SPDX Perl parser [was: Re: [GSOC] SPDX Parser libraries project]
On Sun, Mar 9, 2014 at 9:29 PM, Jeremiah Foster jeremiah.fos...@pelagicore.com wrote: I'm writing one in perl because perl is widely used in Debian. I want to write a DEP5 to SPDX converter. This way I can generate a complete software BoM from an Debian or Debian-derived machine and put it into a tool like FOSSology. I'd also like to be able to do the reverse; use SPDX data to enable the generation of DEP5 files, though the use case here is a bit contrived. Perl is awesome ! As for SPDX to DEP5 conversion, there are probably several difficulties ahead, one of them being the files: full paths in SPDX vs. patterns in DEP5. Which would create likely bloated DEP5 files. -- Philippe Ombredanne ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
Re: SPDX Perl parser [was: Re: [GSOC] SPDX Parser libraries project]
On Mon, Mar 10, 2014 at 4:02 PM, Philippe Ombredanne pombreda...@nexb.comwrote: On Sun, Mar 9, 2014 at 9:29 PM, Jeremiah Foster jeremiah.fos...@pelagicore.com wrote: I'm writing one in perl because perl is widely used in Debian. I want to write a DEP5 to SPDX converter. This way I can generate a complete software BoM from an Debian or Debian-derived machine and put it into a tool like FOSSology. I'd also like to be able to do the reverse; use SPDX data to enable the generation of DEP5 files, though the use case here is a bit contrived. Perl is awesome ! =D As for SPDX to DEP5 conversion, there are probably several difficulties ahead, one of them being the files: full paths in SPDX vs. patterns in DEP5. Hmm. I guess I'll have to look at the spec. What I can see from a cursory bit of research is the DEP 5 format specified here: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0//#file-syntax Is there a similar document for SPDX? I've looked on the wikipedia site, the Linux Foundation site, etc. and I cannot seem to find something similar. What is the current version of SPDX? 1.2? Is there going to be a big format change, i.e. abandoning of RDF format for JSON, in 2.0? Should one wait for 2.0 in that case? Which would create likely bloated DEP5 files. Additional bloat is bad because we want to keep the associated source packages as small as possible for easy network transport. Cheers, Jeremiah -- Philippe Ombredanne ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech -- = Jeremiah C. Foster GENIVI Community Manager Pelagicore AB Ekelundsgatan 4, 6tr, SE-411 18 Gothenburg, Sweden Mobile: +46 (0)730 93 0506 E-Mail: jeremiah.fos...@pelagicore.com = === NOTE === The information contained in this E-mail message is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. = ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
Re: SPDX Perl parser [was: Re: [GSOC] SPDX Parser libraries project]
On Mon, Mar 10, 2014 at 7:22 PM, Jeremiah Foster jeremiah.fos...@pelagicore.com wrote: On Mon, Mar 10, 2014 at 4:02 PM, Philippe Ombredanne pombreda...@nexb.com wrote: As for SPDX to DEP5 conversion, there are probably several difficulties ahead, one of them being the files: full paths in SPDX vs. patterns in DEP5. Hmm. I guess I'll have to look at the spec. What I can see from a cursory bit of research is the DEP 5 format specified here: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0//#file-syntax Is there a similar document for SPDX? I've looked on the wikipedia site, the Linux Foundation site, etc. and I cannot seem to find something similar. This would the PDF at: http://spdx.org/sites/spdx/files/spdx-1%202.pdf 6 File Information One instance of the File Information is required for each file in the software package. It provides important meta information about a given file including licenses and copyright. Each instance should include the following fields. 6.1 File Name 6.1.1 Purpose: Identify the full path and filename that corresponds to the file information in this section. The key point in SPDX being full path, whereas DEP5 http://dep.debian.net/deps/dep5/#files-field talks about more compact patterns. I shall say that the Debian approach makes a lot of sense to me. -- Philippe Ombredanne ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech