Hi all, many package managers (Maven, NPM etc.) have a dedicated "authors" (or something "developers") metadata field that is distinct from copyright holder information. I'm looking for a way to track this metadata in SPDX YAML files. The closest thing I've found is the PackageOriginator field, but I'm not entirely sure if it's suitable. And more importantly, if I'm safe to assume that any mentioned PackageOriginator in an SPDX file I receive also is an author / developer. Any insights on that?
Thanks in advance! -- Sebastian Schuberth (Founder of ORT, the OSS Review Toolkit) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4169): https://lists.spdx.org/g/Spdx-tech/message/4169 Mute This Topic: https://lists.spdx.org/mt/85432130/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
