https://bugs.linuxfoundation.org/show_bug.cgi?id=1147
Bug #: 1147
Summary: Proposal: External File References
Product: SPDX
Version: 1.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Spec
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Created attachment 426
--> https://bugs.linuxfoundation.org/attachment.cgi?id=426
Word Document containing proposal
Background: In the proposal for expressing file dependencies, there is a need
to reference files external to the SPDX document. External file references are
also proposed for the SPDX 2.0 spec. The following proposal follows the 2.0
model and is implementable in 1.2. The intent is to be forward compatible with
the 2.0 implementation.
High level overview: The proposal consists of two parts:
- External namespace definitions - A method of referencing SPDX elements that
are not contained within the SPDX document itself in a convenient, short-naming
method.
- ExternalFileName property/keyword - A mechanism for defining an external
filename and storing the SHA1 checksum for verification purposes.
External Namespace Proposal:
Add a section after section 3 âExternal Namespaceâ with the following text:
3. Namespaces within an SPDX document defines a group of external resource
references. Each namespace is unique. File names can be preceded by a
namespace and a colon (â:â) to designate that file is external to the SPDX
document. Any files without a namespace colon designation is defined
internally to the SPDX document.
Zero or more namespaces may be defined within an SPDX document. Each namespace
refers to an external entity with a unique Uniform Resource Identifier (URI).
Namespaces may optionally refer to an external SPDX document.
3.1 Namespace Name
3.1.2 Purpose: Provide the name of a new namespace to be used in external
element references within the SPDX document.
3.1.2 Intent: The namespace name is a short human readable reference to a group
of external resource references.
3.1.3 Cardinality: Required one
3.1.4 Data Format: Character string
3.1.5 Tag: âNameSpaceNameâ
Example: NameSpaceName: Zlib
3.1.6 RDF
In XML, the standard XML namespace format is used
Example: <x xmlns:Zlib="http http://zlib.net";>
3.2 Namespace URI
3.2.1 Purpose: Provide a unique identifier for the namespace in the form of a
Uniform Resource Identifier (URI).
3.2.2 Intent: To simplify the identification of resources external to the SPDX
document. The namespace provides a unique reference to the namespace. It is
recommended that the URI reference an internet accessible web page, however,
that is not required.
3.2.3 Cardinality: Required one
3.2.4 Data Format: uniform resource locator | uniform resource name
3.2.5 Tag: âNameSpaceURIâ
Example: NameSpaceURI: http://zlib.net
3.2.5 RDF: In XML, the standard XML namespace format is used
Example: <x xmlns:Zlib="http http://zlib.net";>
Modify section 6.1.4 file name data format to:
A relative filename with the root of the package archive or directory or an
external file name reference. See http://tools.ietf.org/html/rfc1738 for the
relative file name syntax. External file syntax is namespace:relative file
name where the namespace is defined in the SPDX document (see section 3) and
the relative file name is relative to the package represented by the namespace.
Add a section after File (section 7) External File Information:
7. External File Information
One instance of External File Information is optional for each referenced
external file in the SPDX document. It provides additional information to
verify the file reference.
7.1 ExternalFileName [identical to File filename with property and tag values
externalFileName]
7.2 External File Checksum [identical to File checksum with property and tag
values externalFileChecksum]
--
Configure bugmail: https://bugs.linuxfoundation.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug._______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech
