[sr-dev] SPDX identifiers in source code
Henning Westerholt
hw at gilawa.com
Tue Aug 16 14:53:40 CEST 2022
Hello,
I have nothing against it, just it should be done for the whole project (i.e., all files) in the repository if somebody decides to do it.
Otherwise, we will end up with partial information, which might be misleading to some people rely on the identifier.
I know a bit about the SPDX standard, it sounds reasonable for me and its only one line added per file, so not much overhead.
Cheers,
Henning
-----Original Message-----
From: sr-dev <sr-dev-bounces at lists.kamailio.org> On Behalf Of Olle E. Johansson
Sent: Tuesday, August 16, 2022 10:43 AM
To: Kamailio (SER) - Development Mailing List <sr-dev at lists.kamailio.org>
Subject: [sr-dev] SPDX identifiers in source code
Hi!
SBOM - Software Bill of Materials - often comes up in discussions in my projects. There’s a new working group in the IETF working on it and several other standardization bodies.
A starting point is identification of the license in each source code file with a parseable SPDX identifier.
- Is anyone against adding that to our source code?
- Would it be beneficial for packaging in any way?
I think at some point in the future, a SBOM list in <pick format> will be included in packages, in order to be able to produce a SBOM for the container or the machine.
As we have multiple licenses in the source code it’s important to mark every file correctly.
I can start experimenting with http_client, then work myself around, if the dev community doesn’t scream and argue that it’s a bad thing (TM).
Read more here
- SPDX - a linux foundation project ans ISO standard - https://spdx.dev
- Tags in source code - https://spdx.dev/ids/
Cheers,
/O
_______________________________________________
Kamailio (SER) - Development Mailing List sr-dev at lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
More information about the sr-dev
mailing list