Yev Bronshteyn: > Here’s the link: > http://docs.google.com/document/d/112x3s3g1Qg2tj8bjvIPsqIBlWUp3Sob37cvAx2eiS6U/edit
Thanks!! Sadly, the text for "FilesAnalyzed" suggests to me that this field is exactly wrong for the use case I'm most interested in. Let me call my use case "developer self-assertion", where the SPDX file is being hand-created by the developer of the package and represents assertions directly from the developer(s). That's because I want *developers* to be able to *self-assert* that they are releasing a given set of files under a given license, using SPDX license expressions and the SPDX file format. The "FilesAnalyzed" text says: > Purpose: Indicates whether the file content of this package has been > available for or subjected to analysis when creating the SPDX document. If > “false” indicates packages that represent metadata or URI references to a > project, product, artifact, distribution or a component. If set to “false”, > the package must not contain any files. But I *AM* the developer. The file content of this package *HAS* been available when creating the SPDX document, indeed, I'm the author or co-author of this content so I am the primary data source. In addition, the phrase "the package must not contain any files" makes no sense for my case. I certainly will distribute the files, and I may very well *want* to state that certain files have/don't have certain licenses or exception. Thanks. --- David A. Wheeler _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
