Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SPDX Implementers Team Meeting - 17th May 2022 #161

Merged
merged 1 commit into from Jun 1, 2022

Conversation

rnjudge
Copy link
Collaborator

@rnjudge rnjudge commented May 18, 2022

Signed-off-by: Rose Judge rjudge@vmware.com

Signed-off-by: Rose Judge <rjudge@vmware.com>
* Rose: Perhaps we write a blog post and link to the appendix in the spec so people googling for the answer can find it as well as those familiar with the spec.
* Gary: Should also add to the spdx examples repo. Having examples is more powerful for tooling implementers.
* Rose volunteers to write the minimum elements example and have Gary review it. Will plan to add it to the [examples repo](https://github.com/spdx/spdx-examples).

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these are great ideas - very helpful materials for developers.


### Upcoming 2.3 SPDX release
* Is everyone ready for this?
* Gary: As soon as draft spec is out, would recommend trying to make changes so we can give feedback to spec team before the final draft.
Copy link

@rjb4standards rjb4standards May 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

REA will be ready to generate a Tag Value version of V 2.3 by June 1. REA will also be able to ingest V 2.3 Tag Value and JSON formatted files as well.

Also interested in testing the new ExternalRef SECURITY advisory url download, along with the NTIA minimum elements.

* Some required license fields are [changing to optional](https://github.com/spdx/spdx-spec/pull/635)
* Marc-Etienne: It would be nice to be able to choose which SPDX version to generate in the tools (i.e. 2.2 or 2.3) as some people might want to stay with ISO SPDX.
* Which tools can ingest more than one version of SPDX?
* The spdx java tools can; unsure about the go or python libraries

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

REA's SAG-PM currently supports V 2.2.1. V 2.3 support will be added, so both 2.2.1 and 2.3 will be supported.

* Let's start getting this populated. Open a PR in the repo if you want to add tools
* There's a lot of SPDX formats. From a tool provider this is great but if you are trying to write a document to understand all of them it can be a lot of work. What are people's opinion?
* JSON LD (Linked Data) is the leading format (slightly different than pure JSON)
* LD is an RDF serialization format

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any chance of a V 2.3 Docfest?

Copy link
Collaborator Author

@rnjudge rnjudge Jun 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rjb4standards that is the goal! Just waiting on 2.3 before we schedule anything :)

@rnjudge rnjudge merged commit eaf997b into spdx:main Jun 1, 2022
@rnjudge rnjudge deleted the add-implementers branch Jun 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants