https://bugs.linuxfoundation.org/show_bug.cgi?id=1311
Bill Schineller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bschineller@blackducksoftwa | |re.com --- Comment #3 from Bill Schineller <[email protected]> --- Epilogue / Afterword: I spoke to Yev after the call and I guess the point of restricting the definition of types would be to try to make the information more MEANINGFUL to CONSUMERS of spdx documents. He/we were assuming that the true Intent of the filetype field was to give consumers of an spdx doc additional useful to filter on when reviewing an incoming software 'Bill of Materials'. If too many files simply get the type 'APPLICATION' via having mimetype application/* then the value of filtering an spdx document on files of type APPLICATION is diluted. (The broad definition does make it easy for producers of SPDX docs though). fwiw, I think here is the official definition of type 'application' from w3.org http://www.w3.org/Protocols/rfc1341/4_Content-Type.html "application some other kind of data, typically either uninterpreted binary data or information to be processed by a mail-based application. The primary subtype, "octet-stream", is to be used in the case of uninterpreted binary data, in which case the simplest recommended action is to offer to write the information into a file for the user. Two additional subtypes, "ODA" and "PostScript", are defined for transporting ODA and PostScript documents in bodies. Other expected uses for "application" include spreadsheets, data for mail-based scheduling systems, and languages for "active" (computational) email. (Note that active email entails several securityconsiderations, which are discussed later in this memo, particularly in the context of application/PostScript.)" -- You are receiving this mail because: You are the assignee for the bug.
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
