Hi Sam and SPDX tech team,
Both good points. Since I won’t be in Berlin this week, below are my thoughts on the issues Sam brought up. From: [email protected] [mailto:[email protected]] On Behalf Of Sam Ellis Sent: Wednesday, October 5, 2016 12:29 AM To: Kate Stewart; [email protected]; SPDX-general Subject: RE: SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016. Hi, Whilst preparing for SPDX bakeoff I noticed a few issues with my interpretation of the specification that may be worth discussion. Firstly a number of fields in tag files contain arbitrary text enclosed within <text>...</text> tags. I found examples where the text I am including within these tags does itself contain HTML/XML tags from the source document. The inclusion of non-SPDX tags within the <text> tags makes it hard to spot the end of the </text>. This raises the question of whether the text within <text> tags ought to be escaped in some way? I did not find anything on this point in the SPDX specification (apologies if I missed anything). [Gary]I don’t feel strongly about this since I work mostly on the RDF/XML representations of SPDX. I did run into one situation where the escaping would have been useful (one of the fields was referencing text from an SPDX document which included the text tags). Adding escaping would increase the effort and complexity for the tools. This occurs infrequently enough, I’m not sure it is worth the effort. If we do want to go down this path, I would suggest using a standard escaping mechanism such as that used in XML. Secondly, I noticed that in the tag field PackageLicenseInfoFromFiles I am including license exceptions, for example: PackageLicenseInfoFromFiles: Classpath-exception-2.0 However, I think my use is incorrect. The spec says a license identifier is needed here, and a license exception identifier is not a license identifier. I cannot alternatively use "license WITH exception" here because this is an expression not a license identifier. This raises the question, how should exceptions be represented in PackageLicenseInfoFromFiles, if at all? [Gary] I have been (incorrectly) using license expressions for this field ever since 1.0. I just went back and looked at the spec. You are correct, it does not include a license expression. There is another issue with not including the license expression – it would not allow the “or-later” operator “+” since that is not part of the license ID. I would fully support using a license expression to resolve these issues. If there is concern that introducing a license expression creates “interpretation” on the found licenses, we could limit the expressions to specific operators. My preference would be to allow the full set of operators. I appreciate your thoughts on these issues. From: [email protected] [mailto:[email protected]] On Behalf Of Kate Stewart Sent: 22 September 2016 19:58 To: [email protected]; SPDX-general Subject: SPDX Bake off to compare tools generating code for the SPDX 2.1 specification on October 6, 2016. Hi, The SPDX tech team will be hosting an <http://sched.co/8BLk> SPDX Tools BakeOff at LinuxCon Europe on 6 October 2016. Participation can be remote by phone or in person. The Bake-off (also known by some as a Plugfest) will focus on comparing SPDX Documents generated with SPDX specification 2.1 features along with answering any questions people may have about the new revision. For more information on how to participate, please read <https://docs.google.com/document/d/1If-acGnVHkHABXDAQCJwHQHx4TTKsOtGu0-iAfaNDso/edit> Background info for the SPDX 2.1 Bake-off in LinuxCon Europe. If you have questions, please send email to <mailto:[email protected]?subject=SPDX%202.1%20Bakeoff%20Question> [email protected] Thanks on behalf of the SPDX tech team, Gary & Kate IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
