THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Technical Team/Proposals/2012-Mar-11 SPDX File Aggregation
From SPDX Wiki
Contents
Status
Draft
Issue
In order to facilitate the delivery of multiple SPDX Data Files (and possiblye <a href="http://spdx.org/wiki/proposal-2012-mar-06-detached-signed-spdx-files">SPDX Data Signature Files</a> ) we need some standard way of grouping them together for simple transport and delivery.
Proposal
Modify the spec to state that
- Archive Format: When multiple SPDX Data Files need to be delivered together as a group, they should be archived in a Zip file format.
- Data & Signature File Grouping: When it is desirable to deliver one or more SPDX Data Files together with one or more related SPDX Data Signature files, the naming convention of <a href="http://spdx.org/wiki/proposal-2012-mar-06-detached-signed-spdx-files">Proposal-2012-Mar-6 Detached Signed SPDX Files</a> should be followed.
- File Naming Convention: SPDX Archive files should be named <filename>.spdx.zip.
Examples
Example 1
<code>$ unzip -l example.spdx.zip Archive: example.spdx.zip Length Date Time Name -------- ---- ---- ---- 0 03-11-12 20:18 example.spdx 0 03-11-12 20:18 example.spdx.sign -------- ------- 0 2 files</code>
Example 2
<code> $ unzip -l example2.spdx.zip Archive: example2.spdx.zip Length Date Time Name -------- ---- ---- ---- 0 03-11-12 20:18 example.spdx 0 03-11-12 20:18 example.spdx.sign 0 03-11-12 20:21 example2.spdx 0 03-11-12 20:21 example2.spdx.sign -------- ------- 0 4 files</code>
Compatibility
Resulting <filename>.spdx.zip files will not be backward compatible with SPDX 1.0 tooling. However, the SPDX Data Files they contain can be, and can be easily extracted by ubiquitously available tools and libaries are virtually every platform and in virtually every programming language.