Re: [spdx-tech] Short question about downwards and upwards compatibility

2017-09-14 Thread W. Trevor King 
On Thu, Sep 14, 2017 at 10:32:37AM +0200, Maximilian Huber wrote:
> But since we currently only use features which were already in 2.0
> present, it is still an open question for me. Generating files by
> some older (but compatible) specification makes it easier for people
> to parse the generated document.

Right.  Which is why I expect you want to label your files as 2.0 in
that case.

> Am I right that a 2.0 document can always be labeled as 2.1 since 2.1
> "only" added optional features/fields? Or are there conflicts?

The only thing that stands out in the release notes [1] is:

  The “Artifact of Project” fields at the file level are now
  deprecated…

But “deprecated” is not “removed”.  So sticking to 2.0 and continuing
to use those fields will work with compliant 2.1 parsers.

And it's always possible that the release notes missed some important
compat issue, but I think that's unlikely and would expect a patch
release recovering forwards compat for 2.0 files read by 2.1 parsers.

I expect ArtifactOfProjectName and such will be removed in SPDX 3.0,
although it would be nice if the SPDX explained its versioning scheme
(e.g. by referencing SemVer 2.0 [2] or some such.

Cheers,
Trevor

[1]: https://spdx.org/spdx-specification-21-web-version#h.1sh8jn1fc5zw
[2]: http://semver.org/spec/v2.0.0.html

-- 
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


signature.asc
Description: OpenPGP digital signature
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] Short question about downwards and upwards compatibility

2017-09-14 Thread Maximilian Huber 
Sure, as soon as we use features from 2.1 it is no longer a question.

But since we currently only use features which were already in 2.0
present, it is still an open question for me. Generating files by some
older (but compatible) specification makes it easier for people to
parse the generated document.

Am I right that a 2.0 document can always be labeled as 2.1 since 2.1
"only" added optional features/fields? Or are there conflicts?

Best regards
Maximilian

On Di, 12. Sep 09:43, g...@sourceauditor.com wrote:
> Hi Maximilian,
> 
> The Java SPDX libraries are kept current with the SPDX spec and supports
> previous versions back to 1.0.  I realize this library only represents a
> portion of the SPDX parsers out there, but it is used by a couple commercial
> tools and some open source tools.
> 
> Since 2.1 has been out there a while and contains some good improvements, I
> would recommend going with 2.1.
> 
> Gary
> 
> 
> 
> > -Original Message-
> > From: spdx-tech-boun...@lists.spdx.org [mailto:spdx-tech-
> > boun...@lists.spdx.org] On Behalf Of Maximilian Huber
> > Sent: Tuesday, September 12, 2017 5:40 AM
> > To: spdx-tech@lists.spdx.org
> > Subject: [spdx-tech] Short question about downwards and upwards
> > compatibility
> > 
> > Hello spdx-tech@,
> > 
> > In FOSSology we generate SPDX reports which are compatible with the
> > 2.0 and the 2.1 specification and we are now discussing, which version
> > to specify in the created document.
> > 
> > It might be a good idea to stay on version 2.0 since parsers, which
> > read 2.1, might probably also be able to understand 2.0. But older
> > parses fail if they see the new version.
> > 
> > What would you recommend? What is the status on downwards and upwards
> > compatibility on common parser implementations and tooling?
> > 
> > Best regards
> > Maximilian
> > 
> > --
> > Maximilian Huber * maximilian.hu...@tngtech.com * +49-174-3410223 TNG
> > Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring
> > Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Müller
> > Sitz: Unterföhring * Amtsgericht München * HRB 135082
> 

-- 
Maximilian Huber * maximilian.hu...@tngtech.com * +49-174-3410223
TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring
Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Müller
Sitz: Unterföhring * Amtsgericht München * HRB 135082


signature.asc
Description: PGP signature
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] Short question about downwards and upwards compatibility

2017-09-12 Thread Kate Stewart 
On Tue, Sep 12, 2017 at 11:31 AM, W. Trevor King  wrote:

