; , , . a ; "Indicates that a particular ExtractedLicensingInfo was defined in the subject SpdxDocument."^^; ; ; ; "stable" . a ; "A file that was excluded when calculating the package verification code. This is usually a file containing SPDX data regarding the package. If a package contains more than one SPDX file all SPDX files must be excluded from the package verification code. If this is not done it would be impossible to correctly calculate the verification codes in both files."^^; ; ; ; "stable" . a ; "The review property relates a SpdxDocument to the review history."^^; ; ; ; "stable" . a ; "Identifies the algorithm used to produce the subject Checksum."^^; ; ; [ a ; ()]; "stable" . a ; """

Indicates the project in which the file originated.

Tools must preserve doap:hompage and doap:name properties and the URI (if one is known) of doap:Project resources that are values of this property. All other properties of doap:Projects are not directly supported by SPDX and may be dropped when translating to or from some SPDX formats.

"""^^; ; ; ; "stable" . a ; "Indicates the algorithm used was SHA-1"^^; ; "stable" . a ; "The checksumValue property provides a lower case hexidecimal encoded digest value produced using a specific algorithm."^^; ; ; ; "stable" . a ; "The date and time at which the SpdxDocument was created. This value must in UTC and have 'Z' as its timezone indicator."^^; ; ; ; "stable" . a ; "The creationInfo property relates an SpdxDocument to a set of information about the creation of the SpdxDocument."^^; ; ; ; "stable" . a ; """

The name and, optionally, contact information of a person, organization or tool that created, or was used to create, the SpdxDocument.

Values of this property must conform to the agent and tool syntax.

"""^^; ; ; ; "stable" . a ; """

The licensing under which the creator of this SPDX document allows related data to be reproduced.

The only valid value for this property is http://spdx.org/licenses/CC0-1.0. This is to alleviate any concern that content (the data) in an SPDX file is subject to any form of intellectual property right that could restrict the re-use of the information or the creation of another SPDX file for the same project(s). This approach avoids intellectual property and related restrictions over the SPDX file, however individuals can still contract one to one to restrict release of specific collections of SPDX files (which map to software bill of materials) and the identification of the supplier of SPDX files.

"""^^; ; ; [ a ; ()]; "stable" . a ; "The describesPackage property relates an SpdxDocument to the package which it describes."^^; ; ; ; "stable" . a ; "Provides a detailed description of the package."; ; ; ; "stable" . a ; "The URI at which this package is available for download. Private (i.e., not publicly reachable) URIs are acceptable as values of this property."; ; ; ; "stable" . a ; "Verbatim license or licensing notice text that was discovered."; ; ; ; "stable" . a ; "The name of the file relative to the root of the package."; ; ; ; "stable" . a ; "The type of the file."; ; ; [ a ; ( )]; "stable" . a ; "Indicates the file is an archive file."; ; "stable" . a ; "Indicates the file is not a text file. spdx:filetype_archive is preferred for archive files even though they are binary."^^; ; "stable" . a ; "Indicates the file is not a source, archive or binary file."^^; ; "stable" . a ; "Indicates the file is a source code file."; ; "stable" . a ; "Indicates that a particular file belongs to a package."^^; ; ; ; "stable" . a ; "Indicates that a particular license has been approved by the OSI as an open source licenses. If this property is true there should be a seeAlso property linking to the OSI version of the license."^^; ; ; ; "stable" . a ; "The licensing that the creators of the software in the package, or the packager, have declared. Declarations by the original software creator should be preferred, if they exist."; ; ; [ a ; ( _:NoneClass _:NoAssertionClass)]; "stable" . a ; "The licensing information that was discovered directly within the package. There will be an instance of this property for each distinct value of all licenseInfoInFile properties of all files contained in the package."^^; ; ; [ a ; ( _:NoneClass _:NoAssertionClass)]; "stable" . a ; "Licensing information that was discovered directly in the subject file."; ; ; [ a ; ( _:NoneClass _:NoAssertionClass)]; "stable" . a ; "The full text of the license."; ; ; ; "stable" . a ; """Indicates that the preparer of the SPDX document is not making any assertion regarding the value of this field."""; ; "stable" . a ; "When this value is used as the object of a property it indicates that the preparer of the SpdxDocument believes that there is no value for the property. This value should only be used if there is sufficient evidence to support this assertion."^^; ; "stable" . a ; """

The name and, optionally, contact information of the person or organization that originally created the package.

Values of this property must conform to the agent and tool syntax.

"""^^; ; ; [ a ; ( _:NoAssertionClass)]; "stable" . a ; "The base name of the package file name. For example, zlib-1.2.5.tar.gz."^^; ; ; ; "stable" . a ; """

A manifest based authentication code for the package. This allows consumers of this data to determine if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package. This algorithm is described in detail in the SPDX specification.

The package verification code algorithm is defined in section 4.7 of the full specification.

