Specification Version 2.2
Total Page:16
File Type:pdf, Size:1020Kb
Software Package Data Exchange (SPDX®) Specification Version 2.2 SPDX Specification – Version 2.2 Table of Contents The Software Package Data Exchange (SPDX®) Specification Version 2.2 ................................... 7 1 Rationale ............................................................................................................................................................... 8 1.1 Charter .......................................................................................................................................................... 8 1.2 Definition ...................................................................................................................................................... 8 1.3 Why is a common format for data exchange needed? ................................................................ 8 1.4 What does this specification cover?................................................................................................... 8 1.5 What is not covered in the specification? ........................................................................................ 9 1.6 What does “Package” mean in the context of SPDX? ................................................................ 10 1.7 Format Requirements .......................................................................................................................... 10 1.8 Conformance ............................................................................................................................................ 11 1.9 Differences from SPDX Specification 2.1 ...................................................................................... 11 2 Document Creation Information .............................................................................................................. 13 2.1 SPDX Version ........................................................................................................................................... 13 2.2 Data License ............................................................................................................................................. 14 2.3 SPDX Identifier ........................................................................................................................................ 14 2.4 Document Name ..................................................................................................................................... 15 2.5 SPDX Document Namespace .............................................................................................................. 16 2.6 External Document References ........................................................................................................ 17 2.7 License List Version .............................................................................................................................. 18 2.8 Creator ....................................................................................................................................................... 19 2.9 Created ....................................................................................................................................................... 20 2.10 Creator Comment ................................................................................................................................ 20 2.11 Document Comment........................................................................................................................... 21 3 Package Information ..................................................................................................................................... 23 3.1 Package Name ......................................................................................................................................... 23 3.2 Package SPDX Identifier ...................................................................................................................... 24 3.3 Package Version ..................................................................................................................................... 25 3.4 Package File Name ................................................................................................................................. 25 3.5 Package Supplier .................................................................................................................................... 26 3.6 Package Originator ................................................................................................................................ 27 3.7 Package Download Location .............................................................................................................. 28 Copyright 2010-2020 Linux Foundation and its Contributors. Licensed under CC-BY-3.0. 2 SPDX Specification – Version 2.2 3.8 Files Analyzed.......................................................................................................................................... 32 3.9 Package Verification Code .................................................................................................................. 34 3.10 Package Checksum .............................................................................................................................. 35 3.11 Package Home Page ............................................................................................................................ 36 3.12 Source Information ............................................................................................................................. 37 3.13 Concluded License .............................................................................................................................. 38 3.14 All Licenses Information from Files ............................................................................................. 39 3.15 Declared License .................................................................................................................................. 40 3.16 Comments on License ........................................................................................................................ 42 3.17 Copyright Text ...................................................................................................................................... 42 3.18 Package Summary Description ...................................................................................................... 43 3.19 Package Detailed Description ......................................................................................................... 44 3.20 Package Comment ............................................................................................................................... 45 3.21 External Reference .............................................................................................................................. 45 3.22 External Reference Comment ......................................................................................................... 47 3.23 Package Attribution Text .................................................................................................................. 48 4 File Information .............................................................................................................................................. 50 4.1 File Name .................................................................................................................................................. 50 4.2 File SPDX Identifier ............................................................................................................................... 51 4.3 File Type .................................................................................................................................................... 52 4.4 File Checksum ......................................................................................................................................... 53 4.5 Concluded License ................................................................................................................................. 54 4.6 License Information in File ................................................................................................................ 55 4.7 Comments on License .......................................................................................................................... 56 4.8 Copyright Text ......................................................................................................................................... 57 4.9 Artifact of Project Name (deprecated) .......................................................................................... 58 4.10 Artifact of Project Homepage (deprecated) .............................................................................. 59 4.11 Artifact of Project Uniform Resource Identifier (deprecated) ........................................... 59 4.12 File Comment ........................................................................................................................................ 60 4.13 File Notice ............................................................................................................................................... 60 4.14 File Contributor .................................................................................................................................... 61 4.15 File Attribution