Re: [spdx-tech] Short question about downwards and upwards compatibility
On Thu, Sep 14, 2017 at 10:32:37AM +0200, Maximilian Huber wrote: > But since we currently only use features which were already in 2.0 > present, it is still an open question for me. Generating files by > some older (but compatible) specification makes it easier for people > to parse the generated document. Right. Which is why I expect you want to label your files as 2.0 in that case. > Am I right that a 2.0 document can always be labeled as 2.1 since 2.1 > "only" added optional features/fields? Or are there conflicts? The only thing that stands out in the release notes [1] is: The “Artifact of Project” fields at the file level are now deprecated… But “deprecated” is not “removed”. So sticking to 2.0 and continuing to use those fields will work with compliant 2.1 parsers. And it's always possible that the release notes missed some important compat issue, but I think that's unlikely and would expect a patch release recovering forwards compat for 2.0 files read by 2.1 parsers. I expect ArtifactOfProjectName and such will be removed in SPDX 3.0, although it would be nice if the SPDX explained its versioning scheme (e.g. by referencing SemVer 2.0 [2] or some such. Cheers, Trevor [1]: https://spdx.org/spdx-specification-21-web-version#h.1sh8jn1fc5zw [2]: http://semver.org/spec/v2.0.0.html -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy signature.asc Description: OpenPGP digital signature ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
Re: [spdx-tech] Short question about downwards and upwards compatibility
Sure, as soon as we use features from 2.1 it is no longer a question. But since we currently only use features which were already in 2.0 present, it is still an open question for me. Generating files by some older (but compatible) specification makes it easier for people to parse the generated document. Am I right that a 2.0 document can always be labeled as 2.1 since 2.1 "only" added optional features/fields? Or are there conflicts? Best regards Maximilian On Di, 12. Sep 09:43, g...@sourceauditor.com wrote: > Hi Maximilian, > > The Java SPDX libraries are kept current with the SPDX spec and supports > previous versions back to 1.0. I realize this library only represents a > portion of the SPDX parsers out there, but it is used by a couple commercial > tools and some open source tools. > > Since 2.1 has been out there a while and contains some good improvements, I > would recommend going with 2.1. > > Gary > > > > > -Original Message- > > From: spdx-tech-boun...@lists.spdx.org [mailto:spdx-tech- > > boun...@lists.spdx.org] On Behalf Of Maximilian Huber > > Sent: Tuesday, September 12, 2017 5:40 AM > > To: spdx-tech@lists.spdx.org > > Subject: [spdx-tech] Short question about downwards and upwards > > compatibility > > > > Hello spdx-tech@, > > > > In FOSSology we generate SPDX reports which are compatible with the > > 2.0 and the 2.1 specification and we are now discussing, which version > > to specify in the created document. > > > > It might be a good idea to stay on version 2.0 since parsers, which > > read 2.1, might probably also be able to understand 2.0. But older > > parses fail if they see the new version. > > > > What would you recommend? What is the status on downwards and upwards > > compatibility on common parser implementations and tooling? > > > > Best regards > > Maximilian > > > > -- > > Maximilian Huber * maximilian.hu...@tngtech.com * +49-174-3410223 TNG > > Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring > > Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Müller > > Sitz: Unterföhring * Amtsgericht München * HRB 135082 > -- Maximilian Huber * maximilian.hu...@tngtech.com * +49-174-3410223 TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Müller Sitz: Unterföhring * Amtsgericht München * HRB 135082 signature.asc Description: PGP signature ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
Re: [spdx-tech] Short question about downwards and upwards compatibility
On Tue, Sep 12, 2017 at 11:31 AM, W. Trevor Kingwrote: > On Tue, Sep 12, 2017 at 07:54:31AM -0500, Kate Stewart wrote: > > Of concern, there are new fields added in 2.1 that are > > not present in 2.0 (backwards compatibility), its best > > the file is correctly labeled. > > If you use the new-in-2.1 properties [1], you need to declare 2.1. > But if you don't use them, you can safely declare 2.0 and support both > older parsers that only handle 2.0 and new parsers that understand all > of 2.1. > Agree. Depends what's easiest of the tool I guess. :-) > > As a useful alternative/supplement to the current release-notes > approach [1], I like the “New in {version}” annotations that Python > has for its properties (e.g. [2]). That makes it easy to discover > compat implications as you fill in a property, without having to jump > back and forth between the property definitions and the release notes. > Nice. Will look into this, as we've been doing this highlighting manually in presentations, but incorporating it into the spec going forward, seems like an positive enhancement now that we have it online. What do others think? Kate > > Cheers, > Trevor > > [1]: https://spdx.org/spdx-specification-21-web-version#h.1sh8jn1fc5zw > [2]: https://docs.python.org/3.5/library/unittest.html# > unittest.TestCase.skipTest > > Cheers, > Trevor > > -- > This email may be signed or encrypted with GnuPG (http://www.gnupg.org). > For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy > ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
Re: [spdx-tech] Short question about downwards and upwards compatibility
On Tue, Sep 12, 2017 at 07:54:31AM -0500, Kate Stewart wrote: > Of concern, there are new fields added in 2.1 that are > not present in 2.0 (backwards compatibility), its best > the file is correctly labeled. If you use the new-in-2.1 properties [1], you need to declare 2.1. But if you don't use them, you can safely declare 2.0 and support both older parsers that only handle 2.0 and new parsers that understand all of 2.1. As a useful alternative/supplement to the current release-notes approach [1], I like the “New in {version}” annotations that Python has for its properties (e.g. [2]). That makes it easy to discover compat implications as you fill in a property, without having to jump back and forth between the property definitions and the release notes. Cheers, Trevor [1]: https://spdx.org/spdx-specification-21-web-version#h.1sh8jn1fc5zw [2]: https://docs.python.org/3.5/library/unittest.html#unittest.TestCase.skipTest Cheers, Trevor -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy signature.asc Description: OpenPGP digital signature ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
Re: [spdx-tech] Short question about downwards and upwards compatibility
Hi Maximilian, If you're recognizing and generating SPDX 2.1, its best to mark the generated file as SPDX 2.1. If an older parser encounters the file and version number and doesn't recognize it, its a bug on that parser. Of concern, there are new fields added in 2.1 that are not present in 2.0 (backwards compatibility), its best the file is correctly labeled. Hope this helps, Kate On Tue, Sep 12, 2017 at 7:39 AM, Maximilian Huber < maximilian.hu...@tngtech.com> wrote: > Hello spdx-tech@, > > In FOSSology we generate SPDX reports which are compatible with the > 2.0 and the 2.1 specification and we are now discussing, which version > to specify in the created document. > > It might be a good idea to stay on version 2.0 since parsers, which > read 2.1, might probably also be able to understand 2.0. But older > parses fail if they see the new version. > > What would you recommend? What is the status on downwards and upwards > compatibility on common parser implementations and tooling? > > Best regards > Maximilian > > -- > Maximilian Huber * maximilian.hu...@tngtech.com * +49-174-3410223 > TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring > Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Müller > Sitz: Unterföhring * Amtsgericht München * HRB 135082 > > ___ > Spdx-tech mailing list > Spdx-tech@lists.spdx.org > https://lists.spdx.org/mailman/listinfo/spdx-tech > > ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech