Technical Team/Ideas for After 1.0 of Spec

From SPDX Wiki
Jump to: navigation, search

This is a placeholder for tabling items that are not going to make it into first version but we want to discuss further for subsequent versions of the spec.

  • Create a version of the specification that can be included inside a package.   Note the problem is that the uniquie ID of the package (SHA1) field has to be taken over the entire package, and if the analysis is part of it, we can't include the SHA1 of the package. (requested by package creators, to carry forward with package, keep accurate).
  • Incorporate an optional MD5 checksum field at package level to permit correllation to other existing analysis of a package (requested for consideration by Bill S.)
  • Further simplification of RDF - make more human writable friendly.  (requested for consideration by Kate S.)
  • In detected licenses, consider adding counts per license (requested by Bill S.)