On Sat, Aug 12, 2017 at 11:27:51AM -0700, [email protected] wrote: > 3) [packename].spdx where packagename is the name of the package > > Note that #3 is currently in use.
My concern with the current SPDXParser.spdx [1] is that it is not
immediately obvious that the file applies to the whole repository and
not just to some subset thereof. I'd also be fine with
spdx-tools.spdx (or spdx-tools-spdx.rdf), since that's more clearly
scoped to cover the whole repository.
I'm fine with options one and two, although note that the spec
currnently has package.spdx examples [2] as well as an example with
[3]:
An SPDX document ‘WildFly.spdx’ describes package ‘WildFly’. Note
this is a logical relationship to help organize related items within
an SPDX document that is mandatory if more than one package or set
of files (not in a package) is present.
I'm also fine with different recommendations for different contexts
(e.g. project.spdx for a project-wide SPDX file in the project's
repository and ${PROJECT_NAME}.spdx for that same SPDX content in a
multi-project context).
And I agree that it would be good to update the spec to clearly
describe whatever convention we decide on and then consistently follow
that recommendation.
> We should also decide the suffixes for tag/value and RDF
> (e.g. LICENSE.rdf or LICENSE.spdx.rdf).
This is already covered in the spec [4]:
Should be easy to recognize in a file system without opening the
file. A suggested naming convention is to use *.spdx (for tag-value
format) and *-spdx.rdf for RDF format.
The spec seems to conflate “RDF” and “RDF/XML” (there are several
other RDF serialization formats [5]), and it would be good to start
making that distinction. But, the recommended extention for RDF/XML
is .rdf [6], so we wouldn't have to change the recommended extention
for RDF/XML.
Cheers,
Trevor
[1]:
https://github.com/spdx/tools/blob/0d020dbdd3fabe96b1e7bce88216de0f679e9dfb/SPDXParser.spdx
[2]: https://spdx.org/spdx-specification-21-web-version#h.2p2csry
[3]: https://spdx.org/spdx-specification-21-web-version#h.apg85dj5o8wx
[4]: https://spdx.org/spdx-specification-21-web-version#h.3dy6vkm
[5]:
https://en.wikipedia.org/wiki/Resource_Description_Framework#Serialization_formats
[6]: https://tools.ietf.org/html/rfc3870#section-2
--
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
