From 4ed2221f89ef6ecf2c0bca984f49e467394b5653 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 2 Sep 2021 22:38:38 -0700 Subject: [PATCH 01/39] Add an SPDX file to the repository. Incomplete at this point, only lists 6 packages --- julia.spdx.json | 124 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 julia.spdx.json diff --git a/julia.spdx.json b/julia.spdx.json new file mode 100644 index 0000000000000..f86844bc6a47d --- /dev/null +++ b/julia.spdx.json @@ -0,0 +1,124 @@ +{ + "spdxVersion": "SPDX-2.2", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": "julia-spdx", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-26ce6dfe-7843-4342-9970-dda3d15f01e8", + "creationInfo": { + "creators": [ + "Organization: julialang.org ()", + "Person: Simon Avery ()" + ], + "created": "2021-09-02T04:53:52Z" + }, + "documentDescribes": [ + "SPDXRef-JuliaMain" + ], + "packages": [ + { + "name": "Julia", + "SPDXID": "SPDXRef-JuliaMain", + "versionInfo": "v1.8.0", + "packageFileName": "./", + "downloadLocation": "git+https://github.com/JuliaLang/julia.git@v1.8.0", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2009-2021: Jeff Bezanson, Stefan Karpinski, Viral B. Shah, and other contributors: https://github.com/JuliaLang/julia/contributors", + "summary": "Julia is a high-level, high-performance dynamic language for technical computing.", + "comment": "In addition to the source code described by this package, Julia pulls in code from many other respositories, which are also described in this document. See relationships for details." + }, + { + "name": "Pkg", + "SPDXID": "SPDXRef-JuliaPkg", + "downloadLocation": "git+https://github.com/JuliaLang/Pkg.jl.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/Pkg.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2017-2021: Stefan Karpinski, Kristoffer Carlsson, Fredrik Ekre, David Varela, Ian Butterworth, and contributors: https://github.com/JuliaLang/Pkg.jl/graphs/contributors", + "summary": "Julia's package manager, shipped with Julia v1.0 and above" + }, + { + "name": "OpenBLAS", + "SPDXID": "SPDXRef-OpenBLAS", + "downloadLocation": "git+https://github.com/xianyi/OpenBLAS.git", + "filesAnalyzed": false, + "homepage": "https://www.openblas.net", + "sourceInfo": "The git hash of the version in use can be found in the file deps/openblas.version", + "licenseConcluded": "BSD-3-Clause", + "licenseDeclared": "BSD-3-Clause", + "copyrightText": "Copyright (c) 2011-2014, The OpenBLAS Project", + "summary": "OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version." + }, + { + "name": "libuv", + "SPDXID": "SPDXRef-libuv", + "supplier": "Organization: julialang.org ()", + "originator": "Organization: libuv.org ()", + "downloadLocation": "git+https://github.com/JuliaLang/libuv.git", + "filesAnalyzed": false, + "homepage": "https://libuv.org", + "sourceInfo": "The git hash of the version in use can be found in the file deps/libuv.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2015-present libuv project contributors", + "summary": "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others.", + "comment": "The Julia project has forked libuv and maintains their own repository of the code" + }, + { + "name": "zlib", + "SPDXID": "SPDXRef-zlib", + "downloadLocation": "git+https://github.com/madler/zlib.git", + "filesAnalyzed": false, + "homepage": "https://zlib.net", + "sourceInfo": "The git hash of the version in use can be found in the file deps/zlib.version", + "licenseConcluded": "Zlib", + "licenseDeclared": "Zlib", + "copyrightText": "Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler", + "summary": "A massively spiffy yet delicately unobtrusive compression library." + }, + { + "name": "patchelf", + "SPDXID": "SPDXRef-patchelf", + "downloadLocation": "git+https://github.com/NixOS/patchelf.git", + "filesAnalyzed": false, + "homepage": "https://nixos.org/patchelf.html", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "GPL-3.0-only", + "licenseDeclared": "GPL-3.0-only", + "copyrightText": "Copyright (C) 2007 Free Software Foundation, Inc. ", + "summary": "A small utility to modify the dynamic linker and RPATH of ELF executables.", + "comment": "PATCHELF is not part of the Julia binary. It is a tool used as part of building the binary, a bit like a compiler. Julia chooses to build the tool from source during the build process as a convienence." + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-JuliaPkg", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, + { + "spdxElementId": "SPDXRef-OpenBLAS", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, + { + "spdxElementId": "SPDXRef-libuv", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, + { + "spdxElementId": "SPDXRef-zlib", + "relationshipType": "DISTRIBUTION_ARTIFACT", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, + { + "spdxElementId": "SPDXRef-patchelf", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + } + ] +} From 1f2474f442bb5305206dde3a5a31cd64dfa0d742 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 9 Sep 2021 22:36:38 -0700 Subject: [PATCH 02/39] Correction to patchelf License in SPDX doc --- julia.spdx.