[rb-general] SPDX in .BUILDINFO?
Holger Levsen
holger at layer-acht.org
Thu Feb 15 21:06:43 CET 2018
Hi Kate,
On Thu, Feb 15, 2018 at 02:03:16PM -0600, Kate Stewart wrote:
> What Santiago and I were trying to figure out is what information about
> a package build (from the .BUILDINFOs) we could look at adding in to
> the SPDX specification for packages.
thanks for providing this summary!
> What's in SPDX documents today is not sufficient, but we can expand the
> definition
> by adding optional fields, so that those who want to capture this
> information can store
> it with other key licensing, copyright, and security information about the
> package.
> This will help with supporting the complete and corresponding source proof
> for
> certain licenses and be distro agnostic. Does this seem like a
> reasonable goal
> to aim for?
I think it depends a lot whether key licensing and copyright are
optional or not. Because if they are not, things become more work.
(Looking at this from the r-b POV.)
--
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20180215/fe98cab2/attachment.sig>
More information about the rb-general
mailing list