Welcome on board, Ndip! Just a though from my side regarding the implementation details: I believe realizing this in the form of writing plugins / extensions to build tools has the drawback that potential users need to modify their build system (by applying the plugin) in order to generate SPDX files. A better approach in my opinion is to be able to inspect the project / build tool (and the declared dependencies) from the outside, like e.g. the “analyzer” module of the OSS Review Toolkit (ORT) does [1]. The “analyzer” already outputs build-tool-agnostic YAML or JSON for all meta-data declared by the build tool (incl. the license, dependencies etc.), and it should be somewhat straight forward to generate SPDX (tag-value) from those YAML or JSON files. Also, extending its list of supported build tools [2] to include e.g. MSBuild or vcpkg [3] should also be reasonably easy to do.
But of course these details need to be checked with your mentors to ensure alignment with the defined project goals. [1] https://github.com/heremaps/oss-review-toolkit [2] https://github.com/heremaps/oss-review-toolkit#supported-package-managers [3] https://github.com/Microsoft/vcpkg Regards, Sebastian From: [email protected] <[email protected]> On Behalf Of Ndip Tanyi Sent: Friday, April 27, 2018 11:38 To: Krys Nuvadga <[email protected]>; [email protected]; [email protected] Subject: [spdx-tech] Introduction - GSoC'18 Build Tool SPDX files Generator Project Hello All, My name is Ndip Tanyi and I am excited and grateful for the unique opportunity to be selected to work on the "Build Tool SPDX Files Generator" project this Summer as part of GSoC. I want to thank the SPDX community for giving me this opportunity while looking forward to get to work and learn new things from my mentors. Regards Ndip Tanyi
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
