2.7 broaden intent of SPDX
iamwillbar opened this issue · comments
In 2.7 SPDX is cast as being specifically for sharing license and copyright information, however, we are actively ensuring that SPDX is suitable for broader software bill of material uses. See this PR which is being incorporated in the SPDX 2.2 specification: spdx/spdx-spec#150.
To align with this I would suggest changing:
for exchanging license and copyright information for a given software package
To:
for exchanging bill of materials for a given software package, including associated license and copyright information
Agree. We've adopted this new text in SPDX 2.2, and it would be good that the definition in open chain reflected the agreed on update.
Makes sense.
The SPDX definition was updated to include reference to bill of materials. It now reads:
"the format standard created by the Linux Foundation’s SPDX (Software Package Data Exchange) Working Group for exchanging bill of materials for a given software package, including associated license and copyright information (see spdx.org)"