Thank you Jeremiah and Sebastian for your feedbacks and pointers on how I should go about the project implementation. Jeremiah, is there some where you can point me to lookup on QTRMS:-
1. Set up and integration 2. SPDX and Toolchain automation I can't find any documentations as for now and the readme has very little information. Regards Ndip Tanyi On Fri, Apr 27, 2018 at 3:20 PM, Foster, Jeremiah <[email protected]> wrote: > On Fri, 2018-04-27 at 12:52 +0000, Schuberth, Sebastian wrote: > > Welcome on board, Ndip! > > > > Just a though from my side regarding the implementation details: I believe > realizing this in the form of writing plugins / extensions to build tools > has the drawback that potential users need to modify their build system (by > applying the plugin) in order to generate SPDX files. A better approach in > my opinion is to be able to inspect the project / build tool (and the > declared dependencies) from the outside, like e.g. the “analyzer” module of > the OSS Review Toolkit (ORT) does [1]. The “analyzer” already outputs > build-tool-agnostic YAML or JSON for all meta-data declared by the build > tool (incl. the license, dependencies etc.), and it should be somewhat > straight forward to generate SPDX (tag-value) from those YAML or JSON > files. Also, extending its list of supported build tools [2] to include > e.g. MSBuild or vcpkg [3] should also be reasonably easy to do. > > > > But of course these details need to be checked with your mentors to ensure > alignment with the defined project goals. > > > > [1] https://github.com/heremaps/oss-review-toolkit > > [2] https://github.com/heremaps/oss-review-toolkit#supported- > package-managers > > [3] https://github.com/Microsoft/vcpkg > > > I think one should look at QTRMST here too: https://github.com/endocode/ > qmstr-all > "Quartermaster is a suite of command line tools and build system plugins > that instruments software builds to create FLOSS compliance documentation > and support compliance decision making. It executes as part of a software > build process to generate reports about the analysed product." > > Cheers, > > Jeremiah > > > > Regards, > > Sebastian > > > > > > *From:* [email protected] <[email protected]> > *On Behalf Of *Ndip Tanyi > *Sent:* Friday, April 27, 2018 11:38 > *To:* Krys Nuvadga <[email protected]>; [email protected]; > [email protected] > *Subject:* [spdx-tech] Introduction - GSoC'18 Build Tool SPDX files > Generator Project > > > > Hello All, > > My name is Ndip Tanyi and I am excited and grateful for the unique > opportunity to be selected to work on the "Build Tool SPDX Files Generator" > project this Summer as part of GSoC. > > I want to thank the SPDX community for giving me this opportunity while > looking forward to get to work and learn new things from my mentors. > > Regards > > Ndip Tanyi > > _______________________________________________ > > Spdx-tech mailing list > > [email protected] > > https://lists.spdx.org/mailman/listinfo/spdx-tech > > > > ------------------------------ > > This e-mail and any attachment(s) are intended only for the recipient(s) > named above and others who have been specifically authorized to receive > them. They may contain confidential information. If you are not the > intended recipient, please do not read this email or its attachment(s). > Furthermore, you are hereby notified that any dissemination, distribution > or copying of this e-mail and any attachment(s) is strictly prohibited. If > you have received this e-mail in error, please immediately notify the > sender by replying to this e-mail and then delete this e-mail and any > attachment(s) or copies thereof from your system. Thank you. >
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
