[rb-general] SPDX in .BUILDINFO?

Holger Levsen holger at layer-acht.org
Thu Feb 15 21:06:43 CET 2018

Hi Kate,

On Thu, Feb 15, 2018 at 02:03:16PM -0600, Kate Stewart wrote:
>     What Santiago and I were trying to figure out is what information about
> a package build (from the .BUILDINFOs) we could look at adding in to
> the SPDX specification for packages.

thanks for providing this summary!

>    What's in SPDX documents today is not sufficient, but we can expand the
> definition
> by adding optional fields, so that those who want to capture this
> information can store
> it with other key licensing, copyright, and security information about the
> package.
> This will help with supporting the complete and corresponding source proof
> for
> certain licenses and be distro agnostic.    Does this seem like a
> reasonable goal
> to aim for?

I think it depends a lot whether key licensing and copyright are
optional or not. Because if they are not, things become more work.
(Looking at this from the r-b POV.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20180215/fe98cab2/attachment.sig>

More information about the rb-general mailing list