New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make required licensing fields optional #635
Conversation
@swinslow also suggested adding a comment to the effect of
Suggestions welcome :) |
65b7087
to
4e9e294
Compare
Hi @rnjudge, overall this looks great! Thanks for the updates in the latest commit. A couple of notes from a closer review:
Thanks so much for preparing this PR! I'll take one more closer look but I think this covers the things I had seen. |
4e9e294
to
1ad0cd5
Compare
Hi @swinslow- I made the edits you suggested, please take a look when you have time. Hoping to review this at next Tuesday's tech call. |
0235fae
to
957d16e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed and I think we're good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 from me, thanks @rnjudge and sorry for the delay!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rnjudge Could you fix the merge conflict?
Currently, licensing fields like `Concluded License`, `Declared License` and `Copyright Text` are required for package elements. Given that we are working to communicate security information in SPDX 2.3, this commit proposes a change to make the fields related to [package, file, snippet] licensing optional so those who want to use SPDX to only communicate security information can do that without the bloat of NOASSERTION licensing field values. Resolves spdx#634 Signed-off-by: Rose Judge <rjudge@vmware.com>
Currently, licensing fields like
Concluded License
,Declared License
and
Copyright Text
are required for package elements. Given that weare working to communicate security information in SPDX 2.3, this commit
proposes a change to make the fields related to [package, file, snippet]
licensing optional so those who want to use SPDX to only communicate
security information can do that without the bloat of NOASSERTION
licensing field values.
This PR specifically changes the following fields to optional:
Resolves #634
Signed-off-by: Rose Judge rjudge@vmware.com