joshua-zivkovic commented on PR #2095: URL: https://github.com/apache/buildstream/pull/2095#issuecomment-3584867872
``` I feel we should be preferring the other non-package related fields ``` I'm not entirely sure I'm following. As I understand it, a "package" is an SPDX term for basically any inputs you are describing in the document, whether it's tar balls, directories, etc. A "package" is just the name of a *thing* in SPDX-land. Therefore there is no intent of specific fields being specifically for "packages" (in the traditional software distribution sense of the word). Pending further discussion/alignment on the above, I believe the fields we need to support from purely a build tool perspective would be: - concluded-license: the license for the "source" as chosen by the authors - copyright-text: copyright notices - declared-license: specific license declared for some source - description: description of what the "source" is - external-references: references to any related assets or information that is relevant to the "source", important to include as to not potentially lose any important data associated with the "source" - name: the name of the "source" - originator: the original author of the "source", necessary when consuming from source - supplier: whoever provided the "source", should it not be direct from source. Note: "source" being the specific item being fetched, whether it be a traditional "package", source code, tar ball. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