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index f86844bc6a47d..d66e900182d7e 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -87,8 +87,8 @@ "filesAnalyzed": false, "homepage": "https://nixos.org/patchelf.html", "sourceInfo": "The version in use can be found in the file deps/Versions.make", - "licenseConcluded": "GPL-3.0-only", - "licenseDeclared": "GPL-3.0-only", + "licenseConcluded": "GPL-3.0-or-later", + "licenseDeclared": "GPL-3.0-or-later", "copyrightText": "Copyright (C) 2007 Free Software Foundation, Inc. ", "summary": "A small utility to modify the dynamic linker and RPATH of ELF executables.", "comment": "PATCHELF is not part of the Julia binary. It is a tool used as part of building the binary, a bit like a compiler. Julia chooses to build the tool from source during the build process as a convienence." From 4b6b2a45287475a8287af9f103e8edb841dbd0f1 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Tue, 14 Sep 2021 22:10:01 -0700 Subject: [PATCH 03/39] Add Statistics stdlib to SPDX file --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index d66e900182d7e..4d7e52b1e04bc 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-26ce6dfe-7843-4342-9970-dda3d15f01e8", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-d9d5c994-5165-4aae-ac2a-483850320902", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-02T04:53:52Z" + "created": "2021-09-15T05:07:46Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -41,6 +41,18 @@ "copyrightText": "Copyright (c) 2017-2021: Stefan Karpinski, Kristoffer Carlsson, Fredrik Ekre, David Varela, Ian Butterworth, and contributors: https://github.com/JuliaLang/Pkg.jl/graphs/contributors", "summary": "Julia's package manager, shipped with Julia v1.0 and above" }, + { + "name": "Statistics", + "SPDXID": "SPDXRef-JuliaStatistics", + "downloadLocation": "git+https://github.com/JuliaLang/Statistics.jl.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/Statistics.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2012-2016: Jeff Bezanson, Stefan Karpinski, Viral B. Shah, Dahua Lin, Simon Byrne, Andreas Noack, Douglas Bates, John Myles White, Simon Kornblith, and other contributors.", + "summary": "Development repository for the Statistics standard library (stdlib) that ships with Julia." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -100,6 +112,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-JuliaStatistics", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 47c2f7727681592a9323ee72769534480b20cb91 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Tue, 14 Sep 2021 22:21:32 -0700 Subject: [PATCH 04/39] Add LibCURL.jl stdlib to the SPDX file --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 4d7e52b1e04bc..b42b54a511d7d 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-d9d5c994-5165-4aae-ac2a-483850320902", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-e4b57066-090f-42ea-b236-0a96a182e345", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-15T05:07:46Z" + "created": "2021-09-15T05:20:06Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -53,6 +53,18 @@ "copyrightText": "Copyright (c) 2012-2016: Jeff Bezanson, Stefan Karpinski, Viral B. Shah, Dahua Lin, Simon Byrne, Andreas Noack, Douglas Bates, John Myles White, Simon Kornblith, and other contributors.", "summary": "Development repository for the Statistics standard library (stdlib) that ships with Julia." }, + { + "name": "libCURL.jl", + "SPDXID": "SPDXRef-JuliaCurl", + "downloadLocation": "git+https://github.com/JuliaWeb/LibCURL.jl.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/libCURL.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2013: JuliaWeb contributors", + "summary": "Julia wrapper for libCURL" + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -117,6 +129,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-JuliaCurl", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From c33e31567659f55fb8a8b6644c7555759f02e2fa Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Tue, 14 Sep 2021 22:23:45 -0700 Subject: [PATCH 05/39] Minor update to names of a few stdlib packages --- julia.spdx.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index b42b54a511d7d..28351e8a94d6b 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-e4b57066-090f-42ea-b236-0a96a182e345", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8cfd1c8b-14b7-470d-bae7-aea217ff9a7f", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-15T05:20:06Z" + "created": "2021-09-15T05:22:55Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -30,7 +30,7 @@ "comment": "In addition to the source code described by this package, Julia pulls in code from many other respositories, which are also described in this document. See relationships for details." }, { - "name": "Pkg", + "name": "Pkg.jl", "SPDXID": "SPDXRef-JuliaPkg", "downloadLocation": "git+https://github.com/JuliaLang/Pkg.jl.git", "filesAnalyzed": false, @@ -42,7 +42,7 @@ "summary": "Julia's package manager, shipped with Julia v1.0 and above" }, { - "name": "Statistics", + "name": "Statistics.jl", "SPDXID": "SPDXRef-JuliaStatistics", "downloadLocation": "git+https://github.com/JuliaLang/Statistics.jl.git", "filesAnalyzed": false, From 6a70bdd3eb362987d81b2a9cbb2bbeeb6f2cd060 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Wed, 15 Sep 2021 22:02:38 -0700 Subject: [PATCH 06/39] Add Downloads stlib to SPDX --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 28351e8a94d6b..eb8300563628d 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8cfd1c8b-14b7-470d-bae7-aea217ff9a7f", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-f4ceb281-d283-49d7-8859-b476368ac06e", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-15T05:22:55Z" + "created": "2021-09-16T05:00:28Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -65,6 +65,18 @@ "copyrightText": "Copyright (c) 2013: JuliaWeb contributors", "summary": "Julia wrapper for libCURL" }, + { + "name": "Downloads.jl", + "SPDXID": "SPDXRef-JuliaDownloads", + "downloadLocation": "git+https://github.com/JuliaLang/Downloads.jl.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/Downloads.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2020 Stefan Karpinski and contributors", + "summary": "The Downloads package provides a single function, download, which provides cross-platform, multi-protocol, in-process download functionality implemented with libcurl." