Hi Gary, > My suggestion would be to use additional relationships to describe the type > of linkage.
Ah, so you could actually have *both* e.g. "A RUNTIME_DEPENDENCY_OF B" and "A STATIC_LINK B" relationships in the same document to denote that "A has a runtime dependency on B, and B is statically linked into A"? For some reason I thought that you may one have exactly *one* relationship between A and B specified. > In order to capture if the linkage is dynamic or static, you would have to > know how the software was built. With ORT (and other tools that hook up to the build system in order to generate SPDX files), you have immediate knowledge about what type of linkage is being used, and in which scope, so getting that information is not the problem. > I don’t think there is any reliable relationship between the scope and the > type of linkage. I agree. -- Sebastian Schuberth On Tue, Feb 16, 2021 at 10:11 PM Gary O'Neall <[email protected]> wrote: > > Hi Stephanie, > > > > My suggestion would be to use additional relationships to describe the type > of linkage. In order to capture if the linkage is dynamic or static, you > would have to know how the software was built. You may be able to infer this > from the file type suffixes (e.g. .so files are typically dynamically linked > and .a files are typically statically linked) or the language used (e.g. Java > is typically dynamically link), but I don’t think there is any reliable > relationship between the scope and the type of linkage. > > > > Gary > > > > From: [email protected] <[email protected]> On Behalf Of > Neubauer Stephanie (IOC/PDL4) via lists.spdx.org > Sent: Tuesday, February 16, 2021 12:19 AM > To: [email protected] > Subject: [spdx-tech] Static and dynamic links - sort to scope > > > > Hello, > > > > I once more have an inquiry about an spdx document yaml. > > > > I am trying to implement a functionality in the oss-review-toolkit (ORT) [1] > that allows for relationships of type DYNAMIC_LINK and STATIC_LINK to be > included in the list in packages. [2] > > Currently that is not possible as ORT differs the dependencies it finds into > different scopes (for example: test, build or runtime…) and only takes > relationships into consideration that explicitly state a scope. > > While a dynamic or a static link express relationships elements can have with > each other, I am unclear how to express a scope of that relationship at the > same time. > > How would I know, for example, if a relationship of type STATIC_LINK is in > the scope “BUILD” or “RUNTIME”? > > Would this be validly expressible by having the same elements in two > relationships with each other (e.g. one with TEST_DEPENDENCY_OF and one with > DYNAMIC_LINK) and listing both relationships in the document. > > Or is there a default scope assumed for relationships of type DYNAMIC_LINK > and STATIC_LINK? > > > > [1] ORT > > 2[] https://github.com/oss-review-toolkit/ort/issues/3619 > > > > Tank you and kind regards. > > Stephanie > > > > Mit freundlichen Grüßen / Best regards > > Stephanie Neubauer > > Project Delivery Stuttgart (IOC/PDL4) > Robert Bosch GmbH | Postfach 11 27 | 71301 Waiblingen | GERMANY | > www.bosch.com > Tel. +49 711 811-92528 | Mobil +49 172 3620267 | Telefax +49 711 811-58200 | > Threema / Threema Work: PHCV2F36 | [email protected] > > Sitz: Stuttgart, Registergericht: Amtsgericht Stuttgart, HRB 14000; > Aufsichtsratsvorsitzender: Franz Fehrenbach; Geschäftsführung: Dr. Volkmar > Denner, > Prof. Dr. Stefan Asenkerschbaumer, Filiz Albrecht, Dr. Michael Bolle, Dr. > Christian Fischer, > Dr. Stefan Hartung, Dr. Markus Heyn, Harald Kröger, Rolf Najork, Uwe Raschke > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3988): https://lists.spdx.org/g/Spdx-tech/message/3988 Mute This Topic: https://lists.spdx.org/mt/80673902/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
