Open maxhbr opened 12 months ago
ping @mxmehl and @silverhook
stay with the current set of properties from 2.3 and do not change --> a mapping needs to be maintained and not all features from 3.0 are available
I like this approach. We would need to clearly document the mapping and compatibility. Perhaps even move this to a completely separate spec.
I’d be most in favour of either:
stay with the current set of properties from 2.3 and do not change --> a mapping needs to be maintained and not all features from 3.0 are available
or
instead of SPDX- use SPDX3- as prefix to not clash --> makes currently used tags invalid and would imply a migration?
But would need to understand how the mapping thing would work in practice. I’m a tiny bit wary of introducing yet another spec just to keep things afloat.
I personally believe that the information on how to denote SPDX information in files has to get a major overhaul -- and with @mxmehl and @silverhook we have discussed a number of changes. For example specifying how to add this information not only inside files but alongside files (useful for non-text files).
Just to give more concrete info on the current state: we have good ol' SPDX-License-Identifier:
(Annex E) which we can all agree will not change.
Annex H also allows people to use inside files (in alphabetical order):
File | Snippet |
---|---|
1. SPDX-ArtifactOfProjectHomePage: |
17. SPDX-SnippetBegin |
2. SPDX-ArtifactOfProjectName: |
18. SPDX-SnippetEnd |
3. SPDX-ArtifactOfProjectURI: |
|
4. SPDX-FileAttributionText: |
|
5. SPDX-FileChecksum: |
19. SPDX-LicenseInfoInSnippet: |
6. SPDX-FileComment: |
20. SPDX-SnippetAttributionText: |
7. SPDX-FileContributor: |
21. SPDX-SnippetByteRange: |
8. SPDX-FileCopyrightText: |
22. SPDX-SnippetComment: |
9. SPDX-FileDependency: |
23. SPDX-SnippetCopyrightText: |
10. SPDX-FileName: |
24. SPDX-SnippetFromFileSPDXID: |
11. SPDX-FileNotice: |
25. SPDX-SnippetLicenseComments: |
12. SPDX-FileType: |
26. SPDX-SnippetLicenseConcluded: |
13. SPDX-LicenseComments: |
27. SPDX-SnippetLineRange: |
14. SPDX-LicenseConcluded: |
28. SPDX-SnippetName: |
15. SPDX-LicenseInfoInFile: |
29. SPDX-SnippetSPDXID: |
16. SPDX-SPDXID: |
I'm not even sure that all 29 of them are useful, so we might as well be explicit to what is allowed instead of a blanket "use anything by prepending SPDX-
".
I think REUSE till now only mentions SPDX-FileCopyrightText
(no. 8) above so we can definitely keep this one.
I'm not even sure that all 29 of them are useful, so we might as well be explicit to what is allowed instead of a blanket "use anything by prepending SPDX-".
Suggest aligning with the fields mentioned in Annex G SPDX Lite Fields.
@goneall none of the SPDX Lite fields are about Files or Snippets, so they cannot appear inside files.
none of the SPDX Lite fields are about Files or Snippets, so they cannot appear inside files.
Two thoughts:
I’d be most in favour of either:
stay with the current set of properties from 2.3 and do not change --> a mapping needs to be maintained and not all features from 3.0 are available
or
instead of SPDX- use SPDX3- as prefix to not clash --> makes currently used tags invalid and would imply a migration?
But would need to understand how the mapping thing would work in practice. I’m a tiny bit wary of introducing yet another spec just to keep things afloat.
+1 to everything @silverhook said above.
I think REUSE till now only mentions SPDX-FileCopyrightText (no. 8) above so we can definitely keep this one.
IIRC, we use the following tags:
SPDX-License-Identifier
SPDX-FileCopyrightText
SPDX-FileContributor
(via reuse annotate --contributor
, will be in 2.x)SPDX-SnippetBegin
SPDX-SnippetEnd
SPDX-SnippetCopyrightText
The Annex H currently defines File tags by referencing the tag value format (as it is defined in 2.3). From that there arise multiple questions regarding the migration to and support in 3.0.
Problem 1: breaking changes in property names and the general structure
As this for 2.3 allows to use arbitrary properties from the file information, which might be renamed and restructured, it is not clear how to parse and support comments in existing files.
There are some options that come to mind:
SPDX-
useSPDX3-
as prefix to not clash --> makes currently used tags invalid and would imply a migration?Some Properties got moved
The license and copyright information was previously part of the file properties, but is expected to be expressed via relationships. This makes it more complex.
Problem 2: there is not yet a tag-value serialization
The current state of the model does not yet define a serialization, which could be used for defining the same concept on the level of SPDX3.