David, In the second paragraph you quoted, “Package” refers to the SPDX element, not the artifact you’re distributing. The SPDX package element must not contain any SPDX file elements if filesAnalyzed=false.
On 4/13/16, 12:55 PM, "Wheeler, David A" <[email protected]> wrote: >Yev Bronshteyn: >> Here’s the link: >> http://docs.google.com/document/d/112x3s3g1Qg2tj8bjvIPsqIBlWUp3Sob37cvAx2eiS6U/edit > >Thanks!! Sadly, the text for "FilesAnalyzed" suggests to me that this field >is exactly wrong for the use case I'm most interested in. Let me call my use >case "developer self-assertion", where the SPDX file is being hand-created by >the developer of the package and represents assertions directly from the >developer(s). That's because I want *developers* to be able to *self-assert* >that they are releasing a given set of files under a given license, using SPDX >license expressions and the SPDX file format. > >The "FilesAnalyzed" text says: >> Purpose: Indicates whether the file content of this package has been >> available for or subjected to analysis when creating the SPDX document. If >> “false” indicates packages that represent metadata or URI references to a >> project, product, artifact, distribution or a component. If set to “false”, >> the package must not contain any files. > >But I *AM* the developer. The file content of this package *HAS* been >available when creating the SPDX document, indeed, I'm the author or co-author >of this content so I am the primary data source. In addition, the phrase "the >package must not contain any files" makes no sense for my case. I certainly >will distribute the files, and I may very well *want* to state that certain >files have/don't have certain licenses or exception. > >Thanks. > >--- David A. Wheeler > _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
