New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPDX Implementers Team Meeting - 17th May 2022 #161
Conversation
Signed-off-by: Rose Judge <rjudge@vmware.com>
* Rose: Perhaps we write a blog post and link to the appendix in the spec so people googling for the answer can find it as well as those familiar with the spec. | ||
* Gary: Should also add to the spdx examples repo. Having examples is more powerful for tooling implementers. | ||
* Rose volunteers to write the minimum elements example and have Gary review it. Will plan to add it to the [examples repo](https://github.com/spdx/spdx-examples). | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think these are great ideas - very helpful materials for developers.
|
||
### Upcoming 2.3 SPDX release | ||
* Is everyone ready for this? | ||
* Gary: As soon as draft spec is out, would recommend trying to make changes so we can give feedback to spec team before the final draft. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
REA will be ready to generate a Tag Value version of V 2.3 by June 1. REA will also be able to ingest V 2.3 Tag Value and JSON formatted files as well.
Also interested in testing the new ExternalRef SECURITY advisory url download, along with the NTIA minimum elements.
* Some required license fields are [changing to optional](https://github.com/spdx/spdx-spec/pull/635) | ||
* Marc-Etienne: It would be nice to be able to choose which SPDX version to generate in the tools (i.e. 2.2 or 2.3) as some people might want to stay with ISO SPDX. | ||
* Which tools can ingest more than one version of SPDX? | ||
* The spdx java tools can; unsure about the go or python libraries |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
REA's SAG-PM currently supports V 2.2.1. V 2.3 support will be added, so both 2.2.1 and 2.3 will be supported.
* Let's start getting this populated. Open a PR in the repo if you want to add tools | ||
* There's a lot of SPDX formats. From a tool provider this is great but if you are trying to write a document to understand all of them it can be a lot of work. What are people's opinion? | ||
* JSON LD (Linked Data) is the leading format (slightly different than pure JSON) | ||
* LD is an RDF serialization format |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any chance of a V 2.3 Docfest?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rjb4standards that is the goal! Just waiting on 2.3 before we schedule anything :)
Signed-off-by: Rose Judge rjudge@vmware.com