Skip to content

Commit

Permalink
Merge branch 'development/v3.0.1' into fix-conformance
Browse files Browse the repository at this point in the history
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
  • Loading branch information
goneall authored Aug 11, 2024
2 parents 40aaf15 + 9dc48a3 commit 1f89ebe
Show file tree
Hide file tree
Showing 20 changed files with 280 additions and 2,637 deletions.
7 changes: 3 additions & 4 deletions docs/annexes/SPDX-Lite.md
Original file line number Diff line number Diff line change
@@ -1,18 +1,17 @@
# Annex H: SPDX Lite
# SPDX Lite

## H.1 Definition of the Lite profile <a name="H.1"></a>
## Definition of the Lite profile

The Lite profile is designed to make it quick and easy to start a Software Bill of Materials in situations where a company may have limited capacity for introducing new items into its process.
The Lite profile captures the minimum set of information required for license compliance in the software supply chain. It contains information about the creation of the SBOM, package lists with licensing and other related items, and their relationships.

All elements in Lite profile are essential for complying with licenses. It is easy to use a SPDX document with the Lite profile for anyone who does not have enough knowledge about licensing information and easy to import license information from former versions of SPDX Lite format files.
The Lite profile offers the flexibility to be used either alone or in combination with other SPDX profiles as a SPDX document in the software supply chain.

## H.2 Table of the Lite profile elements <a name="H.2"></a>
## Table of the Lite profile elements

A SPDX document with the Lite profile must include properties for each class listed in **Table H.1**. And ```Cardinality 1..``` means a **REQUIRED** element, and the others **SHOULD** be filled in as much as possible if necessary.

**Table H.1 — the Lite profile elements**

1. For a /Core/SpdxDocument to be conformant with this profile, the following has to hold:

Expand Down
22 changes: 11 additions & 11 deletions docs/annexes/SPDX-license-expressions.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Annex D: SPDX license expressions (Normative)
# SPDX license expressions (Normative)

## D.1 Overview <a name="D.1"></a>
## Overview <a name="D.1"></a>

Often a single license can be used to represent the licensing terms of a source code or binary file, but there are situations where a single license identifier is not sufficient. A common example is when software is offered under a choice of one or more licenses (e.g., GPL-2.0-only OR BSD-3-Clause). Another example is when a set of licenses is needed to represent a binary program constructed by compiling and linking two (or more) different source files each governed by different licenses (e.g., LGPL-2.1-only AND BSD-3-Clause).

Expand Down Expand Up @@ -48,7 +48,7 @@ There MUST NOT be white space between a license-id and any following `+`. This s

In the `tag:value` format, a license expression MUST be on a single line, and MUST NOT include a line break in the middle of the expression.

## D.2 Case sensitivity <a name="D.2"></a>
## Case sensitivity <a name="D.2"></a>

License expression operators (`AND`, `and`, `OR`, `or`, `WITH` and `with`) should be matched in a *case-sensitive* manner, i.e., letters must be all upper case or all lower case.

Expand All @@ -60,7 +60,7 @@ For user defined license identifiers, only the variable part (after `LicenseRef-

The same applies to `AdditionRef-` user defined identifiers.

## D.3 Simple license expressions <a name="D.3"></a>
## Simple license expressions <a name="D.3"></a>

A simple `<license-expression>` is composed one of the following:

Expand All @@ -80,17 +80,17 @@ DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2

The current set of valid license identifiers can be found in [spdx.org/licenses](https://spdx.org/licenses).

## D.4 Composite license expressions <a name="D.4"></a>
## Composite license expressions <a name="D.4"></a>

### D.4.1 Introduction <a name="D.4.1"></a>
### Introduction <a name="D.4.1"></a>

More expressive composite license expressions can be constructed using "OR", "AND", and "WITH" operators similar to constructing mathematical expressions using arithmetic operators.

For the `tag:value` format, any license expression that consists of more than one license identifier and/or LicenseRef, may optionally be encapsulated by parentheses: "( )".

Nested parentheses can also be used to specify an order of precedence which is discussed in more detail in [D.4.5](#D.4.5).

### D.4.2 Disjunctive "OR" operator <a name="D.4.2"></a>
### Disjunctive "OR" operator <a name="D.4.2"></a>

If presented with a choice between two or more licenses, use the disjunctive binary "OR" operator to construct a new license expression, where both the left and right operands are valid license expression values.

Expand All @@ -114,7 +114,7 @@ LGPL-2.1-only OR MIT OR BSD-3-Clause

It is allowed to use the operator in lower case form `or`.

### D.4.3 Conjunctive "AND" operator <a name="D.4.3"></a>
### Conjunctive "AND" operator <a name="D.4.3"></a>

If required to simultaneously comply with two or more licenses, use the conjunctive binary "AND" operator to construct a new license expression, where both the left and right operands are a valid license expression values.

Expand All @@ -138,7 +138,7 @@ LGPL-2.1-only AND MIT AND BSD-2-Clause

It is allowed to use the operator in lower case form `and`.

### D.4.4 Additive "WITH" operator <a name="D.4.4"></a>
### Additive "WITH" operator <a name="D.4.4"></a>

Sometimes license texts are found with additional text, which might or might not modify the original license terms.

Expand All @@ -157,7 +157,7 @@ The current set of valid license exceptions identifiers can be found in [spdx.or

It is allowed to use the operator in lower case form `with`.

### D.4.5 Order of precedence and parentheses <a name="D.4.5"></a>
### Order of precedence and parentheses <a name="D.4.5"></a>

The order of application of the operators in an expression matters (similar to mathematical operators). The default operator order of precedence of a `<license-expression>` a is:

Expand Down Expand Up @@ -188,7 +188,7 @@ MIT AND (LGPL-2.1-or-later OR BSD-3-Clause)

states the OR operator should be applied before the AND operator. That is, one should first select between the LGPL-2.1-or-later or the BSD-3-Clause license before applying the MIT license.

### D.4.6 License expressions in RDF <a name="D.4.6"></a>
### License expressions in RDF <a name="D.4.6"></a>

A conjunctive license can be expressed in RDF via a `<spdx:ConjunctiveLicenseSet>` element, with an spdx:member property for each element in the conjunctive license. Two or more members are required.

Expand Down
14 changes: 14 additions & 0 deletions docs/annexes/changes-from-previous-iso.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Changes from the previous version

## Overview

The previous published version of this standard was ISO/IEC 5962:2021(E),
titled "Information technology -- SPDX® Specification V2.2.1"
published by ISO (the International Organization for Standardization)
and IEC (the International Electrotechnical Commission)
in 2021.

The present chapter outlines the changes that the current version
introduces related to that previous edition.


247 changes: 0 additions & 247 deletions docs/annexes/cross-reference.md

This file was deleted.

Loading

0 comments on commit 1f89ebe

Please sign in to comment.