Open goneall opened 4 months ago
goneall
commented
4 months ago Suggested property names:
licenseListVersion for the SPDX 2.X compatible form (since any change may break existing tools)licenseListFullVersion for the SPDX 3.0 compatible form@zvr @swinslow - thoughts?
swinslow
commented
4 months ago @goneall That works for me. Agree with keeping 2.x-compatible version (X.Y) with the current name so as not to break existing tooling.
For the 3.0 version (X.Y.Z), I'm fine with licenseListFullVersion. The only other thought that comes to mind could be licenseListSemanticVersion since that's my understanding of the reason we went with X.Y.Z. I'm +1 to either of those options with no particular preference for either.
In practice, I don't expect we will regularly if ever issue a release of the license list that isn't X.Y.0. (Unless you tell me that we'll need to issue 3.24.1 to fix this current issue...) :)
zvr
commented
4 months ago +! for licenseListSemanticVersion
Steve, during the tech call I said that I don't know of any updated release process for the license list, but I assume that, if the list changes (new licenses are added) this will be at least a minor update (changing the Y part in X.Y.Z).
Conversely, I can think of a patch update (going to x.y.1 and beyond) only for minor tweaks like metadata of licenses, or update of XML expressions. Although I doubt anything would be so urgent that would necessitate a patch update and not waiting till the next minor one.
On the 28 May 2024 tech call, we discussed an issue where the SPDX 2.X documents created with the latest license list is failing validation due to the addition of the patch version (which is required for SPDX 3.0 validation).
To solve this, it was suggested we have 2 different SPDX version properties - one that is compatible with SPDX 2.X and one that is compatible with SPDX 3.
This could be generated automatically in the license list publisher by stripping off the patch version for the compatible version.