Dear Simon, > Hello everyone. First time poster here, so I hope this topic is > considered appropriate.
Indeed, it is perfectly on-topic! Welcome to the list. > My favorite open source project is Julia (https://julialang.org). > It's build process pulls in a lot of code from many other > repositories. I thought that the project would benefit from having an > SPDX document describing all these packages, streamlining the review > and approval process at organizations that want to use Julia. I used Julia a little last year; I was most impressed at its very slick REPL! Creating an SPDX document for the benefit of auditing the language release for approval is a great idea. > I've put together a pull request that adds an SPDX document to the > repository. At this point it contains only a few packages to > demonstrate what it looks like and will be filled in over time. It looks really good :) Most users of the SPDX specification are interested in generating documents automatically as part of the build process. I'm impressed at your dedication to create this manually! As for the relationships section, I'd like to offer a suggestion to do with this relationship: { "spdxElementId": "SPDXRef-zlib", "relationshipType": "DISTRIBUTION_ARTIFACT", "relatedSpdxElement": "SPDXRef-JuliaMain" }, zlib probably ought to be DEPENDENCY_OF JuliaMain - I believe the DISTRIBUTION_ARTIFACT relationship is intended more for license compliance reasons, for instance to describe the source code package that a distributor is obliged to provide to end users, as in 'copyleft' licenses. > On a related question since I see that SPDX just became an ISO > standard. Does that mean that version 2.2.1 (and 3.0) of the > specification will not be available for free at spdx.dev? Will the > spdx-spec repository on Github remain available so that open source > developers can access the current specification? If all developers > had to pay $200, that would be a significant barrier to adoption in > the OSS world. Don't worry, the SPDX specification will always be available for free! We don't yet know whether ISO will publish their version for free in ISO's 'Publicly Available Standards' section, but we're currently bringing the GitHub version up-to-date with ISO's so that people can download it from there. In any case, the two versions are completely compatible and differ only in the explanatory prose right now. 3.0 will certainly be available for free as well when it is published - it's very much work-in-progress at the moment, so please feel free to join our weekly Tech Team calls if you'd like to be a part of its development. I look forward to hearing how the project comes along, and I wish you the best of luck with this exciting endeavour! :) Best wishes, Sebastian -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4188): https://lists.spdx.org/g/Spdx-tech/message/4188 Mute This Topic: https://lists.spdx.org/mt/85494212/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
