ExtractedLicensingInfo
was defined in the subject SpdxDocument
.SdpxDocument
represents the results of a contents, provenance, ownership and licensing analysis of exactly one software package. This is, effectively, the top level of SPDX information.This specification describes the SPDX language, defined as a dictionary of named properties and classes using W3C's RDF Technology.
SPDX is a designed to allow the exchange of data about software packages. This information includes general information about the package, licensing information about the package as a whole, a manifest of files contained in the package and licensing information related to the contained files.
ExtractedLicensingInfo
represents a license or licensing notice that was found in the package. Any license text that is recognized as a license may be represented as a License
rather than a ExtractedLicensingInfo
.PackageVerificationCode
is a value that allows authentication of the package. This differs from the Checksum
in that it uses an algorithm that allows the the SPDX file to be embedded in the pacakge. This digest is produced using a cryptographic hash algorithm applied to a manifest of the package. Some files in the package (ie, the SPDX files) are explicitly excluded from the digest. This allows those files to not impact the verification code.review
property relates a SpdxDocument
to the review history.Review
represents a signoff by an individual on the information in an SpdxDocument
.Package
represents a piece software that is delivered as a single unit.spdx:filetype_archive
is preferred for archive files even though they are binary.SPDX-1.0
.SpdxDocument
was reviewed. This value must be in UTC and have 'Z' as its timezone indicator.SpdxDocument
.File
represents a named sequence of information that is contained in a software package.zlib-1.2.5.tar.gz
.SimpleLicenseInfo
class includes all resources that represent simple, atomic, licensing information.License
represents a software copyright license. This class is used by the SPDX license list to represent standard license.SpdxDocument
believes that there is no value for the property. This value should only be used if there is sufficient evidence to support this contention.licenseInfoInFile
properties of all files contained in the package.AnyLicenseInfo
class includes all resources that represent licensing information.ConjunctiveLicenseSet
represents a set of licensing information all of which apply.DisjunctiveLicenseSet
represents a set of licensing information only one of which applies. This class implies that the copier gets to choose which of these licenses they would prefer to use.describesPackage
property relates an SpdxDocument
to the package which it describes.SpdxDocument
.CreationInfo
provides information about the individuals, organizations and tools involved in the creation of an SpdxDocument
.creationInfo
property relates an SpdxDocument
to a set of information about the creation of the SpdxDocument
.SpdxDocument
was created. This value must in UTC and have 'Z' as its timezone indicator.checksumValue
property provides a hex encoded digest value produced using a specific algorithm.Checksum
is simple value that allows the contents of a file to be authenticated. Even small changes to the content of the file will change it's checksum value.Indicates the project in which the file originated.
Tools must preserve doap:hompage
and doap:name
properties and the URI (if one is known) of doap:Project
resources that are values of this property. All other properties of doap:Projects
are not directly supported by SPDX and may be dropped when translating to or from some SPDX formats.
Checksum
.licenseId
values must match the regular expression: [-+_.a-zA-Z0-9]{3,}
checksum
property provides a digest of a File
or Package
. This allows consumers of the SPDX document to verify that the content of the files or package has not changed.Package
or File
.licenseComments
property allows the preparer of the SPDX document to describe why the licensing in spdx:licenseConcluded
was chosen.