spdx/tools-golang

Golang tools roadmap (v0.4.0 and beyond)

lumjjb opened this issue · 3 comments

lumjjb commented

2022 2H (v0.4.0)

v0.5.0 (2023 Q1)

  • Core model #152
    • Mapping from 2.1/2 to core
    • Do deduplication of code
  • Collect usage patterns for open source and org use (#157)
  • Higher level helper function/libraries to use #144
    • base: here's how to interact with SPDX elements
    • context-specific: to work with container images, rpm, deb (will use base library)
    • Upstream use of tools-golang to bom tool

v0.5.1 (2023 Q2)

v0.6.0 (2023 H2)

  • SPDX 3.0
  • SBOMs for releases: see #118
  • Collect usage patterns
    • #158 License usage (@swinslow) - people may want to be able to reason about it as tree (ANDs of licenses), etc. Moving from simple strings to structured data. Figure out how to parse license grammar (pretty involved).
  • Formats
lumjjb commented

@swinslow @RishabhBhatnagar re-organized this to more realistic timelines and to prioritize a q4 release.

nishakm commented

@lumjjb Any movement on implementing SPDX 3.0 based on the RC-2 release?

ded1976 commented

2022 2H (v0.4.0)

v0.5.0 (2023 Q1)

  • Core model #152
    • Mapping from 2.1/2 to core
    • Do deduplication of code
      -[x] Collect usage patterns for open source and org use (#157)
  • Higher level helper function/libraries to use #144
    • base: here's how to interact with SPDX elements
    • context-specific: to work with container images, rpm, deb (will use base library)
    • Upstream use of tools-golang to bom tool

v0.5.1 (2023 Q2)

v0.6.0 (2023 H2)

  • SPDX 3.0
  • SBOMs for releases: see #118
  • Collect usage patterns
    • #158 License usage (@swinslow) - people may want to be able to reason about it as tree (ANDs of licenses), etc. Moving from simple strings to structured data. Figure out how to parse license grammar (pretty involved).
  • Formats