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -134,6 +146,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-JuliaDownloads", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 1bb78cbe29ca962820b8e5ec203ecb1c6c3d35e2 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 16 Sep 2021 22:13:34 -0700 Subject: [PATCH 07/39] Add ArgTools stdlib to SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index eb8300563628d..5e2ddaf4fdbd6 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-f4ceb281-d283-49d7-8859-b476368ac06e", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-07d460f6-353c-4951-b576-bd280629f43d", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-16T05:00:28Z" + "created": "2021-09-17T05:11:42Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -77,6 +77,18 @@ "copyrightText": "Copyright (c) 2020 Stefan Karpinski and contributors", "summary": "The Downloads package provides a single function, download, which provides cross-platform, multi-protocol, in-process download functionality implemented with libcurl." }, + { + "name": "ArgTools.jl", + "SPDXID": "SPDXRef-JuliaArgTools", + "downloadLocation": "git+https://github.com/JuliaIO/ArgTools.jl.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/ArgTools.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2020 Stefan Karpinski and contributors", + "summary": "ArgTools provides tools for creating consistent, flexible APIs that work with various kinds of function arguments." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -151,6 +163,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-JuliaArgTools", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 3a7844dc9b6fe4bfe22f86a0cd3d5b3736612091 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 16 Sep 2021 22:21:19 -0700 Subject: [PATCH 08/39] Add stdlib Tar to the SPDX file --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 5e2ddaf4fdbd6..67170d6dcd1fd 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-07d460f6-353c-4951-b576-bd280629f43d", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-878bedcd-7675-449b-9b06-08abdf71d406", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-17T05:11:42Z" + "created": "2021-09-17T05:19:36Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -89,6 +89,18 @@ "copyrightText": "Copyright (c) 2020 Stefan Karpinski and contributors", "summary": "ArgTools provides tools for creating consistent, flexible APIs that work with various kinds of function arguments." }, + { + "name": "Tar.jl", + "SPDXID": "SPDXRef-JuliaTar", + "downloadLocation": "git+https://github.com/JuliaIO/Tar.jl.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/Tar.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2019 Stefan Karpinski and contributors", + "summary": "The Tar package can list, extract and create POSIX TAR archives (tarballs) as specified in POSIX 1003.1-2001." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -168,6 +180,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-JuliaTar", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From db11989111bed70215a70002bdc938389b20d458 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 16 Sep 2021 22:31:57 -0700 Subject: [PATCH 09/39] Added stdlib NetworkOptions to the SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 67170d6dcd1fd..6bb4ef16f8259 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-878bedcd-7675-449b-9b06-08abdf71d406", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8bec0855-e1e4-4bad-b098-ce45a651cc7d", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-17T05:19:36Z" + "created": "2021-09-17T05:30:02Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -101,6 +101,18 @@ "copyrightText": "Copyright (c) 2019 Stefan Karpinski and contributors", "summary": "The Tar package can list, extract and create POSIX TAR archives (tarballs) as specified in POSIX 1003.1-2001." }, + { + "name": "NetworkOptions.jl", + "SPDXID": "SPDXRef-JuliaNetworkOptions", + "downloadLocation": "git+https://github.com/JuliaLang/NetworkOptions.jl.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/NetworkOptions.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2020 Stefan Karpinski and contributors", + "summary": "The NetworkOptions package acts as a mediator between ways of configuring network transport mechanisms (SSL/TLS, SSH, proxies, etc.) and Julia packages that provide access to transport mechanisms." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -185,6 +197,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-JuliaNetworkOptions", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From e19d58074b302f1ebf07b46c57c2892c694ddfcd Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sun, 19 Sep 2021 22:28:04 -0700 Subject: [PATCH 10/39] Add SuiteSparse.jl to SPDX file --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 6bb4ef16f8259..11b4bee7e93f7 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8bec0855-e1e4-4bad-b098-ce45a651cc7d", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8ff9e376-ad37-49cf-8343-943254307b76", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-17T05:30:02Z" + "created": "2021-09-20T05:26:40Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -113,6 +113,18 @@ "copyrightText": "Copyright (c) 2020 Stefan Karpinski and contributors", "summary": "The NetworkOptions package acts as a mediator between ways of configuring network transport mechanisms (SSL/TLS, SSH, proxies, etc.) and Julia packages that provide access to transport mechanisms." }, + { + "name": "SuiteSparse.jl", + "SPDXID": "SPDXRef-JuliaSuiteSparse", + "downloadLocation": "git+https://github.com/JuliaLang/SuiteSparse.jl.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/SuiteSparse.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2009-2021: Jeff Bezanson, Stefan Karpinski, Viral B. Shah, and other contributors: https://github.com/JuliaLang/julia/contributors", + "summary": "SuiteSparse.jl provides Julia wrappers for the SuiteSparse library, and provides Julia's sparse linear algebra capabilities - specifically the solvers." