On Thu, Sep 14, 2017 at 10:32:37AM +0200, Maximilian Huber wrote: > But since we currently only use features which were already in 2.0 > present, it is still an open question for me. Generating files by > some older (but compatible) specification makes it easier for people > to parse the generated document.
Right. Which is why I expect you want to label your files as 2.0 in that case. > Am I right that a 2.0 document can always be labeled as 2.1 since 2.1 > "only" added optional features/fields? Or are there conflicts? The only thing that stands out in the release notes [1] is: The “Artifact of Project” fields at the file level are now deprecated… But “deprecated” is not “removed”. So sticking to 2.0 and continuing to use those fields will work with compliant 2.1 parsers. And it's always possible that the release notes missed some important compat issue, but I think that's unlikely and would expect a patch release recovering forwards compat for 2.0 files read by 2.1 parsers. I expect ArtifactOfProjectName and such will be removed in SPDX 3.0, although it would be nice if the SPDX explained its versioning scheme (e.g. by referencing SemVer 2.0 [2] or some such. Cheers, Trevor [1]: https://spdx.org/spdx-specification-21-web-version#h.1sh8jn1fc5zw [2]: http://semver.org/spec/v2.0.0.html -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
