OpenChain-Project/License-Compliance-Specification

[Improvement] OpenChain spec 3.0: add IETF rfc2119 reference for terms?

winterrocks opened this issue · 3 comments

winterrocks commented

Add IETF rfc2119 reference for the terms

In the beginning of the OpenChain spec 3.0, could it be a good idea to add a link to: https://www.ietf.org/rfc/rfc2119.txt where the terms, such as MUST, SHALL, MAY, etc. are described?

Expected behavior

Everyone reading the spec will know what the terms used mean, e.g. that MUST = SHALL = REQUIRED

winterrocks commented

Seems that Telco has this like this:
https://github.com/OpenChain-Project/Telco-WG/blob/main/OpenChain%20Telco%20SBOM%20Specification.md#2-terms-and-definitions

2. Terms and definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

shanecoughlan commented

Terms and definitions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as

  1. MUST This word, or the terms "REQUIRED" or "SHALL", mean that the
    definition is an absolute requirement of the specification.

  2. MUST NOT This phrase, or the phrase "SHALL NOT", mean that the
    definition is an absolute prohibition of the specification.

  3. SHOULD This word, or the adjective "RECOMMENDED", mean that there
    may exist valid reasons in particular circumstances to ignore a
    particular item, but the full implications must be understood and
    carefully weighed before choosing a different course.

  4. SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that
    there may exist valid reasons in particular circumstances when the
    particular behavior is acceptable or even useful, but the full
    implications should be understood and the case carefully weighed
    before implementing any behavior described with this label.

  5. MAY This word, or the adjective "OPTIONAL", mean that an item is
    truly optional. One vendor may choose to include the item because a
    particular marketplace requires it or because the vendor feels that
    it enhances the product while another vendor may omit the same item.
    An implementation which does not include a particular option MUST be
    prepared to interoperate with another implementation which does
    include the option, though perhaps with reduced functionality. In the
    same vein an implementation which does include a particular option
    MUST be prepared to interoperate with another implementation which
    does not include the option (except, of course, for the feature the
    option provides.)

These definitions are originally from RFC 2119.

shanecoughlan commented

Merge to 3.0 as per OpenChain Monthly North America and Europe Call - 2023-06-06