[rb-general] SPDX in .BUILDINFO?

Kate Stewart kstewart at linuxfoundation.org
Thu Feb 15 21:03:16 CET 2018 

Hi Holger,
    What Santiago and I were trying to figure out is what information about
a package build (from the .BUILDINFOs) we could look at adding in to
the SPDX specification for packages.

   What's in SPDX documents today is not sufficient, but we can expand the
definition
by adding optional fields, so that those who want to capture this
information can store
it with other key licensing, copyright, and security information about the
package.
This will help with supporting the complete and corresponding source proof
for
certain licenses and be distro agnostic.    Does this seem like a
reasonable goal
to aim for?

Thanks, Kate




On Thu, Feb 15, 2018 at 1:48 PM, Holger Levsen <holger at layer-acht.org>
wrote:

> Hi Santiago,
>
> On Tue, Feb 06, 2018 at 01:13:26PM -0500, Santiago Torres wrote:
> > I spoke with Kate from the SPDX project (CCd, many of youmay probably
> > know her already) about the state of the SPDX[1][2] project and how it's
> > trying to aggregate information regarding the build results.
> >
> > I was thinking that SPDX could be probably used to homogenize the
> > .BUILDINFO files in a cross-distro standard. To me it feels that,
> > although probably distros package their stuff differently, there's
> > enough overlap to do a community effort on finding a common standard. Is
> > anyone up for discussion regarding this? :)
>
> while I agree in theory, I'm not so sure (how) this will work in
> practive, given we already have very different .buildinfo file formats -
> and contents. (eg as you know the archlinux .buildinfo files dont
> contain the hashes of the generated binaries...)
>
> also, from my very limited understanding of SPDX files, those aim to
> specify copyright, authors and such things, which to me seems a very
> different task to accomplish than what we aim to document with
> .buildinfo files. I'm not sure thhat merging those two goals is a good
> way of reaching them both, but maybe that's not what you are proposing.
>
>
> --
> cheers,
>         Holger
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20180215/5ee3dbe0/attachment.html>

More information about the rb-general mailing list