SPDX 2.2 Specification Review Window - ends May 1, 2020

Kate Stewart

Hi all, 
    The SPDX 2.2 specification is now in the final 2 week public review window.
The SPDX tech-list participants have been working on polishing it for the last couple of months and adding in the outstanding pull requests that have been completed.

If you are interested in reviewing this final draft,  the online rendered version can be found at:  https://spdx.github.io/spdx-spec/v2-draft/    (Thank you to Thomas Steenbergen and William Bartholomew for giving us this option, and sorting out the rendering infrastructure!)

If a reviewer spots any issues that need to be fixed before we publish the final version, please create an issue at: https://github.com/spdx/spdx-spec/issues and tag it with the milestone 2.2.

The changes from our 2.1 version of the specification at a high level are: 
  •  JSON, YAML, and a development version of XML have been added as supported file formats.
  • A new appendix "SPDX File Tags" has been added to describe a method that developers can use to document other SPDX file-specific information (such as copyright notices, file type, etc.) in a standardized and easily machine-readable manner. See Appendix IX for more information.
  • A new appendix "SPDX Lite" has been added to document a lightweight subset of the SPDX specification for scenarios where a full SPDX document is not required. See Appendix VIII for more information.
  • Additional relationship options have been added to enable expression of different forms of dependencies between SPDX elements. As well, NONE and NOASSERTION keywords are now permitted to be used with relationships to indicate what is unknown.
  • Additional external repository identifiers have been added to Appendix VI (PURL, SWHids, etc.).
  • Miscellaneous bug fixes and non-breaking improvements as reported on the mailing list and reported as issues on the spdx-spec GitHub repository.
Thanks again to all the contributors who've worked on including these changes!