[Bug 878] Package direct download mechanism/link including version control system (e.g. git) use case

Fri, 20 Feb 2015 14:14:00 -0800 

https://bugs.linuxfoundation.org/show_bug.cgi?id=878

--- Comment #9 from Bill Schineller <[email protected]> 
2015-02-20 22:12:33 UTC ---
Modified 2.0 Spec to allow for 1 liner compact notation for Version Control
System (VCS) locations in the Package Download Location field


4.7    Package Download Location

4.7.1    Purpose:  This section identifies the download Universal Resource
Locator (URL), or a specific location within a version control system (VCS)
system, for the package at the time that the SPDX file was created.   If there
is no public (or internal) URL, then it is explicitly marked as NONE.   If
there is insufficient knowledge about whether a public or internal download
mechanism exists or not, then NOASSERTION (which was considered UNKNOWN in SPDX
1.0) should be used.   

4.7.2    Intent: Here, where and how to download the exact package being
referenced is a critical verification and tracking data..

4.7.3    Cardinality: Mandatory, one.

         4.7.4    Data Format: uniform resource locator | VCS location |
“NONE” | “NOASSERTION”

VCS location compact notation (adopted from
https://pip.pypa.io/en/latest/reference/pip_install.html#vcs-support)  supports
referencing locations from version control systems such as Git, Mercurial,
Subversion and Bazaar, and specifies the type of VCS using url prefixes:
“git+”, “hg+”, “bzr+”, “svn+”.

Specifying branch names, a commit hash or a tag name is recommended, using "@"
and "#" delimiters. 


4.7.5    Tag: “PackageDownloadLocation:”

            Example:  
            PackageDownloadLocation:
http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz
PackageDownloadLocation:
git+git://git.myproject.org/[email protected]#egg=MyProject
PackageDownloadLocation:
git+git://git.myproject.org/MyProject.git@da39a3ee5e6b4b0d3255bfef95601890afd80709#egg=MyProject
PackageDownloadLocation:
hg+http://hg.myproject.org/MyProject@da39a3ee5e6b#egg=MyProject
PackageDownloadLocation:
hg+http://hg.myproject.org/[email protected]#egg=MyProject
PackageDownloadLocation:
svn+http://svn.myproject.org/svn/MyProject/trunk@2019#egg=MyProject
PackageDownloadLocation:
bzr+https://bzr.myproject.org/MyProject/trunk@2019#egg=MyProject
PackageDownloadLocation:
bzr+http://bzr.myproject.org/MyProject/[email protected]#egg=MyProject

4.7.6    RDF: property spdx:downloadLocation in class spdx:Package

            Example:  
            <Package rdf:about="">
                <downloadLocation>
                                              
http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz
                                           </downloadLocation>

-- 
Configure bugmail: https://bugs.linuxfoundation.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
Spdx-tech mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx-tech

Reply via email to