Merge branch 'development/v2.2'

CHANGELOG.md

@@ -1,6 +1,30 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## 2.2 (TODO)
+
+* Added more relationship types to [Relationships](chapters/7-relationships-between-SPDX-elements.md).
+* Updated [License Matching Guidelines](chapters/appendix-II-license-matching-guidelines-and-templates.md) to allow embedded rules within optional rules.
+* Updated [Charter](chapters/1-rationale.md) to broaden applicable scenarios for SPDX documents.
+* Updated [License List](chapters/appendix-I-SPDX-license-list.md) to v3.7.
+* Added support for [PURL](https://github.com/package-url/purl-spec) and container images to [External Repository Identifiers](chapters/appendix-VI-external-repository-identifiers.md).
+* Added the license matching guideline content to [Appendix II](chapters/appendix-II-license-matching-guidelines-and-templates.md).
+* Added sample documents (both for final and draft formats) under `examples/`.
+* Added definitions for the `rdf:` and `rdf-schema:` namespaces.
+* Added clarification of the meaning of `Package` with an SPDX document.
+* Added [SPDX Lite](chapters/appendix-VIII-SPDX-Lite.md) which defines a minimal subset of SPDX for scenarios not requiring full SPDX documents.
+* Added [SPDX File Tags](chapters/appendix-IX-file-tags.md) which defines a mechanism to add file-specific information from SPDX-defined fields to source code files.
+* Added optional field to be able to convey attribution text information for packages & files.
+* Added support for `LicenseRef-` in [short form identifiers](chapters/appendix-V-using-SPDX-short-identifiers-in-source-files.md).
+* Added support for relationships to `NOASSERTION` or `NONE` as a way to indicate "known unknown" and "no dependencies" respectively.
+* Added YAML, JSON, and .xls as supported formats and XML as an in-development format.
+* Removed support for multi-line license expressions.
+* Added `swh` as an external reference to support linking to Software Heritage persistent identifiers.
+* Added clarification on the case sensitivity of license expressions.
+* Numerous formatting, gramatical, and spelling fixes.
+
+See also the [SPDX specification 2.2 release announcement](TODO)
+
 ## 2.1 (2016-10-04)
 
 * Snippets allow a portion of a file to be identified as having different properties from the file it resides within. The use of snippets is completely optional, and it is not mandatory for snippets to be identified;
@@ -42,4 +66,4 @@ See also the [SPDX specification 1.1 release announcement](https://www.linuxfoun
 
 * The initial release
 
-See also the [SPDX specification 1.0 release announcement](https://wiki.spdx.org/view/Business_Team/Launch/1.0/SPDX_1.0_Press_Release)
+See also the [SPDX specification 1.0 release announcement](https://wiki.spdx.org/view/Business_Team/Launch/1.0/SPDX_1.0_Press_Release)

CONTRIBUTING.md

@@ -21,7 +21,7 @@ Git itself use this approach. When you merge something it will generate a commit
 
 ### Minor Changes
 Minor changes such as markup and typo fixes may be submitted directly to this repository (either as [issues][] or [pull-requests][]) without previous discussion.
-Please submit all minor changes against the `development/v2.2` branch which is the draft of the next version of the SPDX specification to be released.
+Please submit all minor changes against the `development/v2.2.1` branch which is the draft of the next version of the SPDX specification to be released.
 
 ### Major Changes
 Any change that break backwards compatibility or requires significant tooling changes is considered a major change.

README.md

@@ -8,8 +8,11 @@ The SPDX standard helps facilitate compliance with free and open source software
 
 This repository holds under active development version of the specification as:
 
-* [MarkDown](https://github.com/spdx/spdx-spec/tree/master/chapters) (master branch)
-* [HTML](https://spdx.github.io/spdx-spec/) (gh-pages branch, build on every commit to master branch)
+* [MarkDown](https://github.com/spdx/spdx-spec/tree/master/chapters) (`master` branch)
+* HTML (gh-pages branch, built on every commit to `master` and `development/` branches)
+  * [Current](https://spdx.github.io/spdx-spec/)
+  * [v2 Development](https://spdx.github.io/spdx-spec/v2-draft)
+  * [v3 Development](https://spdx.github.io/spdx-spec/v3-draft)
 
 See for the official [releases of the specification](https://spdx.org/specifications) or additional information also the [SPDX website](https://spdx.org).
 
