On Fri, 2018-04-27 at 12:52 +0000, Schuberth, Sebastian wrote: Welcome on board, Ndip!
Just a though from my side regarding the implementation details: I believe realizing this in the form of writing plugins / extensions to build tools has the drawback that potential users need to modify their build system (by applying the plugin) in order to generate SPDX files. A better approach in my opinion is to be able to inspect the project / build tool (and the declared dependencies) from the outside, like e.g. the “analyzer” module of the OSS Review Toolkit (ORT) does [1]. The “analyzer” already outputs build-tool-agnostic YAML or JSON for all meta-data declared by the build tool (incl. the license, dependencies etc.), and it should be somewhat straight forward to generate SPDX (tag-value) from those YAML or JSON files. Also, extending its list of supported build tools [2] to include e.g. MSBuild or vcpkg [3] should also be reasonably easy to do. But of course these details need to be checked with your mentors to ensure alignment with the defined project goals. [1] https://github.com/heremaps/oss-review-toolkit [2] https://github.com/heremaps/oss-review-toolkit#supported-package-managers [3] https://github.com/Microsoft/vcpkg I think one should look at QTRMST here too: https://github.com/endocode/qmstr-all "Quartermaster is a suite of command line tools and build system plugins that instruments software builds to create FLOSS compliance documentation and support compliance decision making. It executes as part of a software build process to generate reports about the analysed product." Cheers, Jeremiah Regards, Sebastian From: [email protected] <[email protected]> On Behalf Of Ndip Tanyi Sent: Friday, April 27, 2018 11:38 To: Krys Nuvadga <[email protected]>; [email protected]; [email protected] Subject: [spdx-tech] Introduction - GSoC'18 Build Tool SPDX files Generator Project Hello All, My name is Ndip Tanyi and I am excited and grateful for the unique opportunity to be selected to work on the "Build Tool SPDX Files Generator" project this Summer as part of GSoC. I want to thank the SPDX community for giving me this opportunity while looking forward to get to work and learn new things from my mentors. Regards Ndip Tanyi _______________________________________________ Spdx-tech mailing list [email protected]<mailto:[email protected]> https://lists.spdx.org/mailman/listinfo/spdx-tech ________________________________ This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
