Re: [media-types] Community review for proposed 'spdx' media type
Henrik Andersson <henke@henke37.cjb.net> Sat, 04 April 2020 18:55 UTC
Return-Path: <henke@henke37.cjb.net>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 586E63A090F for <media-types@ietfa.amsl.com>; Sat, 4 Apr 2020 11:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.622
X-Spam-Level:
X-Spam-Status: No, score=-1.622 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.276, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G-jPoOWLigQ4 for <media-types@ietfa.amsl.com>; Sat, 4 Apr 2020 11:55:18 -0700 (PDT)
Received: from pechora2.lax.icann.org (pechora2.icann.org [192.0.33.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C14C83A090E for <media-types@ietf.org>; Sat, 4 Apr 2020 11:55:18 -0700 (PDT)
Received: from v-smtpout1.han.skanova.net (v-smtpout1.han.skanova.net [81.236.60.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pechora2.lax.icann.org (Postfix) with ESMTPS id 25DA51E076A for <ietf-types@iana.org>; Sat, 4 Apr 2020 18:55:17 +0000 (UTC)
Received: from [192.168.8.101] ([37.250.166.15]) by cmsmtp with ESMTPA id KnwTjpxqzw0i3KnwUjD9Ca; Sat, 04 Apr 2020 20:54:55 +0200
To: Rose Judge <rjudge=40vmware.com@dmarc.ietf.org>, "ietf-types@iana.org" <ietf-types@iana.org>
References: <4045F0DF-DD97-42A1-9857-C64566E84842@vmware.com>
From: Henrik Andersson <henke@henke37.cjb.net>
Openpgp: preference=signencrypt
Message-ID: <bb7f8088-1b9c-7323-a3a5-969679616938@henke37.cjb.net>
Date: Sat, 04 Apr 2020 20:54:52 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
MIME-Version: 1.0
In-Reply-To: <4045F0DF-DD97-42A1-9857-C64566E84842@vmware.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfM2k4oDjw+Abir6hUxLoy6xdKvHYlmp1wfoQRvPZ5aQI0FacWIz7KXHn66jao0hQf9kt+5zIvOzzHZIUh7PmY2vmuO/Y9sIG7RJlVpRwpJ1WoAXI5har PZ4l2EgYINVAJKfDdimdX2QdUjjP13VEjd3959kDomJoZXofwOv0AqCaS5ih3tHWKJIPESEiv2y8NmalnXpAzTAaLpfTjulldsCHbF2MuOUSqVTv2tutRUxk
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/Gq_xLX91mEzuGPwntYG3nGaLsX0>
X-Mailman-Approved-At: Sun, 05 Apr 2020 07:35:06 -0700
Subject: Re: [media-types] Community review for proposed 'spdx' media type
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2020 18:55:21 -0000
Rose Judge wrote: > > Hello, > > > > Please see below for application of proposed new media type: > > > > > > Name: Rose Judge > > Email: rjudge@vmware.com <mailto:rjudge@vmware.com> > > > > Media type name: text > > Media subtype name: spdx > > > > Required parameters: > > Based on 2.2 spec the following fields and tags are mandatory in the > specification document. > > > > Document Creation Information Tags: > > SPDXVersion, DataLicense, SPDXID, DocumentName, DocumentNamespace, > Creator, Created > > > > Package Information Tags: > > PackageName, SPDXID, PackageDownloadLocation, FileName, > PackageVerificationCode**, PackageLicenseConcluded, > PackageLicenseInfoFromFiles**, PackageLicenseDeclared, > PackageCopyrightText, > > > > File Information Tags: > > FileName, SPDXID, FileChecksum, LicenseConcluded, LicenseInfoInFile, > FileCopyrightText, > > > > Snippet Information Tags: > > SPDXRef, DocumentRef, SnippetByteRange, SnippetLicenseConcluded, > SnippetCopyrightText, > > > > Annotation Information Tags: > > Annotator > > > > > > ** Mandatory, one or many if FilesAnalyzed is true or omitted, zero > (must be omitted) if FilesAnalyzed is false. > > > > > > Optional parameters: > > Based on 2.2 spec the following fields and tags are optional in the > specification document. > > > > Optional Document Creation Information Tags: > > ExternalDocumentRef, LicenseListVersion, CreatorComment, DocumentComment > > > > Optional Package Information Tags: > > PackageVersion, PackageFileName, PackageSupplier, PackageOriginator, > FilesAnalyzed, PackageChecksum, PackageHomePage, PackageSourceInfo, > PackageLicenseComments, PackageSummary, PackageDescription, > PackageComment, ExternalRef, ExternalRefComment (conditional for each > ExternalRef) > > > > Optional File Information Tags: > > FileType, LicenseComments, ArtifactOfProjectName, > ArtifactOfProjectHomePage, ArtifactOfProjectURI, FileComment, > FileNotice, FileContributor > > > > Optional Snippet Information Tags: > > SnippetLineRange, LicenseInfoInSnippet, SnippetLicenseComments, > SnippetComment, SnippetName > > > > Optional Other Licensing Information Detected Tags: > > LicenseComment, LicenseID [Conditional (mandatory, one) if license is > not on SPDX License List], ExtractedText [Conditional (Mandatory, one) > if there is a License Identifier assigned.], LicenseName [Conditional > (mandatory, one) if license is not on SPDX License List.], > LicenseCrossReference [Conditional (optional, one or more) if license > is not on SPDX License List.] > > > > Optional Relationships between SPDX Elements: > > Relationship, RelationshipComment > > > > Optional Annotation Information Tags: > > Annotator [Conditional (Mandatory, one), if there is an Annotation], > AnnotationDate [Conditional (Mandatory, one), if there is an > Annotation], AnnotationType [Conditional (Mandatory, one), if there is > an Annotation], SPDXREF [Conditional (Mandatory, one), if there is an > Annotation], AnnotationComment [Conditional (Mandatory, one), if there > is an Annotation] > > > > > > Encoding considerations: 8bit > > The spdx media type must support UTF-8 encoding. > > > > Security considerations: > > The ExternalRef tag provides linkage to the NVD via CPE. Data can be > stored in spdx files that may contain printf-style format characters > that could cause a program to display unintended information. > > > > Interoperability considerations: > > The spdx media type can be distributed free of external systems or > processors and is represented in a human-readable format. There are > also internet text-processing applications that may consume these > documents. > > > > Published specification: > > Current versions of the specification is available at > https://spdx.github.io/spdx-spec/. Historical versions can be found at > https://spdx.org/specifications. > > > > Applications which use this media: > > Exchange of Metadata for software. > > > > Fragment identifier considerations: > > N/A > > > > Restrictions on usage: > > spdx media types should only be associated with validated SPDX > documents that follow the SPDX specification. > > > > Provisional registration? (standards tree only): > > N/A > > > > Additional information: > > > > 1. Deprecated alias names for this type: N/A > > 2. Magic number(s): N/A > > 3. File extension(s): .spdx > > 4. Macintosh file type code: N/A > > 5. Object Identifiers: N/A > > > > General Comments: > > Software Package Data Exchange® (SPDX®) is an open standard for > communicating software bill of material information (including > components, licenses, copyrights, and security references). > > > > Person to contact for further information: > > > > 1. Name: Rose Judge > > 2. Email: rjudge@vmware.com <mailto:rjudge@vmware.com> > > > > Intended usage: Common > > Intended to be used to enable companies and organizations to share > human-readable and machine-processable software package metadata to > facilitate software supply chain processes. An SPDX media type will be > associated with a particular software package or set of packages and > will contain information about it in the SPDX format. > > > > Author/Change controller: kstewart@linuxfoundation.org > <mailto:kstewart@linuxfoundation.org> > > > > > > > > > > _______________________________________________ > media-types mailing list > media-types@ietf.org > https://www.ietf.org/mailman/listinfo/media-types You seem to have misunderstood the purpose of required and optional parameters. They are not about the contents of the file. They are parameters attached to the media type designation as the file is transferred, stored and processed.
- [media-types] Community review for proposed 'spdx… Rose Judge
- Re: [media-types] Community review for proposed '… Henrik Andersson
- Re: [media-types] Community review for proposed '… Rose Judge