Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposed language to broaden Package semantics to accommodate classification concept in V 2.3 re: Issue 621 #628

Closed
rjb4standards opened this issue Feb 21, 2022 · 4 comments
Closed

Proposed language to broaden Package semantics to accommodate classification concept in V 2.3 re: Issue 621 #628

rjb4standards opened this issue Feb 21, 2022 · 4 comments
Milestone
2.3

Comments

@rjb4standards
Copy link

5.2.2 Package information section

In SPDX information is used to describe packages, representing the versioned components of an object that are part of a software distribution. Packages are an abstract concept that can be used to describe any object within a software distribution.

A Package describes any unit of content that can be associated with a distribution of software. Typically, a Package is composed of one or more files. An SPDX document should provide details about the individual files comprising a software distribution, using a Package object to represent each versioned object within a distribution. Each package is identified with a classification type to aid with processing of the object described by a package element. Packages are used for objects that contain versioning information, where File is used to represent objects without versioning information, i.e. underconstruction.html.

Any of the following non-limiting examples may be (but are not required to be) represented in SPDX as a Package:

a tarball, zip file or other archive
a directory or sub-directory
a separately distributed piece of software which another Package or File uses or depends upon (e.g., a Python package, a Go module, ...)
a container image, and/or each image layer within a container image
a collection of one or more sub-packages
a Git repository snapshot from a particular point in time
a open-source library, i.e. OpenSSL
a javascript file
a customer script file
a index,html file
a LICENSE file
a CHANGE log 
a properties file
. . .
@rjb4standards rjb4standards changed the title Proposed language to broaden Package semantics to accommodate classification concept Proposed language to broaden Package semantics to accommodate classification concept in V 2.3 Feb 21, 2022
@rjb4standards rjb4standards changed the title Proposed language to broaden Package semantics to accommodate classification concept in V 2.3 Proposed language to broaden Package semantics to accommodate classification concept in V 2.3 re: Issue 621 Feb 21, 2022
@rjb4standards rjb4standards mentioned this issue Feb 25, 2022
Open
@kestewart
Copy link
Contributor

Being addressed in #622

@kestewart kestewart added this to the 2.3 milestone Mar 15, 2022
@kestewart
Copy link
Contributor

@rjb4standards to coordinate with Rose, to see if this can be closed.

@rjb4standards
Copy link
Author

@rnjudge Rose please let me know when you have a few minutes to discuss coordination of the PackagePurpose element changes and the relationship to the proposed language in 5.2.2. Thanks.

@rjb4standards rjb4standards mentioned this issue Apr 27, 2022
Merged
@kestewart
Copy link
Contributor

Reviewed with Dick on call, ok to close. Note, it's also handled with updated the package alignment PR #669.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.3
Development

No branches or pull requests
2 participants
@rjb4standards @kestewart