Hello all
First time poster here too.
Snippet from Simon's SPDX:
{
"spdxElementId": "SPDXRef-zlib",
"relationshipType": "DISTRIBUTION_ARTIFACT",
"relatedSpdxElement": "SPDXRef-JuliaMain"
},
As "relationshipType" you use "DISTRIBUTION_ARTIFACT".
Assuming zlib is linked to by Julia, I would have (also/instead)
used "DYNAMIC_LINK" (or possibly "STATIC_LINK" depending on how it is
linked).
Any thoughts on this?
/h - (first t)im(e )poster
On Thu, 2021-09-09 at 16:23 -0700, Gary O'Neall wrote:
> Hi Simon,
>
> Welcome to the SPDX community!
>
> You’ve come to the right place – your request is very appropriate for
> this mailing list.
>
> I took a quick look at the document and only found one item for
> review. I’m not 100% sure of the relationship types, but from what I
> can tell they look correct. Others on the list may be able to do a
> better review of the relationship types.
>
> In terms of the spec being freely available – yes – it will continue
> to be available for free on the SPDX website. We intend to keep the
> official ISO published spec and the spec published on spdx.dev in
> sync.
>
> Gary
>
>
>
> From: [email protected] <[email protected]> On Behalf
> Of Simon Avery via lists.spdx.org
> Sent: Thursday, September 9, 2021 1:17 PM
> To: [email protected]
> Subject: [spdx-tech] RFC: Creating a fairly complex SPDX document for
> an open source project (Julia)
>
>
> Hello everyone. First time poster here, so I hope this topic is
> considered appropriate.
>
>
> My favorite open source project is Julia (https://julialang.org).
> It's build process pulls in a lot of code from many other
> repositories. I thought that the project would benefit from having
> an SPDX document describing all these packages, streamlining the
> review and approval process at organizations that want to use Julia.
>
>
>
> I've put together a pull request that adds an SPDX document to the
> repository. At this point it contains only a few packages to
> demonstrate what it looks like and will be filled in over time. If
> anyone on this list would like to provide feedback that would be
> appreciated.
>
>
>
> https://github.com/JuliaLang/julia/pull/42102
>
>
>
> On a related question since I see that SPDX just became an ISO
> standard. Does that mean that version 2.2.1 (and 3.0) of the
> specification will not be available for free at spdx.dev? Will the
> spdx-spec repository on Github remain available so that open source
> developers can access the current specification? If all developers
> had to pay $200, that would be a significant barrier to adoption in
> the OSS world.
>
>
>
> Thank you in advance for any feedback provided.
>
>
>
> Simon Avery
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4177): https://lists.spdx.org/g/Spdx-tech/message/4177
Mute This Topic: https://lists.spdx.org/mt/85494212/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
