SPDX Implementers Team Meeting - 17th May 2022 #161
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Rose Judge <rjudge@vmware.com>
| * Rose: Perhaps we write a blog post and link to the appendix in the spec so people googling for the answer can find it as well as those familiar with the spec. | ||
| * Gary: Should also add to the spdx examples repo. Having examples is more powerful for tooling implementers. | ||
| * Rose volunteers to write the minimum elements example and have Gary review it. Will plan to add it to the [examples repo](https://github.com/spdx/spdx-examples). | ||
|
|
There was a problem hiding this comment.
I think these are great ideas - very helpful materials for developers.
|
|
||
| ### Upcoming 2.3 SPDX release | ||
| * Is everyone ready for this? | ||
| * Gary: As soon as draft spec is out, would recommend trying to make changes so we can give feedback to spec team before the final draft. |
There was a problem hiding this comment.
REA will be ready to generate a Tag Value version of V 2.3 by June 1. REA will also be able to ingest V 2.3 Tag Value and JSON formatted files as well.
Also interested in testing the new ExternalRef SECURITY advisory url download, along with the NTIA minimum elements.
| * Some required license fields are [changing to optional](https://github.com/spdx/spdx-spec/pull/635) | ||
| * Marc-Etienne: It would be nice to be able to choose which SPDX version to generate in the tools (i.e. 2.2 or 2.3) as some people might want to stay with ISO SPDX. | ||
| * Which tools can ingest more than one version of SPDX? | ||
| * The spdx java tools can; unsure about the go or python libraries |
There was a problem hiding this comment.
REA's SAG-PM currently supports V 2.2.1. V 2.3 support will be added, so both 2.2.1 and 2.3 will be supported.
| * Let's start getting this populated. Open a PR in the repo if you want to add tools | ||
| * There's a lot of SPDX formats. From a tool provider this is great but if you are trying to write a document to understand all of them it can be a lot of work. What are people's opinion? | ||
| * JSON LD (Linked Data) is the leading format (slightly different than pure JSON) | ||
| * LD is an RDF serialization format |
There was a problem hiding this comment.
@rjb4standards that is the goal! Just waiting on 2.3 before we schedule anything :)
goneall
approved these changes
May 18, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Rose Judge rjudge@vmware.com