> On Tue, Sep 12, 2017 at 07:54:31AM -0500, Kate Stewart wrote:
> > Of concern, there are new fields added in 2.1 that are
> > not present in 2.0 (backwards compatibility), its best
> > the file is correctly labeled.
>
> If you use the new-in-2.1 properties [1], you need to declare 2.1.
> But if you don't use them, you can safely declare 2.0 and support both
> older parsers that only handle 2.0 and new parsers that understand all
> of 2.1.
>

Agree.   Depends what's easiest of the tool I guess.  :-)

>
> As a useful alternative/supplement to the current release-notes
> approach [1], I like the “New in {version}” annotations that Python
> has for its properties (e.g. [2]).  That makes it easy to discover
> compat implications as you fill in a property, without having to jump
> back and forth between the property definitions and the release notes.
>

Nice.   Will look into this,  as we've been doing this highlighting manually
in presentations, but  incorporating it into the spec going forward,
seems like an positive enhancement now that we have it online.

What do others think?

Kate


>
> Cheers,
> Trevor
>
> [1]: https://spdx.org/spdx-specification-21-web-version#h.1sh8jn1fc5zw
> [2]: https://docs.python.org/3.5/library/unittest.html#
> unittest.TestCase.skipTest
>
> Cheers,
> Trevor
>
> --
> This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
> For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
>
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] Short question about downwards and upwards compatibility

2017-09-12 Thread W. Trevor King 
On Tue, Sep 12, 2017 at 07:54:31AM -0500, Kate Stewart wrote:
> Of concern, there are new fields added in 2.1 that are
> not present in 2.0 (backwards compatibility), its best
> the file is correctly labeled.

If you use the new-in-2.1 properties [1], you need to declare 2.1.
But if you don't use them, you can safely declare 2.0 and support both
older parsers that only handle 2.0 and new parsers that understand all
of 2.1.

As a useful alternative/supplement to the current release-notes
approach [1], I like the “New in {version}” annotations that Python
has for its properties (e.g. [2]).  That makes it easy to discover
compat implications as you fill in a property, without having to jump
back and forth between the property definitions and the release notes.

Cheers,
Trevor

[1]: https://spdx.org/spdx-specification-21-web-version#h.1sh8jn1fc5zw
[2]: 
https://docs.python.org/3.5/library/unittest.html#unittest.TestCase.skipTest

Cheers,
Trevor

-- 
This email may be signed or encrypted with GnuPG (http://www.gnupg.org).
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy


signature.asc
Description: OpenPGP digital signature
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech

Re: [spdx-tech] Short question about downwards and upwards compatibility

2017-09-12 Thread Kate Stewart 
Hi Maximilian,
If you're recognizing and generating SPDX 2.1,
its best to mark the generated file as SPDX 2.1.

If an older parser encounters the file and version number
and doesn't recognize it,  its a bug on that parser.
Of concern, there are new fields added in 2.1 that are
not present in 2.0 (backwards compatibility), its best
the file is correctly labeled.

Hope this helps,  Kate


On Tue, Sep 12, 2017 at 7:39 AM, Maximilian Huber <
maximilian.hu...@tngtech.com> wrote:

> Hello spdx-tech@,
>
> In FOSSology we generate SPDX reports which are compatible with the
> 2.0 and the 2.1 specification and we are now discussing, which version
> to specify in the created document.
>
> It might be a good idea to stay on version 2.0 since parsers, which
> read 2.1, might probably also be able to understand 2.0. But older
> parses fail if they see the new version.
>
> What would you recommend? What is the status on downwards and upwards
> compatibility on common parser implementations and tooling?
>
> Best regards
> Maximilian
>
> --
> Maximilian Huber * maximilian.hu...@tngtech.com * +49-174-3410223
> TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring
> Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Müller
> Sitz: Unterföhring * Amtsgericht München * HRB 135082
>
> ___
> Spdx-tech mailing list
> Spdx-tech@lists.spdx.org
> https://lists.spdx.org/mailman/listinfo/spdx-tech
>
>
___
Spdx-tech mailing list
Spdx-tech@lists.spdx.org
https://lists.spdx.org/mailman/listinfo/spdx-tech