THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Proposals/2010-10-28/File references

From SPDX Wiki
< Technical Team‎ | Proposals
Revision as of 00:08, 2 November 2010 by Pezra (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Status

Draft

Issue

The spec does not make it clear how individual files are to be referenced. This makes discussion of individual files difficult. It leaves it ambiguous which files in a package are related to File blocks in the SPDX file. It prevents asserting the equivalence of a file in one package to a file in another package.</[>

Proposal

<p>Add the following text to section 3.

A Package is a collection of one or more files. The files are grouped together for the purpose of distributing the software. A Package is identified by a URI. This URI can be any valid URI but will most often be the URI used to download the package. For example, package being described might be <http://www.apache.org/dist/httpd/httpd-2.2.17.tar.gz>

Add the following text to section 5.

A file is an atomic series of octets. A file may exist on disk, in a package or archive file or a resource available via a network protocol such as HTTP or FTP. A file is always identified by a URI. Files that are contained in a package or archive file whose format store path information will are identified by appending that path information in the fragment part of the package or archive URI. For example, <http://www.apache.org/dist/httpd/httpd-2.2.17.tar.gz#httpd-2.2.17/server/main.c> </blockquote>