a file originated
from. This is important since many packages will bundle other packages.
Knowing the license is important, but if you need to do any research on
the file, knowing the component is even more important.
I am proposing this would be an Optional field.
5.6 OSS Project
5.6.1 Purpose: Identify the name of the open source package or project
where this file originated.
5.6.2 Intent: By providing the open source package, the reader can
better identify the source and use it to do further research if needed.
5.6.3 Cardinality: Optional, single instance
5.6.4 Tag: "Project"
5.6.5 RDF: /RDF/SPDXDoc/Describes/File/Project
5.6.6 Data Format: Freeform text string
5.6.7 Example: Project: jUnit
Kim
*Kim Weins* | Senior Vice President, Marketing
_kim.weins@...
_Follow me on Twitter @KimAtOpenLogic
650 279 0410 | cell
_www.openlogic.com
_Follow OpenLogic on Twitter @OpenLogic
OpenLogic, Inc.
Headquarters, Broomfield, Colorado
-----Inline Attachment Follows-----
_______________________________________________
Spdx mailing list
Spdx@... </mc/compose?to=Spdx@...>
https://fossbazaar.org/mailman/listinfo/spdx
_______________________________________________
Spdx mailing list
Spdx@...
https://fossbazaar.org/mailman/listinfo/spdx
|
|
|
