search

spdx / spdx-spec

The SPDX specification in MarkDown and HTML formats.
https://spdx.github.io/spdx-spec/
Other
288 stars 140 forks source link

"Code Rule applied" tag for Functional Safety #465

Open yoshi-i opened 4 years ago

yoshi-i commented 4 years ago

There is an proposal for SPDX 3.0 from AGL Instrumental Cluster Expert Group to describe Functional Safety related information.

Motivation: It's required to hand over "out of source tree" information to apply Functional Safety assessment on supply chain.

For example, whether are there any "Coding Rule Set or any Style Guide Line" on the OSS community, or not.

I propose initial one Tag for SPDX 3.0 as on some additional profile such as "Creation Profile" or any other out of source tree information stored in.

CodeRuleApplied: URL; or CodeRuleApplied: \<text>...\</text>

zvr commented 4 years ago

For those of us who have no idea about the underlying principles, can you provide more information explaining this?

What is "Code Rule"? What does it mean to be "applied"? Who determines/verifies this? etc. etc.

kestewart commented 2 years ago

There is a group looking at extensions for functional safety as a 3.0+ profile now. Marking this for their consideration.

goneall commented 6 months ago

Functional safety is being added to 3.1 - moving to the 3.1 milestone