[rb-general] SPDX in .BUILDINFO?
holger at layer-acht.org
Thu Feb 15 21:06:43 CET 2018
On Thu, Feb 15, 2018 at 02:03:16PM -0600, Kate Stewart wrote:
> What Santiago and I were trying to figure out is what information about
> a package build (from the .BUILDINFOs) we could look at adding in to
> the SPDX specification for packages.
thanks for providing this summary!
> What's in SPDX documents today is not sufficient, but we can expand the
> by adding optional fields, so that those who want to capture this
> information can store
> it with other key licensing, copyright, and security information about the
> This will help with supporting the complete and corresponding source proof
> certain licenses and be distro agnostic. Does this seem like a
> reasonable goal
> to aim for?
I think it depends a lot whether key licensing and copyright are
optional or not. Because if they are not, things become more work.
(Looking at this from the r-b POV.)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the rb-general