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -202,6 +214,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-JuliaSuiteSparse", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 06a83259ec2e7361aa4116fe8c791a89ff0a346f Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sun, 19 Sep 2021 22:48:42 -0700 Subject: [PATCH 11/39] Add SHA.jl to the SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 11b4bee7e93f7..ae3b531a3561c 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8ff9e376-ad37-49cf-8343-943254307b76", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-39a01124-e7ce-4be9-945d-ad48df05396a", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-20T05:26:40Z" + "created": "2021-09-20T05:47:15Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -125,6 +125,18 @@ "copyrightText": "Copyright (c) 2009-2021: Jeff Bezanson, Stefan Karpinski, Viral B. Shah, and other contributors: https://github.com/JuliaLang/julia/contributors", "summary": "SuiteSparse.jl provides Julia wrappers for the SuiteSparse library, and provides Julia's sparse linear algebra capabilities - specifically the solvers." }, + { + "name": "SHA.jl", + "SPDXID": "SPDXRef-JuliaSHA", + "downloadLocation": "git+https://github.com/JuliaCrypto/SHA.jl.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/SHA.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2014: Elliot Saba", + "summary": "A performant, 100% native-julia SHA1, SHA2, and SHA3 implementation" + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -219,6 +231,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-JuliaSHA", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 608e1cd40dc75cfd9c29eab2e3d95c4f56fb0280 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Mon, 20 Sep 2021 21:01:30 -0700 Subject: [PATCH 12/39] Add libunwind to the SPDX doc --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index ae3b531a3561c..052264b836d8f 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-39a01124-e7ce-4be9-945d-ad48df05396a", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-357ee816-b115-4a3f-8a3d-73ec4e75b3ee", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-20T05:47:15Z" + "created": "2021-09-21T03:57:34Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -149,6 +149,18 @@ "copyrightText": "Copyright (c) 2011-2014, The OpenBLAS Project", "summary": "OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version." }, + { + "name": "libunwind", + "SPDXID": "SPDXRef-libunwind", + "downloadLocation": "git+https://github.com/libunwind/libunwind.git", + "filesAnalyzed": false, + "homepage": "http://www.nongnu.org/libunwind/", + "sourceInfo": "The git hash of the version in use can be found in the file deps/Versions.make", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2002 Hewlett-Packard Co.", + "summary": "The primary goal of this project is to define a portable and efficient C programming interface (API) to determine the call-chain of a program." + }, { "name": "libuv", "SPDXID": "SPDXRef-libuv", @@ -241,6 +253,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-libunwind", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-libuv", "relationshipType": "BUILD_DEPENDENCY_OF", From 39d2ff144002dee99ec47b4e455fa1596bc3d70f Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Fri, 24 Sep 2021 21:12:20 -0700 Subject: [PATCH 13/39] Add LLVM to SPDX file. In the course of adding this item, discovered that the LLVM license changed from UIUC to Apache back in v8. Corrected the license reference in THIRDPARTY.md which pointed to the v6 license and is no longer correct. --- THIRDPARTY.md | 2 +- julia.spdx.json | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/THIRDPARTY.md b/THIRDPARTY.md index 32ef8eacd9ce4..13b732f80332a 100644 --- a/THIRDPARTY.md +++ b/THIRDPARTY.md @@ -22,7 +22,7 @@ own licenses: - [LIBUNWIND](https://github.com/libunwind/libunwind/blob/master/LICENSE) [MIT] - [LIBUV](https://github.com/JuliaLang/libuv/blob/julia-uv2-1.39.0/LICENSE) [MIT] -- [LLVM](https://releases.llvm.org/6.0.0/LICENSE.TXT) [UIUC] +- [LLVM](https://releases.llvm.org/12.0.1/LICENSE.TXT) [APACHE 2.0 with LLVM Exception] - [UTF8PROC](https://github.com/JuliaStrings/utf8proc) [MIT] Julia's `stdlib` uses the following external libraries, which have their own licenses: diff --git a/julia.spdx.json b/julia.spdx.json index 052264b836d8f..b91194cb290f6 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-357ee816-b115-4a3f-8a3d-73ec4e75b3ee", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-01fb18d8-38a0-42f5-b134-75f2c081757e", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-21T03:57:34Z" + "created": "2021-09-25T04:04:32Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -176,6 +176,18 @@ "summary": "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others.", "comment": "The Julia project has forked libuv and maintains their own repository of the code" }, + { + "name": "llvm", + "SPDXID": "SPDXRef-llvm", + "downloadLocation": "git+https://github.com/llvm/llvm-project.git", + "filesAnalyzed": false, + "homepage": "https://llvm.org", + "sourceInfo": "The git hash of the version in use can be found in the file deps/Versions.make", + "licenseConcluded": "Apache-2.0 WITH LLVM-exception", + "licenseDeclared": "Apache-2.0 WITH LLVM-exception", + "copyrightText": "The LLVM project does not collect copyright assignments, which means that the copyright for the code in the project is held by the respective contributors", + "summary": "The LLVM Project is a collection of modular and reusable compiler and toolchain technologies." + }, { "name": "zlib", "SPDXID": "SPDXRef-zlib", @@ -263,6 +275,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-llvm", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-zlib", "relationshipType": "DISTRIBUTION_ARTIFACT", From a6cc2d37051f8593b6f0cce88c8c34a0c8b43577 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Fri, 24 Sep 2021 21:37:28 -0700 