https://bugs.linuxfoundation.org/show_bug.cgi?id=1298
--- Comment #2 from Yev Bronshteyn <[email protected]> 2015-07-28 19:12:02 UTC --- I'd advocate against having multiple versions of the spec for different use cases. It might make sense to differentiate external packages from those with files. An internal package should require a verification code, and an external package should not be allowed to have files in it. And I don't think an external package should require an external ID. Some external packages may have download locations and versions, but not be in maven or published in a source control (e.g. non-open-source freeware). External IDs, as proposed by bill, do seem like the ideal way of describing MVN metadata, but there is other metadata for external packages that logically goes along with it. Download location, originator, etc - all the things we associate with a package, minus the file information. -- Configure bugmail: https://bugs.linuxfoundation.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
