> PackageOriginator has a maximum cardinality of only 1 Which would be fine, as long as I can be safe to assume the Person / Organisation mentioned there *can* be regarded as an author. In that context I was briefly reading through [1] which contains "is referred to as the author or originator", so it uses "author" and "originator" synonymously, which makes me hope a "package originator" is also supposed to be a "package author".
> If I recall correctly, the tooling that you develop creates file-level > Software Bill of Materials, so maybe the FileContributor information is > suitable for your use-case? Actually, ORT creates package-level BOMs, so unfortunately the FileContributor is of no big use for us here :-( > PS. Nice name by the way ;) Likewise ;-) [1] http://kelleykeller.com/owner-vs-author-whats-the-difference/ -- Sebastian Schuberth On Tue, Sep 7, 2021 at 2:52 PM Sebastian Crane <seabass-lab...@gmx.com> wrote: > > Dear Sebastian, > > > many package managers (Maven, NPM etc.) have a dedicated "authors" (or > > something "developers") metadata field that is distinct from copyright > > holder information. I'm looking for a way to track this metadata in > > SPDX YAML files. The closest thing I've found is the PackageOriginator > > field, but I'm not entirely sure if it's suitable. And more > > importantly, if I'm safe to assume that any mentioned > > PackageOriginator in an SPDX file I receive also is an author / > > developer. Any insights on that? > > > > Thanks in advance! > > Section 4.14 of the SPDX 2.2 specification describes the FileContributor > data, which seems to be what you are looking for - its cardinality is > unlimited, so you can list multiple authors who may not be copyright > holders. > > However, I could not see any equivalent property for describing authors > of packages. PackageOriginator has a maximum cardinality of only 1, so > it would only really be useful for describing a single organisation or > project. > > If I recall correctly, the tooling that you develop creates file-level > Software Bill of Materials, so maybe the FileContributor information is > suitable for your use-case? > > Best wishes, > > Sebastian > > > PS. Nice name by the way ;) > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4171): https://lists.spdx.org/g/Spdx-tech/message/4171 Mute This Topic: https://lists.spdx.org/mt/85432130/21656 Group Owner: spdx-tech+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
