Idokhumenti ye-SPDX

Umbuzo: Ingabe iphakheji yesofthiwe inombhalo we-SPDX ohlotshaniswayo njengokubonakaliswa okujwayelekile kokuncika, ukulayisensa, nezindaba ezihlobene nokuphepha?

Incazelo

Iphakheji yesofthiwe inombhalo we-SPDX ohlotshaniswayo njengendlela evamile yokubonisa ukuncika, ukulayisensa, nezindaba eziphathelene nokuphepha. Ulwazi olwengeziwe mayelana nokucaciswa kwe-SPDX lungatholakala ku: https://spdx.org/

Izinhloso

Kubaphathi abathola isofthiwe yomthombo ovulekile njengengxenye yephothifoliyo yehhovisi le-IT noma le-Open Source Programme, idokhumenti ye-SPDX inikeza ulwazi olubalulekile olubalulekile lokuphatha. Lokhu kungenxa yokuthi, njengoba amaphakheji esofthiwe ekhona kumaketanga okuphakelwa kwesofthiwe ayinkimbinkimbi, kubalulekile ukuveza ngokucacile, ngendlela evamile, ukuncika okuhlobene, amalayisense, nezindaba ezihlobene nokuphepha ngaleyo phakheji yesofthiwe. Umbhalo we-SPDX uhlinzeka ngomthombo owodwa wolwazi kokubili ukusetshenziswa kwangaphakathi kanye nokusatshalaliswa phansi komfula kwamaphakheji esofthiwe. Umbhalo we-SPDX usiza ekutheni izinhlangano zenze kanjani umsebenzi womthombo ovulekile ukuze zihlanganiswe kangcono nezinqubo zazo zokulawula ubungozi kumthombo ovulekile.

Implementation

Ukusetshenziswa nokusatshalaliswa kwamamethrikhi ezempilo kungase kuholele ekwephuleni ubumfihlo. Izinhlangano zingase zichayeke ezingozini. Lezi zingozi zingase zigeleze kusukela ekuthobeleni i-GDPR e-EU, nomthetho wezwe wase-US, noma nomunye umthetho. Kungase futhi kube nezingozi zenkontileka ezivela kumigomo yesevisi kubahlinzeki bedatha njenge-GitHub ne-GitLab. Ukusetshenziswa kwamamethrikhi kufanele kuhlolwe ubungozi kanye nezinkinga zedatha yezimiso zedatha ezingaba khona. Ngicela ubone Idokhumenti ye-CHAOSS Data Ethics ukuze uthole isiqondiso esengeziwe.

Izihlungi

i-SPDX yasetshenziswa ukuskena inqolobane ye-GitHub I-Zephyr. Nawa amalayisense akhonjwe ekuskeneni ngefomethi ye-JSON:

{
  "0": "Apache-2.0",
  "1": "BSD-2-Clause",
  "2": "BSD-3-Clause",
  "3": "GPL-2.0",
  "4": "GPL-2.0+",
  "5": "GPL-3.0+",
  "6": "ISC",
  "7": "MIT"
  "8": "BSD-4-Clause-UC",
  "9": "CC0-1.0"
}

Le dokhumenti yenziwe ngu-Augur.

Amathuluzi Ahlinzeka Ngemethrikhi

  • I-DoSOCSv2 ishumekwe njenge Augur Isevisi. Ifayela ngefayela idokhumenti ye-SPDX iyatholakala nge-Augur elungiselelwe kusetshenziswa i-plugin ye-DoSOCSv2. Izingxenye ezifanele ze-schema sesizindalwazi ziboniswe ngezansi.
  • I-Augur-SPDX ishumekwe njenge Augur Isevisi. Ifayela ngefayela idokhumenti ye-SPDX iyatholakala nge-Augur elungiselelwe kusetshenziswa i-plugin ye-augur-spdx, ethathwe ku-DOSOCS. Izingxenye ezifanele ze-schema sesizindalwazi ziboniswe ngezansi. Lokhu kuqaliswa kuyimfoloko ye-DoSOCSv2.

  • Packages
  • Iphakheji_Amafayela
  • Amafayela (okungenzeka akhona, kodwa mancane amathuba okuthi afakwe kwamanye amaphakheji). Ulwazi lwelayisense lufakiwe njengengxenye ye-SBOM, kodwa inkimbinkimbi yokuhlonza ilayisensi iyacaciswa License_Count, I-License_Coverage, Futhi Ilayisensi_Imenyezelwe amamethrikhi.

I-SBOM

Okubhekwayo