v2.2
tsteenbe
released this
04 Jun 12:32
·
249 commits
to development/v2.2.1
since this release
This release includes:
- Updated Charter to broaden applicable scenarios that SPDX documents can be used to represent that have been requested by users, and align with NTIA SBOM efforts.
- Extended the valid file formats that can be used to represent an SPDX document to include JSON, YAML, and a development version of XML. A set of example documents illustrating use of these formats can be found in v2.2/examples.
- Extended Relationships by addition of 13 new relationship types requested from tool creators (mostly to represent dependencies), as well as support for relationships to NOASSERTION or NONE as a way to indicate “known unknown” and “no relationships” respectively.
- Added new fields to Packages, Files, and Snippets to capture “Attribution text”.
- Extended Appendix VI: External Repository Identifiers to include support for PURL (Package URLs) and SWHIDs (Software Heritage Persistent Identifiers).
- Added Appendix VIII: SPDX Lite as a first recognized SPDX profile. This subset of SPDX 2.2 originated from the use cases that the OpenChain Japan workgroup highlighted. They created it to be able to accept basic information from their suppliers who were not able to generate full SPDX documents with all optional fields.
- Added Appendix IX: SPDX File Tags to enable use of file-specific information from SPDX defined fields in source code as supported by Version 3.0 of the REUSE Software Specification.
- Updated Appendix V: Using SPDX License List short identifiers in Source Files to include support for use of LicenseRef- identifiers, to express custom identifiers for licenses that are not on the SPDX License List. This has been coordinated with Version 3.0 of the REUSE Software Specification to enable projects to provide a standardized format that can optionally be used for providing the corresponding license text for these identifiers.
- Updated Appendix II: License Matching Guidelines to allow embedded rules within optional rules for generated SPDX license templates.
- Updated Appendix IV: SPDX License Expressions to add some clarification on the case sensitivity of license expressions and handling of multi-line license expressions.
- Updated Appendix I: License List to now reference version 3.8.
- And numerous formatting, grammatical, and spelling fixes that escaped our reviewers in version 2.1.1.
Interested in the exact changes? Have a look at this detailed overview of all changes since the last release.