Hi Michel
I think the "Official Common Platform Enumeration (CPE) Dictionary"
http://nvd.nist.gov/cpe.cfm is a good starting point for this topic.
another source to consider is ISO/IEC 19770
all the best!
-roger
;-r
Quoting "RUFFIN, MICHEL (MICHEL)" <[email protected]>:
Dear all we are facing a very difficult issue: How to identify
uniquely Software.
In Alcatel-Lucent (ALU) we would like to link all our databases on
SW (FOSS SW, proprietary SW, FOSS SW coming in proprietary
solutions, FOSS coming from outsourcing contracts, ...) The goal is
to automate a lot of things: royalty tracking, producing
documentations on FOSS respecting the license obligations
automatically, knowing which ALU product is using what SW,
automatically connecting with tools such as Blackduck protex or
Palamida or any others of their competitors,
....................................................
The major issue is SW unique identification: Today we have the following:
- Maven naming system: but it is limited to java open source libraries
- ALU internal system (but so far limited mostly to commercial
SW but we are extending to FOSS but not perfect) and we have to
interact with suppliers and customers on this identification
- Blackduck internal unique identification (One millions FOSS
but do not cope with proprietary SW and we do not want to be
dependent of a company)
- SPDX Check sums for binaries (but do not provide the same
checksum with .zip and .gpz)
- SPDX Check sums on source codes but does not work if ALU is
doing a small modification to the comments in the file
I know that SPDX is not perhaps the best place to discuss this
issue, but I would like to engage a discussion on this topic
So my question here is: do you have similar concerns in your
companies, and what can we do to solve this issue (should we create
a group on this?)
Michel
[email protected], PhD
Software Coordination Manager, N&P IS/IT
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France
_______________________________________________
Spdx mailing list
[email protected]
https://lists.spdx.org/mailman/listinfo/spdx
