SPDX is always welcoming new contributors!
The discussions are happening on the spdx-tech mailing list and during our regular meetings.
All the details are in: https://spdx.dev/participate/tech/
This repository consists of files written in a specific Markdown format describing the model classes, datatypes, properties, and vocabularies which will be used to automatically create documentation, ontologies, and validation artifacts. These are organized by profile.
Please submit a pull request or an issue for any suggested changes or issues you find.
Significant changes between versions should be logged to CHANGELOG.md.
Contributions to this repository are made pursuant to the SPDX Community Specification Contributor License Agreement 1.0. You do not need to submit a signed copy of the contributor license agreement; by making a contribution to this repo, you agree to the terms set forth in that agreement.
There are multiple profiles being developed in parallel for the SPDX 3.0 model.
- During its initial phase of development, a profile working group will
contribute changes to its own branch in this repository.
- For example, any changes to the "Future Profile" should be submitted as a
change request to the
future-profile
branch.
- For example, any changes to the "Future Profile" should be submitted as a
change request to the
- There will be at least one maintainer per profile in charge of merging any profile development changes to the profile-specific branch.
- Once the first "complete" version of a profile is ready, the profile maintainer will alert the general SPDX tech group that the profile model is ready for review.
- Once alerted, the SPDX tech group will review and provide feedback.
- Once profile proposals have been reviewed and approved, the profile-specific
branch will be merged to a general
development
branch along with the other reviewed profile models. - Once the profile in
development
branch is stable, its code from thedevelopment
branch will be merged tomain
.
At this point the SPDX tech team will re-evaluate the best way to continue updating individual profiles.
This method of development was agreed upon by the SPDX Tech team on 2023-01-17.
Translations of model descriptions are welcome. Please see translation.md for details.
In accordance with the development model described above, each profile has at least one maintainer in charge of merging profile-specific changes to the profile working branch.
To contribute to a specific profile, please open a PR to the profile-specific branch or reach out to the maintainer of the profile (noted below).
Each profile in active development phase also has their own regular meeting time.
Profile | Maintainer(s) |
---|---|
AI | Karen Bennet and Gopi Krishnan Rajbahadur |
Dataset | Karen Bennet and Gopi Krishnan Rajbahadur |
Build | Brandon Lum and Nisha Kumar |
Core | William Bartholomew, Gary O'Neall, and Kate Stewart |
Licensing | Steve Winslow and Alexios Zavras |
Security | Thomas Steenbergen, Adolfo García Veytia, and Rose Judge |
Software | Alexios Zavras and Gary O'Neall |