Talk:Software Package Data Exchange

Outdated information

edit

In the 01-07-2021 SPDX General meeting, we heard a complaint that the available information about SPDX on Wikipedia is outdated. We may have SPDX volunteers providing new updated information. 47.16.167.68 (talk) 15:57, 1 July 2021 (UTC)Reply

Request for editorial review of lead section proposal

edit

Greetings! I am a member of the SPDX Working Group. We've noticed that the description of SPDX is quite out of date and doesn't really reflect what SPDX is today, and as such we would like to propose an update to the page. An updated lead section is on my personal namespace - please could an editor have a look at this? We've tried to be unbiased and encyclopaedic; of course if anything escaped my notice I would very much appreciate feedback. Please note: I'm a volunteer, although some others who helped write this draft are paid by their respective employers to work on SPDX in a general sense. Seabass-labrax (talk) 15:07, 20 August 2021 (UTC)Reply

  Not done: Article good as is. Quetstar (talk) 21:18, 5 September 2021 (UTC)Reply
Hello Quetstar! Thank you for taking a look at this article.

I'd agree that the existing article is good at describing SPDX as it was initially created, but I think it falls short in accurately describing more recent events. For instance, lots of the independent writing about SPDX has been focused on its use in security and supply chain transparency fields, but the current article only refers to the license compliance use-case that SPDX was initially created for.

Please may I have some feedback on my draft? Again, if there are specific elements that make it unsuitable for Wikipedia I would be more than happy to edit them. Thanks! Seabass-labrax (talk) 14:54, 8 September 2021 (UTC)Reply
@Seabass-labrax: Since your request is about the lead, instead of linking to your namespace, you should include the proposed edits directly into the talk page. Quetstar (talk) 00:47, 12 September 2021 (UTC)Reply
@Quetstar, thank you for your feedback - I've made my suggestions below, in this talk page! :) Seabass-labrax (talk) 21:01, 12 September 2021 (UTC)Reply
@Seabass-labrax I was the person you spoke with on IRC help. If you want to suggest new text for the lead section of this article please just propose it in this discussion. Other editors can take it from there. --Salimfadhley (talk) 20:38, 12 September 2021 (UTC)Reply

Suggestion for lead section update

edit

Hello! I'd like to suggest some edits to the lead section of the page in order to better reflect the topic.

The first paragraph would be changed from

Software Package Data Exchange (SPDX)[1] is a file format used to document information on the software licenses under which a given piece of computer software is distributed. SPDX is authored by the SPDX Working Group, which represents more than twenty different organizations, under the auspices of the Linux Foundation.[2]

to

Software Package Data Exchange (SPDX) is an open standard for software bill of materials (SBOM).[1] SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to software.[2] Its original purpose was to improve license compliance,[3] and has since been expanded to facilitate additional use-cases, such as supply-chain transparency and security.[4] SPDX is authored by the community-driven SPDX Project under the auspices of the Linux Foundation.

Here are the references for the proposed lead section:

  1. {{ cite web | last = Stewart | first = Kate | url = https://www.linuxfoundation.org/blog/spdx-its-already-in-use-for-global-software-bill-of-materials-sbom-and-supply-chain-security/ | title = SPDX: It’s Already in Use for Global Software Bill of Materials (SBOM) and Supply Chain Security | publisher = Linux Foundation | date = May 25, 2021 | access-date = 2021-08-13 }}
  2. {{ cite web | url = https://www.ntia.gov/files/ntia/publications/ntia_sbom_formats_and_standards_whitepaper_-_version_20191025.pdf#page9 | title = Survey of Existing SBOM Formats and Standards | publisher = [[National Telecommunications and Information Administration]] | date = October 25, 2019 | page = 9 | access-date = 2021-08-13}}
  3. {{cite web | last = Bridgwater | first = Adrian | url = https://www.computerweekly.com/blog/Open-Source-Insider/Linux-Foundation-eases-open-source-licensing-woes | title = Linux Foundation eases open source licensing woes | publisher = [[Computer Weekly]] | date = August 19, 2011 | access-date = 2021-08-13 }}
  4. {{ cite web | last = Rushgrove | first = Gareth | url = https://snyk.io/blog/advancing-sbom-standards-snyk-spdx/ | title = Advancing SBOM standards: Snyk and SPDX | date = June 16, 2021 | access-date = 2021-08-14}}

The second paragraph would be removed, as bill of materials would have already been mentioned. The third paragraph would be moved into the 'License syntax' section, as it is specific to the licensing use-case of SPDX.

Thanks! Seabass-labrax (talk) 20:59, 12 September 2021 (UTC)Reply

I've applied the changes to the article, as there haven't been any objections during the two weeks since the proposed edit. Please feel free to leave feedback post-edit! Seabass-labrax (talk) 11:56, 27 September 2021 (UTC)Reply

Update the article name to System Package Data Exchange

edit

As of April 2024, by the publication of SPDX version 3.0, the full name of SPDX is changed to Software Package Data Exchange. https://spdx.github.io/spdx-spec/v3.0.1/front/introduction/ (This is already mentioned inside the article, the first paragraph)

We may like to update the name of this article.

-- -- bact' (talk) 15:11, 18 November 2024 (UTC)Reply