> -----Original Message----- > From: [email protected] <[email protected]> On Behalf Of > Henrik Sandklef > Sent: Friday, September 10, 2021 8:11 AM > To: Gary O'Neall <[email protected]>; [email protected]; Spdx- > [email protected] > Subject: Re: [spdx-tech] RFC: Creating a fairly complex SPDX document for an > open source project (Julia) > > Hello all > > First time poster here too. > > Snippet from Simon's SPDX: > > { > "spdxElementId": "SPDXRef-zlib", > "relationshipType": "DISTRIBUTION_ARTIFACT", > "relatedSpdxElement": "SPDXRef-JuliaMain" > }, > > As "relationshipType" you use "DISTRIBUTION_ARTIFACT". > > Assuming zlib is linked to by Julia, I would have (also/instead) used > "DYNAMIC_LINK" (or possibly "STATIC_LINK" depending on how it is linked). > > Any thoughts on this? > >> [G.O.] It would depend on how the Zlib artifact is used. If Zlib is linked >> to the primary artifact described by the SPDX document, then using a >> relationship type of "DYNAMIC_LINK" would be a more common and a better >> choice in my opinion. If Zlib is used in some other way (e.g. used as part >> of an installation tool not linked to the primary artifact), then >> "DISTRIBUTION_ARTIFACT" would be more appropriate.
> > > /h - (first t)im(e )poster > > > On Thu, 2021-09-09 at 16:23 -0700, Gary O'Neall wrote: > > Hi Simon, > > > > Welcome to the SPDX community! > > > > You’ve come to the right place – your request is very appropriate for > > this mailing list. > > > > I took a quick look at the document and only found one item for > > review. I’m not 100% sure of the relationship types, but from what I > > can tell they look correct. Others on the list may be able to do a > > better review of the relationship types. > > > > In terms of the spec being freely available – yes – it will continue > > to be available for free on the SPDX website. We intend to keep the > > official ISO published spec and the spec published on spdx.dev in > > sync. > > > > Gary > > > > > > > > From: [email protected] <[email protected]> On Behalf Of > > Simon Avery via lists.spdx.org > > Sent: Thursday, September 9, 2021 1:17 PM > > To: [email protected] > > Subject: [spdx-tech] RFC: Creating a fairly complex SPDX document for > > an open source project (Julia) > > > > > > Hello everyone. First time poster here, so I hope this topic is > > considered appropriate. > > > > > > My favorite open source project is Julia (https://julialang.org). > > It's build process pulls in a lot of code from many other > > repositories. I thought that the project would benefit from having an > > SPDX document describing all these packages, streamlining the review > > and approval process at organizations that want to use Julia. > > > > > > > > I've put together a pull request that adds an SPDX document to the > > repository. At this point it contains only a few packages to > > demonstrate what it looks like and will be filled in over time. If > > anyone on this list would like to provide feedback that would be > > appreciated. > > > > > > > > https://github.com/JuliaLang/julia/pull/42102 > > > > > > > > On a related question since I see that SPDX just became an ISO > > standard. Does that mean that version 2.2.1 (and 3.0) of the > > specification will not be available for free at spdx.dev? Will the > > spdx-spec repository on Github remain available so that open source > > developers can access the current specification? If all developers > > had to pay $200, that would be a significant barrier to adoption in > > the OSS world. > > > > > > > > Thank you in advance for any feedback provided. > > > > > > > > Simon Avery > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4178): https://lists.spdx.org/g/Spdx-tech/message/4178 Mute This Topic: https://lists.spdx.org/mt/85494212/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
