On Mon, 6 Jun 2011 14:37:18 -0500, Zach Pfeffer zach.pfeffer@linaro.org wrote:
The spec says:
4.6Source Information 4.6.1Purpose: This is a free form text field that contains additional comments about the origin of the package. For instance, this field might include comments indicating whether the package been pulled from a source code management system or has been repackaged. 4.6.2Intent: Here, by providing a freeform field, reviewers can provide any additional information to describe any anomalies, or discoveries, in the determination of the origin of the package. 4.6.3Cardinality: Optional, one 4.6.4Data Format: single line of free form text 4.6.5Tag: SourceInfo Example: SourceInfo: uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.
So it looks like we'd have to define our own microformat here (though it's going to be consumed by humans at least to start with, so consistency doesn't really matter at this stage)
What's listed here seems fairly tricky to produce automatically.
What part do you think would be tricky?
It depends when we are generating this file, but the format of what you specify seems a little clever for humans.
If the content is freeform then we can obviously choose something that is easy to generate.
FileName: file1 FileName: file2 FileName: file3 FileChecksum: SHA1: calculated
This is all the files in the source?
Yeah.
I guess the cost of that in a kernel build is pretty small.
You only list one FileChecksum here. Can that line follow every FileName line?
LicenseConcluded: GPL-2.0
From the spec:
The licensing that the preparer of this SPDX document has concluded, based on the evidence, actual applies to the package.
I think this is where the lawyer would say, this is the license.
Yeah. Again my question is source or binary?
I presume this can be an AND/OR list again?
LicenseInfoFromFiles: GPL-2.0
This is a field that has all the license found in the package.
Just a dumping ground of every license found?
My overally impression is that this is rather a large additional overhead to just be able to say
the kernel was built from 0A2E345 of git://git.linaro.org/jcrigby/linux-linaro-natty.git
which is the main thrust of kiko's request as I understand it.
Debian packages already contain licensing info (they also have a proposed standard to make that info machine readable.) Is it worth Linaro's time to try and move everything to one of these new formats at this stage?
Thanks,
James