![]() ![]() ġ.4.5 Relationships Between SPDX Elements: Information on how Documents, Packages & Files relate to each other.ġ.4.6 Annotations: Information about when and by whom the SPDX file was reviewed.įigure 1 Overview of SPDX 2.0 document contents. copyrights, licenses) that are specific to each file included in the package.ġ.4.4 Other Licensing Information Detected: A way to capture information about and refer to licenses that are not on the SPDX License List. 1.4 What does this specification cover?ġ.4.1 SPDX Document Creation Information: Meta data to associate analysis results with a specific version of the SPDX file and license for use, and provide information on how, when, and by whom the SPDX file was created.ġ.4.2 Package Information: Facts that are common properties of the entire package.ġ.4.3 File Information: Facts (e.g. The SPDX working group seeks to create a data exchange format so that information about software packages and related content may be collected and shared in a common format with the goal of saving time and improving data accuracy. As a result, many groups are performing the same work leading to duplicated efforts and redundant information. Software development teams across the globe use the same open source packages, but little infrastructure exists to facilitate collaboration on the analysis or share the results of these analysis activities. ![]() ![]() Compliance with the associated licenses requires a set of analysis activities and due diligence that each Organization performs independently, which may include a manual and/or automated scan of software and identification of associated licenses followed by manual verification. An SPDX file is associated with a particular software package and contains information about that package in the SPDX format.Ĭompanies and organizations (collectively “Organizations”) are widely using and reusing open source and other software packages. The Software Package Data Exchange (SPDX ®) specification is a standard format for communicating the components, licenses, and copyrights associated with a software package. To create a set of data exchange standards that enable companies and organizations to share license and component information (metadata) for software packages and related content with the aim of facilitating license and other policy compliance. Incorvia, Venkata Krishna and Zachary McFarland for their contributions and assistance.ġ.3 Why is a common format for data exchange needed?ġ.5 What is not covered in the specification?ġ.8 Differences from SPDX Specification 1.2Ĥ.11 Artifact of Project Uniform Resource IdentifierĪppendix II: License Matching Guidelines and TemplatesĪppendix III: RDF Data Model Implementation and Identifier SyntaxĪppendix V: Creative Commons Attribution License 3.0 Unported 1 Rationale 1.1 Charter Herzog, Michel Ruffin, Nuno Brito, Paul Madick, Peter Williams, Phil Robb, Philip Odence, Philip Koltun, Phillippe Ombredanne, Pierre Lapointe, Rana Rahal, Sam Ellis, Sameer Ahmed, Scott K Peterson, Scott Lamons, Scott Sterling, Shane Coughlan, Steve Cropper, Stuart Hughes, Tom Callaway, Tom Vidal, Thomas F. With thanks to Adam Cohn, Andrew Back, Ann Thornton, Bill Schineller, Bruno Cornec, Ciaran Farrell, Daniel German, Debra McGlade, Dennis Clark, Ed Warnicke, Eran Strod, Eric Thomas, Esteban Rockett, Gary O’Neall, Guillaume Rousseau, Hassib Khanafer, Jack Manbeck, Jaime Garcia, Jeff Luszcz, Jilayne Lovejoy, John Ellis, Karen Copenhaver, Kate Stewart, Kim Weins, Kirsten Newcomer, Liang Cao, Marc-Etienne Vargenau, Mark Gisi, Marshall Clow, Martin Michlmayr, Martin von Willebrand, Matt Germonprez, Michael J. This work is licensed under the Creative Commons Attribution License 3.0 Unported (CC-BY-3.0) reproduced in its entirety in Appendix V herein. Software Package Data Exchange (SPDX ® ) Specification – Version 2.0Ĭopyright © 2010-2015 Linux Foundation and its Contributors. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |