https://bugs.linuxfoundation.org/show_bug.cgi?id=1295
--- Comment #2 from Bill Schineller <[email protected]> 2015-06-23 17:47:14 UTC --- Per conversation on tech concall, we should be clear that we only want to accept External Identifiers that point to a specific, discrete version of software / set of files. i.e. no wildcards, no 'this version or greater' semantics ----- the 'namespace' i.e. what system the identifier is unique within is critical to this ---- where to find the repository online is important --- requirements for a 'repository' (repository of information, not necesarily repository of bits) to be legitimate (the identifier must be unique within that repository) - should be able to get a hardcopy of the software? (nah, NIST CPE is just a list...) - --- is there a way to factor out the list of repositories from the spec? maybe a list of 'repositories of information' that we might maintain on spdx.org ? -- Configure bugmail: https://bugs.linuxfoundation.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