@@ -25,4 +28,4 @@ You have to [MkDocs](http://mkdocs.org) installed on your machine. If you don't
     $ mkdocs serve
 
     # Building static HTML site
-    $ mkdocs build
+    $ mkdocs build

bin/pull-license-list.py

@@ -0,0 +1,148 @@
+#!/usr/bin/env python3
+#
+# Automatically update the license- and exception-list Markdown based
+# on the currently-live JSON.
+#
+# usage: ./bin/pull-license.py
+#
+# Script licensed under SPDX-License-Identifier: MIT
+
+import codecs
+import itertools
+import json
+import os.path
+import re
+import sys
+import urllib.request
+
+
+if sys.version_info < (3, 6):
+    raise RuntimeError('this script requires Python 3.6+')
+
+
+VERSION_REGEXP = re.compile(
+    pattern='(.* SPDX License List, v)([^ ]*)( which was released )([^.]*)(\..*)',
+    flags=re.DOTALL)
+
+
+def get_json(url):
+    with urllib.request.urlopen(url=url) as body:
+        return json.load(body)
+
+
+def format_table(headers, rows):
+    widths = [
+        max(len(row[i]) for row in rows + [headers])
+        for i, _ in enumerate(headers)
+    ]
+    template = '| {} |\n'.format(' | '.join(
+        ('{' + '{}:{{{}}}'.format(2*i, 2*i + 1) + '}')
+        for i, _ in enumerate(headers)
+    ))
+    yield template.format(*itertools.chain(*zip(headers, widths)))
+    yield '|{}|\n'.format('|'.join('-' * (width + 2) for width in widths))
+    for row in rows:
+        yield template.format(*itertools.chain(*zip(row, widths)))
+    yield '\n'
+
+
+def format_license_table(license_list):
+    yield from format_table(
+        headers=['Full Name of License', 'Short Identifier', 'OSI?'],
+        rows=[
+            [
+                license['name'],
+                '[{0}](https://spdx.org/licenses/{0}.html)'.format(
+                    license['licenseId']),
+                'Y' if license['isOsiApproved'] else '',
+            ]
+            for license in sorted(
+                license_list['licenses'],
+                key=lambda license: license['licenseId'].lower())
+            if not license.get('isDeprecatedLicenseId')
+        ],
+    )
+
+
+def format_deprecated_license_table(license_list):
+    yield from format_table(
+        headers=['Full Name of License', 'Deprecated SDPX Short Identifier'],
+        rows=[
+            [
+                license['name'],
+                '[{0}](https://spdx.org/licenses/{0}.html)'.format(
+                    license['licenseId']),
+            ]
+            for license in sorted(
+                license_list['licenses'],
+                key=lambda license: license['licenseId'].lower())
+            if license.get('isDeprecatedLicenseId')
+        ],
+    )
+
+
+def format_exception_table(exception_list):
+    yield from format_table(
+        headers=['Full Name of Exception', 'SPDX License Exception'],
+        rows=[
+            [
+                exception['name'].replace('\n', ' '),
+                '[{0}](https://spdx.org/licenses/{0}.html)'.format(
+                    exception['licenseExceptionId']),
+            ]
+            for exception in sorted(
+                exception_list['exceptions'],
+                key=lambda exception: exception['licenseExceptionId'].lower())
+            if not exception.get('isDeprecatedLicenseId')
+        ],
+    )
+
+
+if __name__ == '__main__':
+    license_list = get_json(url='https://spdx.org/licenses/licenses.json')
+    exception_list = get_json(url='https://spdx.org/licenses/exceptions.json')
+    for key in ['licenseListVersion', 'releaseDate']:
+        if license_list.get(key) != exception_list.get(key):
+            raise ValueError(
+                '{} mismatch: {} (license list) != {} (exception list)'
+                .format(
+                    key,
+                    license_list.get(key),
+                    exception_list.get(key)))
+    table_content = [
+        format_license_table(license_list=license_list),
+        format_exception_table(exception_list=exception_list),
+        format_deprecated_license_table(license_list=license_list),
+    ]
+    path = os.path.join('chapters', 'appendix-I-SPDX-license-list.md')
+    lines = []
+    with open(path, 'r') as f:
+        in_table = False
+        for line in f.readlines():
+            if in_table:
+                if not line.startswith('|'):
+                    in_table = False
+                    if table_content:
+                        lines.extend(table_content.pop(0))
+            elif line.startswith('|'):
+                in_table = True
+            else:
+                match = VERSION_REGEXP.match(line)
+                if match:
+                    leader, version, middle, release_date, tail = match.groups()
+                    lines.append('{}{}{}{}{}'.format(
+                        leader,
+                        license_list['licenseListVersion'],
+                        middle,
+                        license_list['releaseDate'],
+                        tail,
+                    ))
+                else:
+                    lines.append(line)
+    if in_table and table_content:
+        lines.extend(table_content.pop(0))
+    while lines[-1] == '\n':
+        lines.pop()
+    with open(path, 'w') as f:
+        for line in lines:
+            f.write(line)