Subject: [PATCH 14/39] Add utf8proc to the SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index b91194cb290f6..0d72ad0064a9b 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-01fb18d8-38a0-42f5-b134-75f2c081757e", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-31839ae0-c94d-4f18-ba27-6aa6aa013d87", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-25T04:04:32Z" + "created": "2021-09-25T04:35:55Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -188,6 +188,18 @@ "copyrightText": "The LLVM project does not collect copyright assignments, which means that the copyright for the code in the project is held by the respective contributors", "summary": "The LLVM Project is a collection of modular and reusable compiler and toolchain technologies." }, + { + "name": "utf8proc", + "SPDXID": "SPDXRef-utf8proc", + "downloadLocation": "git+https://github.com/JuliaLang/utf8proc.git", + "filesAnalyzed": false, + "homepage": "https://github.com/JuliaStrings/utf8proc", + "sourceInfo": "The git hash of the version in use can be found in the file deps/utf8proc.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright © 2014-2019 by Steven G. Johnson, Jiahao Chen, Tony Kelman, Jonas Fonseca, and other contributors listed in the git history.", + "summary": "utf8proc is a small, clean C library that provides Unicode normalization, case-folding, and other operations for data in the UTF-8 encoding." + }, { "name": "zlib", "SPDXID": "SPDXRef-zlib", @@ -280,6 +292,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-utf8proc", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-zlib", "relationshipType": "DISTRIBUTION_ARTIFACT", From 858bda1b0a886a40ba66743364dd8e9be8f7cde8 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 30 Sep 2021 22:13:45 -0700 Subject: [PATCH 15/39] Add dSFMT to the SPDX file --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 0d72ad0064a9b..61e74379068e1 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-31839ae0-c94d-4f18-ba27-6aa6aa013d87", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-a3fb084c-3f9b-427d-b6b0-04cf2d08437a", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-09-25T04:35:55Z" + "created": "2021-10-01T05:12:30Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -137,6 +137,18 @@ "copyrightText": "Copyright (c) 2014: Elliot Saba", "summary": "A performant, 100% native-julia SHA1, SHA2, and SHA3 implementation" }, + { + "name": "dSFMT", + "SPDXID": "SPDXRef-dSFMT", + "downloadLocation": "git+https://github.com/MersenneTwister-Lab/dSFMT.git", + "filesAnalyzed": false, + "homepage": "https://github.com/MersenneTwister-Lab/dSFMT", + "sourceInfo": "The git hash of the version in use can be found in the file deps/Versions.make", + "licenseConcluded": "BSD-3-Clause", + "licenseDeclared": "BSD-3-Clause", + "copyrightText": "Copyright (c) 2007, 2008, 2009 Mutsuo Saito, Makoto Matsumoto and Hiroshima University. Copyright (c) 2011, 2002 Mutsuo Saito, Makoto Matsumoto, Hiroshima University and The University of Tokyo.", + "summary": "Double precision SIMD-oriented Fast Mersenne Twister" + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -272,6 +284,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-dSFMT", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From d6b1586ec0da7908ab4bc9546a43dc3c98590d66 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 30 Sep 2021 22:45:25 -0700 Subject: [PATCH 16/39] Add openlibm to the SPDX file --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 61e74379068e1..9555811fea7e6 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-a3fb084c-3f9b-427d-b6b0-04cf2d08437a", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-50f0af56-4238-4ea0-aa87-7e4b68830578", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-01T05:12:30Z" + "created": "2021-10-01T05:44:59Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -149,6 +149,18 @@ "copyrightText": "Copyright (c) 2007, 2008, 2009 Mutsuo Saito, Makoto Matsumoto and Hiroshima University. Copyright (c) 2011, 2002 Mutsuo Saito, Makoto Matsumoto, Hiroshima University and The University of Tokyo.", "summary": "Double precision SIMD-oriented Fast Mersenne Twister" }, + { + "name": "OpenLibm", + "SPDXID": "SPDXRef-OpenLibm", + "downloadLocation": "git+https://github.com/JuliaMath/openlibm.git", + "filesAnalyzed": false, + "homepage": "https://julialang.org", + "sourceInfo": "The git hash of the version in use can be found in the file deps/openlibm.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT AND BSD-2-Clause-FreeBSD AND ISC", + "copyrightText": "Copyright (c) 2011-14 The Julia Project. Copyright (c) 2008 Stephen L. Moshier steve@moshier.net Copyright 1992-2011 The FreeBSD Project. All rights reserved. Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved.", + "summary": "High quality system independent, portable, open source libm implementation" + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -289,6 +301,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-OpenLibm", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 40a9c6e276c0132a9c3eeb5b6494064dc0a4cc24 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 30 Sep 2021 23:09:32 -0700 Subject: [PATCH 17/39] Add GMP to SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 9555811fea7e6..da2c26dbd61b4 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-50f0af56-4238-4ea0-aa87-7e4b68830578", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-2639fdfd-160f-49c9-9cf3-8cee02e7305f", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-01T05:44:59Z" + "created": "2021-10-01T06:06:33Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -161,6 +161,18 @@ "copyrightText": "Copyright (c) 2011-14 The Julia Project. Copyright (c) 2008 Stephen L. Moshier steve@moshier.net Copyright 1992-2011 The FreeBSD Project. All rights reserved. Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved.", "summary": "High quality system independent, portable, open source libm implementation" }, + { + "name": "GMP", + "SPDXID": "SPDXRef-GMP", + "downloadLocation": "https://gmplib.org/download/gmp/", + "filesAnalyzed": false, + "homepage": "https://gmplib.org/", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "LGPL-3.0-or-later", + "licenseDeclared": "LGPL-3.0-or-later OR GPL-2.0-or-later", + "copyrightText": "Copyright 1991, 1996, 1999, 2000, 2007 Free Software Foundation, Inc.", + "summary": "GNU MP is a portable library written in C for arbitrary precision arithmetic on integers, rational numbers, and floating-point numbers." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -306,6 +318,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-GMP", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 9909120026ad5b96a99ea2c0eaa4088385fdbd72 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Mon, 4 Oct 2021 14:32:55 -0700 Subject: [PATCH 18/39] Add libgit2 to the SPDX document --- julia.spdx.json | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index da2c26dbd61b4..96a2a5543f9d6 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-2639fdfd-160f-49c9-9cf3-8cee02e7305f", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8065d066-7f80-48ad-8675-d4c0e61a2e84", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-01T06:06:33Z" + "created": "2021-10-04T20:18:04Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -173,6 +173,18 @@ "copyrightText": "Copyright 1991, 1996, 1999, 2000, 2007 Free Software Foundation, Inc.", "summary": "GNU MP is a portable library written in C for arbitrary precision arithmetic on integers, rational numbers, and floating-point numbers." }, + { + "name": "libgit2", + "SPDXID": "SPDXRef-libgit2", + "downloadLocation": "git+https://github.com/libgit2/libgit2.git", + "filesAnalyzed": false, + "homepage": "https://libgit2.org", + "sourceInfo": "The version in use can be found in the file deps/libgit2.version", + "licenseConcluded": "GPL-2.0-only WITH LicenseRef-libgit2-exception", + "licenseDeclared": "GPL-2.0-only WITH LicenseRef-libgit2-exception", + "copyrightText": "libgit2 is Copyright (C) the libgit2 contributors, unless otherwise stated. See the AUTHORS file for details.", + "summary": "A cross-platform, linkable library implementation of Git that you can use in your application." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -323,6 +335,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-libgit2", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", @@ -358,5 +375,12 @@ "relationshipType": "BUILD_TOOL_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" } + ], + "hasExtractedLicensingInfos": [ + { + "licenseId": "LicenseRef-libgit2-exception", + "extractedText": "In addition to the permissions in the GNU General Public License, the authors give you unlimited permission to link the compiled version of this library into combinations with other programs, and to distribute those combinations without any restriction coming from the use of this file. (The General Public License restrictions do apply in other respects; for example, they cover modification of the file, and distribution when not linked into a combined executable.)", + "name": "libgit2-exception" + } ] } From f064cfd6d0c7534ffbfbba9ab4eb2d5ae52cf433 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Tue, 5 Oct 2021 22:33:48 -0700 Subject: [PATCH 19/39] Add curl to SPDX file --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 96a2a5543f9d6..40204faa81ff2 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8065d066-7f80-48ad-8675-d4c0e61a2e84", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-0d878bc6-f4cc-4075-9f6b-d5cff6d3f6bd", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-04T20:18:04Z" + "created": "2021-10-06T05:32:19Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -185,6 +185,18 @@ "copyrightText": "libgit2 is Copyright (C) the libgit2 contributors, unless otherwise stated. See the AUTHORS file for details.", "summary": "A cross-platform, linkable library implementation of Git that you can use in your application." }, + { + "name": "curl", + "SPDXID": "SPDXRef-curl", + "downloadLocation": "git+https://github.com/curl/curl.git", + "filesAnalyzed": false, + "homepage": "https://curl.se", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "curl", + "licenseDeclared": "curl", + "copyrightText": "Copyright (c) 1996 - 2021, Daniel Stenberg, daniel@haxx.se, and many contributors, see the THANKS file.", + "summary": "A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. libcurl offers a myriad of powerful features" + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -340,6 +352,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-curl", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From cd36d6217799254e1fea4c8cf3a703b1d8f37ccc Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Tue, 5 Oct 2021 22:43:24 -0700 Subject: [PATCH 20/39] Updates to LLVM in SPDX. Julia has forked LLVM and maintains their own repository. --- julia.spdx.json | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 40204faa81ff2..c37f6094c1a1a 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-0d878bc6-f4cc-4075-9f6b-d5cff6d3f6bd", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-bbc63c92-5a7a-42a1-a131-70c5ae14b834", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-06T05:32:19Z" + "created": "2021-10-06T05:39:17Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -239,14 +239,17 @@ { "name": "llvm", "SPDXID": "SPDXRef-llvm", - "downloadLocation": "git+https://github.com/llvm/llvm-project.git", + "supplier": "Organization: julialang.org ()", + "originator": "Organization: llvm.org ()", + "downloadLocation": "git+https://github.com/JuliaLang/llvm-project.git", "filesAnalyzed": false, "homepage": "https://llvm.org", - "sourceInfo": "The git hash of the version in use