Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for SPDX spec version 3 #187

Merged
merged 3 commits into from
Dec 16, 2024
Merged

Support for SPDX spec version 3 #187

merged 3 commits into from
Dec 16, 2024

Conversation

goneall
Copy link
Member

@goneall goneall commented Nov 25, 2024

This initial commit does not add any additional formats for version three. It merely updates the libraries to the latest which supports the spec version 3 format. It pass unit tests and has been tested with the latest license list and passes.

Note that this depends on unpublished versions of the SPDX Java Library and will not pass the CI tests.

Starting off with this as a draft pull request.

@goneall
Support for SPDX spec version 3
f8292dc 
This initial commit does not add any additional formats for version
three.  It merely updates the libraries to the latest which supports the
spec version 3 format.  It pass unit tests and has been tested with the
latest license list and passes.
@goneall
Complete implementation of the spec version 3
fdead8e 
Signed-off-by: Gary O'Neall <[email protected]>
@goneall
Copy link
Member Author

goneall commented Nov 30, 2024

This pull request is complete with the exception of the license dependencies.

Attached, for review, are a few files:

@goneall
Copy link
Member Author

goneall commented Nov 30, 2024

Fixes #187

@goneall goneall mentioned this pull request Nov 30, 2024
Closed
@goneall
Copy link
Member Author

goneall commented Nov 30, 2024

There were a couple significant decisions I made during implementation that deserves review. I struggled a bit with the right approach for the single license / exception format and the creator information.

  • Each individual license and exception file is enclosed in an SPDX document. See SPDX model repo issue 932 for the reasons for this decision.
  • I used the following creation info and creator / tools - Note: the creator agent has the version of the license list appended to the URI since the membership of the legal team may change over time.
    "@id" : "_:creationInfo_0",
    "type" : "CreationInfo",
    "specVersion" : "3.0.1",
    "createdBy" : [ "https://spdx.org/licenses/creatoragent/3_12" ],
    "createdUsing" : [ "https://spdx.org/tools/licenselistpublisher" ],
    "created" : "2021-03-07T00:00:00Z",
    "comment" : "This object is created and maintained by the SPDX legal team (https://spdx.dev/engage/participate/legal-team/) using the LicenseListPublisher (https://github.com/spdx/licenselistpublisher)"
  },  {
    "spdxId" : "https://spdx.org/tools/licenselistpublisher",
    "type" : "Tool",
    "name" : "SPDX License List Publisher",
    "creationInfo" : "_:creationInfo_0"
  }, {
    "spdxId" : "https://spdx.org/licenses/creatoragent/3_12",
    "type" : "Organization",
    "name" : "SPDX Legal Team",
    "creationInfo" : "_:creationInfo_0"
  }, ...

@goneall goneall merged commit df14308 into master Dec 16, 2024
1 check passed
@goneall goneall deleted the v3 branch December 16, 2024 23:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@goneall