THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Proposals/2012-Mar-11 SPDX File Aggregation"

From SPDX Wiki
Jump to: navigation, search
(Convert to MediaWiki syntax)
 
Line 1: Line 1:
<h2>Status</h2><p><strong>Draft</strong></p><h2>Issue</h2><p>In order to facilitate the delivery of multiple SPDX Data Files (and possiblye <a href="http://spdx.org/wiki/proposal-2012-mar-06-detached-signed-spdx-files">SPDX Data Signature Files</a>&nbsp;) we need some standard way of grouping them together for simple transport and delivery.</p><h2>Proposal</h2><p>Modify the spec to state that</p><ol><li><strong>Archive Format: </strong>When multiple SPDX Data Files need to be delivered together as a group, they should be archived in a Zip file format. &nbsp;</li><li><strong>Data &amp; Signature File Grouping:&nbsp;</strong>When it is desirable to deliver one or more SPDX Data Files together with one or more related SPDX Data Signature files, the naming convention of <a href="http://spdx.org/wiki/proposal-2012-mar-06-detached-signed-spdx-files">Proposal-2012-Mar-6 Detached Signed SPDX Files</a>&nbsp;should be followed.</li><li><strong>File Naming Convention: </strong>SPDX Archive files should be named &lt;filename&gt;.spdx.zip. &nbsp;&nbsp;&nbsp;</li></ol><h3>Examples</h3><h5>Example 1</h5><pre>
+
Status: draft
<code>
+
 
$ unzip -l example.spdx.zip  
+
==Issue==
Archive:  example.spdx.zip
+
 
  Length    Date  Time    Name
+
In order to facilitate the delivery of multiple SPDX Data Files (and possible [[Technical_Team/Proposals/2012-06-06/Detached_Signed_SPDX_Files]]) we need some standard way of grouping them together for simple transport and delivery.
--------    ----  ----    ----
+
 
        0  03-11-12 20:18  example.spdx
+
==Proposal==
        0  03-11-12 20:18  example.spdx.sign
+
 
--------                  -------
+
Modify the spec to state that
        0                  2 files
+
 
</code></pre><h5>Example 2</h5>
+
# '''Archive Format: '''When multiple SPDX Data Files need to be delivered together as a group, they should be archived in a Zip file format.
<pre><code>
+
# '''Data &amp; Signature File Grouping: '''When it is desirable to deliver one or more SPDX Data Files together with one or more related SPDX Data Signature files, the naming convention of [[Technical_Team/Proposals/2012-06-06/Detached_Signed_SPDX_Files]] should be followed.
$ unzip -l example2.spdx.zip  
+
# '''File Naming Convention: '''SPDX Archive files should be named &lt;filename&gt;.spdx.zip.
Archive:  example2.spdx.zip
+
 
  Length    Date  Time    Name
+
==Examples==
--------    ----  ----    ----
+
 
        0  03-11-12 20:18  example.spdx
+
===Example 1===
        0  03-11-12 20:18  example.spdx.sign
+
 
        0  03-11-12 20:21  example2.spdx
+
$ unzip -l example.spdx.zip
        0  03-11-12 20:21  example2.spdx.sign
+
Archive:  example.spdx.zip
--------                  -------
+
  Length    Date  Time    Name
        0                  4 files
+
  --------    ----  ----    ----
</code></pre><h5>Compatibility</h5><p>Resulting &lt;filename&gt;.spdx.zip files will not be backward compatible with SPDX 1.0 tooling. However, the SPDX Data Files they contain can be, and can be easily extracted by ubiquitously available tools and libaries are virtually every platform and in virtually every programming language.</p><p>&nbsp;</p>
+
        0  03-11-12 20:18  example.spdx
 +
        0  03-11-12 20:18  example.spdx.sign
 +
  --------                  -------
 +
        0                  2 files
 +
 
 +
===Example 2===
 +
 
 +
$ unzip -l example2.spdx.zip
 +
Archive:  example2.spdx.zip
 +
  Length    Date  Time    Name
 +
  --------    ----  ----    ----
 +
        0  03-11-12 20:18  example.spdx
 +
        0  03-11-12 20:18  example.spdx.sign
 +
        0  03-11-12 20:21  example2.spdx
 +
        0  03-11-12 20:21  example2.spdx.sign
 +
  --------                  -------
 +
        0                  4 files
 +
 
 +
==Compatibility==
 +
 
 +
Resulting &lt;filename&gt;.spdx.zip files will not be backward compatible with SPDX 1.0 tooling. However, the SPDX Data Files they contain can be, and can be easily extracted by ubiquitously available tools and libaries are virtually every platform and in virtually every programming language.
 +
 
 +
[[Category:Technical]]

Latest revision as of 11:32, 7 March 2013

Status: draft

Issue

In order to facilitate the delivery of multiple SPDX Data Files (and possible Technical_Team/Proposals/2012-06-06/Detached_Signed_SPDX_Files) we need some standard way of grouping them together for simple transport and delivery.

Proposal

Modify the spec to state that

  1. Archive Format: When multiple SPDX Data Files need to be delivered together as a group, they should be archived in a Zip file format.
  2. Data & Signature File Grouping: When it is desirable to deliver one or more SPDX Data Files together with one or more related SPDX Data Signature files, the naming convention of Technical_Team/Proposals/2012-06-06/Detached_Signed_SPDX_Files should be followed.
  3. File Naming Convention: SPDX Archive files should be named <filename>.spdx.zip.

Examples

Example 1

$ unzip -l example.spdx.zip
Archive:  example.spdx.zip
  Length     Date   Time    Name
 --------    ----   ----    ----
        0  03-11-12 20:18   example.spdx
        0  03-11-12 20:18   example.spdx.sign
 --------                   -------
        0                   2 files

Example 2

$ unzip -l example2.spdx.zip
Archive:  example2.spdx.zip
  Length     Date   Time    Name
 --------    ----   ----    ----
        0  03-11-12 20:18   example.spdx
        0  03-11-12 20:18   example.spdx.sign
        0  03-11-12 20:21   example2.spdx
        0  03-11-12 20:21   example2.spdx.sign
 --------                   -------
        0                   4 files

Compatibility

Resulting <filename>.spdx.zip files will not be backward compatible with SPDX 1.0 tooling. However, the SPDX Data Files they contain can be, and can be easily extracted by ubiquitously available tools and libaries are virtually every platform and in virtually every programming language.