Hi, David, Your use case seems to be already covered by the current SPDX 2.1 spec. With the new filesAnalyzed attribute on packages, we can now describe packages, with all their optional metadata richness without going into their contents. Here is an example of that use case: A package is being described that has a static dependency on Apache Commons:
https://bitbucket.org/yevster/spdxtraxample/src/HEAD/sampleSpdx/1packageWithStaticLink.rdf On 3/30/16, 5:46 PM, "[email protected] on behalf of Wheeler, David A" <[email protected] on behalf of [email protected]> wrote: >> Bill Schineller [mailto:[email protected]] >> Gary and I were talking about this at lunch - yes, your use case, which >> is an important one for lowering the barrier for upstream projects to >> declare licenses in a standardized way - represents an 'SPDX Lite' >> requirement/use case that has often come up. > >I like that phrase "SPDX Lite" - I think it captures the essence. It's in >some sense a "profile" of the full SPDX spec that reduces many tags from >"mandatory" to "optional" for this specific use case. I certainly *would* >like to be able to use the more advanced capabilities of SPDX, I just don't >want to be *required* to use them. > >> Let's chat about it while we are all here at Collab. > >Love to! > >--- David A. Wheeler > >_______________________________________________ >Spdx-tech mailing list >[email protected] >https://lists.spdx.org/mailman/listinfo/spdx-tech _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