"""^^; ; ; ; "stable" . a ; "The actual package verification code as a hex encoded value."; ; ; ; "stable" . a ; "Indicates that a particular file belongs as part of the set of analyzed files in the SpdxDocument."^^; ; ; ; "stable" . a ; "The date and time at which the SpdxDocument was reviewed. This value must be in UTC and have 'Z' as its timezone indicator."^^; ; ; ; "stable" . a ; """

The name and, optionally, contact information of the person who performed the review.

Values of this property must conform to the agent and tool syntax.

"""^^; ; ; ; "stable" . a ; "Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source."; ; ; ; "stable" . a ; "Identifies the version of this specification that was used to produce this SPDX document. The value for this version of the spec is SPDX-1.1. The value SPDX-1.0 may also be supported by SPDX tools for backwards compatibility purposes."^^; ; ; ; "stable" . a ; "Text specifically delineated by the license, or license appendix, as the preferred way to indicate that a source, or other, file is copyable under the license."; ; ; ; "stable" . a ; "Provides a short description of the package."; ; ; ; "stable" . a ; """

The name and, optionally, contact information of the person or organization who was the immediate supplier of this package to the recipient. The supplier may be different than originator when the software has been repackaged.

Values of this property must conform to the agent and tool syntax.

"""^^; ; ; [ a ; ( _:NoAssertionClass)]; "stable" . a ; "Provides an indication of the version of the package that is described by this SpdxDocument."^^; ; ; ; "stable" . a ; "A ConjunctiveLicenseSet represents a set of licensing information all of which apply."^^; ; , [ a ; "2"; ]; "stable" . a ; "A DisjunctiveLicenseSet represents a set of licensing information where only one license applies at a time. This class implies that the recipient gets to choose one of these licenses they would prefer to use."^^; ; , [ a ; "2"; ]; "stable" . a ; "The SimpleLicenseInfo class includes all resources that represent simple, atomic, licensing information."^^; ; ( ); "stable" . a ; "The checksum property provides a mechanism that can be used to verify that the contents of a File or Package have not changed."^^; [ a ; ( )]; ; ; "stable" . a ; "The text of copyright declarations recited in the Package or File."^^; [ a ; ( )]; ; [ a ; ( _:NoneClass _:NoAssertionClass)]; "stable" . a ; "The licenseComments property allows the preparer of the SPDX document to describe why the licensing in spdx:licenseConcluded was chosen."^^; [ ( )]; ; ; "stable" . a ; "The licensing that the preparer of this SPDX document has concluded, based on the evidence, actually applies to the package."; [ a ; ( )]; ; [ a ; ( _:NoneClass _:NoAssertionClass)]; "stable" . a ; "A short name for the license that is at least 3 characters long and made up of the characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', '.', and '-'. Formally, all licenseId values must match the regular expression: [-+_.a-zA-Z0-9]{3,}"^^; [ ( )]; ; ; "stable" . a ; "A license, or other licensing information, that is a member of the subject license set."^^; [ a ; ( )]; ; ; ; "stable" . a ; "The AnyLicenseInfo class includes all resources that represent licensing information."^^; ; ( ); "stable" . a ; "A Checksum is value that allows the contents of a file to be authenticated. Even small changes to the content of the file will change it's checksum. This class allows the results of a variety of checksum and cryptographic message digest algorithms to be represented."^^; ; [ a ; "1"; ], [ a ; "1"; ]; "stable" . a ; "A CreationInfo provides information about the individuals, organizations and tools involved in the creation of an SpdxDocument."^^; ; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ]; "stable" . a ; "A manifest based verification code (the algorithm is defined in section 4.7 of the full specification) of the package. This allows consumers of this data and/or database to determine if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package."; ; [ a ; "1"; ]; "stable" . a ; "A Review represents an audit and signoff by an individual, organization or tool on the information in an SpdxDocument."^^; ; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ]; "stable" . a ; "The full human readable name of the item. This should include version information when applicable."; [ a ; ( )]; ; ; ; "stable" . a ; "An ExtractedLicensingInfo represents a license or licensing notice that was found in the package. Any license text that is recognized as a license may be represented as a License rather than an ExtractedLicensingInfo."^^; ; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "0"; ]; "stable" . a ; "A License represents a copyright license. The SPDX license list website is annotated with these properties (using RDFa) to allow license data published there to be easily processed."^^; ; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], , [ a ; "1"; ], [ a ; "1"; ], [ a ; "0"; ]; "stable" . a ; "An SdpxDocument is a summary of the contents, provenance, ownership and licensing analysis of a specific software package. This is, effectively, the top level of SPDX information."^^; ; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ]; "stable" . a ; "A File represents a named sequence of information that is contained in a software package."^^; ; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ]; "stable" . a ; "A Package represents a collection of software files that are delivered as a single functional component."^^; ; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ]; "stable" . a ; """

This specification describes the SPDX™ language, defined as a dictionary of named properties and classes using W3C's RDF Technology.

SPDX™ is a designed to allow the exchange of data about software packages. This information includes general information about the package, licensing information about the package as a whole, a manifest of files contained in the package and licensing information related to the contained files.

"""^^; , ; , ; "1.1-DRAFT (16 Aug 2012 22:01 UTC/8cc379)" . a . () a . () a . _:NoneClass a ; () . _:NoAssertionClass a ; () .