[PATCH] updated / [GIT PULL REQUEST]: SPDX experimental generation target
Ian Wienand
ianw at vmware.com
Tue Sep 25 19:10:11 UTC 2012
On 09/21/2012 10:23 AM, Bradley M. Kuhn wrote:
> * My overarching concern is that having this accepted upstream would
> cause those finding the "spdx" target in the Makefile to think that
> meant the output they got was an SPDX file vetted by the BusyBox
> project and/or Conservancy (BusyBox's non-profit home).
> My suggested solution is to call the Makefile target
> "spdx-experimental" (I'm open to something else, as long as it is
> abundantly clear that it's not official yet). One of my patches
> attached that does this.
Top level build targets are the type of thing that become ingrained --
I don't feel they should be transient.
I agree with your point that the generated file has caveats that
should be carefully considered. I think it would be better to use the
generic "spdx" target, but add a explanatory comment in a
"DocumentComment:" field about any current limitations that should be
understood when parsing/using the file (DocumentComment is defined as
"comments to consumers [of the file]" so this seems like the right
place).
> * I think it's not fitting with SPDX's spec definition of "Concluded
> License" for an automated script to add "Concluded" fields without
> human intervention. I have a patch attached that deals with that by
> not making conclusions the default, but leaves it as an option (i.e.,
> to save typing if someone is making such conclusions).
That seems fair. I would prefer not have an option as
LicenseConcluded is a mandatory field per the spec and thus without
the tag the output becomes invalid SPDX.
Rather it seems that the ConcludedLicense: tag should be modified to
to NOASSERTION. This way, the output is always a valid SPDX file that
can be tag->rdf converted.
I've attached an intermediate diff. Bradley; per your previous mail I
believe you would be in the best position to write a description of
the limitations of the output file. If you agree, I can consolidate
something you provide into a combined change-set.
(p.s. can you post patches inline, makes them easier to reply too :)
Thanks
-i
scripts/COPYRIGHT.spdx.template | 4 +++-
scripts/create-spdx | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/scripts/COPYRIGHT.spdx.template b/scripts/COPYRIGHT.spdx.template
index f36a1f7..cde6ee9 100644
--- a/scripts/COPYRIGHT.spdx.template
+++ b/scripts/COPYRIGHT.spdx.template
@@ -1,6 +1,8 @@
SPDXVersion: SPDX-1.1
DataLicense: CC0-1.0
+DocumentComment:<text>A note about the limitations of this file</text>
+
##
## Busybox SPDX Copyright Info
##
@@ -23,4 +25,4 @@ Licensed under GPLv2. See source distribution for detailed copyright notices</te
PackageLicenseDeclared: GPL-2.0
PackageLicenseConcluded: GPL-2.0
-PackageLicenseInfoFromFiles: GPL-2.0
+PackageLicenseInfoFromFiles: NOASSERTION
diff --git a/scripts/create-spdx b/scripts/create-spdx
index ffa6a97..629b53f 100755
--- a/scripts/create-spdx
+++ b/scripts/create-spdx
@@ -66,7 +66,7 @@ do
echo "FileName: ${f#$SRC_DIR}" >> "${DEST_FILE}"
echo "FileType: SOURCE" >> "${DEST_FILE}"
echo "FileChecksum: SHA1: ${chksum}" >> "${DEST_FILE}"
- echo "LicenseConcluded: GPL-2.0" >> "${DEST_FILE}"
+ echo "LicenseConcluded: NOASSERTION" >> "${DEST_FILE}"
echo "LicenseInfoInFile: NOASSERTION" >> "${DEST_FILE}"
if [ -n "${copyright}" ]; then
echo "FileCopyrightText: <text>${copyright}</text>" >> "${DEST_FILE}"
--
1.7.4.1
More information about the busybox
mailing list