Topics

SPDX 2.0 Bakeoff at Linux Con NA - August 17 9am - Virginia Room


kate.stewart@...
 

Hi,
    We're now less than on month away from LinuxCon, and we wanted to get some information out for those who want to participate in the SPDX 2.0 Bakeoff.  If you can make it to Seattle that’s fantastic -- we look forward to meeting you or re-connecting!  If you can’t make it in person that’s OK -- you may still upload your SPDX files.   

folder has been setup to share SPDX files for the SPDX Bakeoff workgroup session scheduled for Monday morning August 17, 2015.    We’ll be meeting in Virginia Room (located on the 4th floor, Union St side of hotel) from 9:00am - 1:00pm.

In order to facilitate the analysis and discussion we are asking everyone who has tools that generate SPDX to at least generate an SPDX file (tag-value format) for Time v1.7 (a small package for the purpose of comparing SPDX output from different tools), cpio 2.10 and spdx-tools v 2.0 .   

Please use the links to the source packages in the table below so that we are comparing “apples to apples.”   Then simply create a folder with the name of your organization and just drop the SPDX files in there.    If you have any questions or problems email spdx-tech@....   

Also please fill out our sign-up form to let us know what additional topics you would like to see covered in this session.

SPDX files to be compared:



Simple SPDX Document Creation
SPDX Document Creation with
Internal Relationships
SPDX Document Creation with
External Relationships
Packages

Notes
This is the same package we used for the SPDX 1.1 bake-off.  It is a small package and should be reasonably straight forward.  Deprecated fields should not be used.
This is a package has a bit more files to it and there are different file types and relationships internal to the package.
This is a Maven project with external dependencies listed in the project POM.  Don’t pay too much attention to the SPDX file in the git repository - it is a 1.2 version and does not include all of the dependencies.


Reference Information:


Instructions:  

  1. Create a folder for your tool in “SPDX 2.0 Bake-Off” folder.    
    1. see example “doSoCs (UNO)
    2. please remember to make sure that it is readable.
  2. Create a copy of the template for the tools’ environment context  and put into your tool’s folder.
  3. Add the SPDX files generated for the reference examples into your tool’s folder.
  4. Ideally, please consider run the SPDX files through the verification tool (aka translator) indicate if not run.  The verification tool can be downloaded from https://github.com/spdx/tools/releases/download/V2.0.2/spdx-tools-2.0.2-jar-with-dependencies.jar.  Verification can be run executing the downloaded jar file with the command “verify” with a single parameter of the SPDX file (e.g. java -jar spdx-tools-2.0.2-jar-with-dependencies.jar myspdxfile.spdx). 
  5. If you have any questions,  feel free to email spdx-tech@... and we’ll try to help.

Thanks,
Jack, Gary & Kate