can be found in the file deps/Versions.make", + "sourceInfo": "The version in use can be found in the file deps/llvm.version", "licenseConcluded": "Apache-2.0 WITH LLVM-exception", "licenseDeclared": "Apache-2.0 WITH LLVM-exception", "copyrightText": "The LLVM project does not collect copyright assignments, which means that the copyright for the code in the project is held by the respective contributors", - "summary": "The LLVM Project is a collection of modular and reusable compiler and toolchain technologies." + "summary": "The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.", + "comment": "The Julia project has forked llvm and maintains their own repository of the code" }, { "name": "utf8proc", From 9cc709ad078710975d840fcd120bb6b34558a860 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sat, 9 Oct 2021 22:01:16 -0700 Subject: [PATCH 21/39] Change the libgit2 extracted license info to encompass GPLv2 AND the exception instead of just the exception. The SPDX spec v2.2 does not allow for only an exception to be put in this section. --- julia.spdx.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index c37f6094c1a1a..0999d635dd84b 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-bbc63c92-5a7a-42a1-a131-70c5ae14b834", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-98f9e2da-45ea-4829-a215-2b9a32585be6", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-06T05:39:17Z" + "created": "2021-10-10T04:59:30Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -180,8 +180,8 @@ "filesAnalyzed": false, "homepage": "https://libgit2.org", "sourceInfo": "The version in use can be found in the file deps/libgit2.version", - "licenseConcluded": "GPL-2.0-only WITH LicenseRef-libgit2-exception", - "licenseDeclared": "GPL-2.0-only WITH LicenseRef-libgit2-exception", + "licenseConcluded": "LicenseRef-GPL-2.0-only-with-libgit2-exception", + "licenseDeclared": "LicenseRef-GPL-2.0-only-with-libgit2-exception", "copyrightText": "libgit2 is Copyright (C) the libgit2 contributors, unless otherwise stated. See the AUTHORS file for details.", "summary": "A cross-platform, linkable library implementation of Git that you can use in your application." }, @@ -398,9 +398,9 @@ ], "hasExtractedLicensingInfos": [ { - "licenseId": "LicenseRef-libgit2-exception", - "extractedText": "In addition to the permissions in the GNU General Public License, the authors give you unlimited permission to link the compiled version of this library into combinations with other programs, and to distribute those combinations without any restriction coming from the use of this file. (The General Public License restrictions do apply in other respects; for example, they cover modification of the file, and distribution when not linked into a combined executable.)", - "name": "libgit2-exception" + "licenseId": "LicenseRef-GPL-2.0-only-with-libgit2-exception", + "extractedText": "Note that the only valid version of the GPL as far as this project is concerned is _this_ particular version of the license (ie v2, not v2.2 or v3.x or whatever), unless explicitly otherwise stated.\n----------------------------------------------------------------------\nIn addition to the permissions in the GNU General Public License, the authors give you unlimited permission to link the compiled version of this library into combinations with other programs, and to distribute those combinations without any restriction coming from the use of this file. (The General Public License restrictions do apply in other respects; for example, they cover modification of the file, and distribution when not linked into a combined executable.)\n----------------------------------------------------------------------\nGNU GENERAL PUBLIC LICENSE\nVersion 2, June 1991\n\nCopyright (C) 1989, 1991 Free Software Foundation, Inc.\n59 Temple Place, Suite 330, Boston, MA 02111-1307 USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n... [more text]", + "name": "GPL-2.0-only-with-libgit2-exception" } ] } From b293e1d2bb104917f462f82ebe1f01ca2552cb4a Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sat, 9 Oct 2021 23:00:42 -0700 Subject: [PATCH 22/39] Add libssh2 to SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 0999d635dd84b..22810ae76c352 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-98f9e2da-45ea-4829-a215-2b9a32585be6", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-70bf5a25-e9e7-44e9-aab0-e9ab956078eb", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-10T04:59:30Z" + "created": "2021-10-10T05:57:26Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -197,6 +197,18 @@ "copyrightText": "Copyright (c) 1996 - 2021, Daniel Stenberg, daniel@haxx.se, and many contributors, see the THANKS file.", "summary": "A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. libcurl offers a myriad of powerful features" }, + { + "name": "libssh2", + "SPDXID": "SPDXRef-libssh2", + "downloadLocation": "git+https://github.com/libssh2/libssh2.git", + "filesAnalyzed": false, + "homepage": "https://www.libssh2.org", + "sourceInfo": "The version in use can be found in the file deps/libssh2.version", + "licenseConcluded": "BSD-3-Clause", + "licenseDeclared": "BSD-3-Clause", + "copyrightText": "Copyright (c) 2004-2007 Sara Golemon \nCopyright (c) 2005,2006 Mikhail Gusarov \nCopyright (c) 2006-2007 The Written Word, Inc.\nCopyright (c) 2007 Eli Fant \nCopyright (c) 2009-2021 Daniel Stenberg\nCopyright (C) 2008, 2009 Simon Josefsson\nCopyright (c) 2000 Markus Friedl\nCopyright (c) 2015 Microsoft Corp.\nAll rights reserved.", + "summary": "libssh2 is a library implementing the SSH2 protocol, available under the revised BSD license." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -360,6 +372,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-libssh2", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 561acb7ef20dc0cb686b8a5386c4ccb72cafe54f Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sun, 10 Oct 2021 23:01:35 -0700 Subject: [PATCH 23/39] Add mbedtls to SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 22810ae76c352..dcb4fe01af727 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-70bf5a25-e9e7-44e9-aab0-e9ab956078eb", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-1fda47e5-9232-4d3d-82b0-9f602c4afbc9", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-10T05:57:26Z" + "created": "2021-10-11T05:59:55Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -209,6 +209,18 @@ "copyrightText": "Copyright (c) 2004-2007 Sara Golemon \nCopyright (c) 2005,2006 Mikhail Gusarov \nCopyright (c) 2006-2007 The Written Word, Inc.\nCopyright (c) 2007 Eli Fant \nCopyright (c) 2009-2021 Daniel Stenberg\nCopyright (C) 2008, 2009 Simon Josefsson\nCopyright (c) 2000 Markus Friedl\nCopyright (c) 2015 Microsoft Corp.\nAll rights reserved.", "summary": "libssh2 is a library implementing the SSH2 protocol, available under the revised BSD license." }, + { + "name": "mbedtls", + "SPDXID": "SPDXRef-mbedtls", + "downloadLocation": "git+https://github.com/ARMmbed/mbedtls.git", + "filesAnalyzed": false, + "homepage": "https://tls.mbed.org", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "Apache-2.0", + "licenseDeclared": "Apache-2.0", + "copyrightText": "NOASSERTION", + "summary": "An open source, portable, easy to use, readable and flexible SSL library." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -377,6 +389,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-mbedtls", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 3e88b236a549721552d9ff5ab3094fb095090142 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 14 Oct 2021 23:18:13 -0700 Subject: [PATCH 24/39] Add mpfr to SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index dcb4fe01af727..89e551dd0143d 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-1fda47e5-9232-4d3d-82b0-9f602c4afbc9", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-e0292c4a-308b-45b9-a77d-81e16c99229b", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-11T05:59:55Z" + "created": "2021-10-15T06:15:45Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -221,6 +221,18 @@ "copyrightText": "NOASSERTION", "summary": "An open source, portable, easy to use, readable and flexible SSL library." }, + { + "name": "mpfr", + "SPDXID": "SPDXRef-mpfr", + "downloadLocation": "https://www.mpfr.org/", + "filesAnalyzed": false, + "homepage": "https://www.mpfr.org/", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "LGPL-3.0-or-later", + "licenseDeclared": "LGPL-3.0-or-later", + "copyrightText": "Copyright 2000-2020 Free Software Foundation, Inc.", + "summary": "The MPFR library is a C library for multiple-precision floating-point computations with correct rounding." + }, { "name": "OpenBLAS", "SPDXID": "SPDXRef-OpenBLAS", @@ -394,6 +406,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-mpfr", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-OpenBLAS", "relationshipType": "BUILD_DEPENDENCY_OF", From 56fb0ea6fd0dc6684ab7ef14bf31b0df11508aca Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Thu, 14 Oct 2021 23:33:48 -0700 Subject: [PATCH 25/39] Add LAPACK to the SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 89e551dd0143d..262e771c4dd8f 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-e0292c4a-308b-45b9-a77d-81e16c99229b", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-f4fdadc7-ff90-4863-9612-1d266816906c", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-15T06:15:45Z" + "created": "2021-10-15T06:31:39Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -245,6 +245,18 @@ "copyrightText": "Copyright (c) 2011-2014, The OpenBLAS Project", "summary": "OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version." }, + { + "name": "LAPACK", + "SPDXID": "SPDXRef-LAPACK", + "downloadLocation": "https://www.netlib.org/lapack/", + "filesAnalyzed": false, + "homepage": "https://netlib.org/", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "BSD-3-Clause", + "licenseDeclared": "BSD-3-Clause", + "copyrightText": "Copyright (c) 1992-2013 The University of Tennessee and The University of Tennessee Research Foundation. All rights reserved.\nCopyright (c) 2000-2013 The University of California Berkeley. All rights reserved.\nCopyright (c) 2006-2013 The University of Colorado Denver. All rights reserved.", + "summary": "LAPACK is written in Fortran 90 and provides routines for solving systems of simultaneous linear equations, least-squares solutions of linear systems of equations, eigenvalue problems, and singular value problems." + }, { "name": "libunwind", "SPDXID": "SPDXRef-libunwind", @@ -416,6 +428,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-LAPACK", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-libunwind", "relationshipType": "BUILD_DEPENDENCY_OF", From cd3664be93d857a6e7f5bdbd845de01873ac50de Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Mon, 18 Oct 2021 22:43:50 -0700 Subject: [PATCH 26/39] Add PCRE to the SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 262e771c4dd8f..2b0fa775c164b 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-f4fdadc7-ff90-4863-9612-1d266816906c", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-b0475c92-f7c3-4414-b7e4-65f3950faabd", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-15T06:31:39Z" + "created": "2021-10-19T05:42:33Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -257,6 +257,18 @@ "copyrightText": "Copyright (c) 1992-2013 The University of Tennessee and The University of Tennessee Research Foundation. All rights reserved.\nCopyright (c) 2000-2013 The University of California Berkeley. All rights reserved.\nCopyright (c) 2006-2013 The University of Colorado Denver. All rights reserved.", "summary": "LAPACK is written in Fortran 90 and provides routines for solving systems of simultaneous linear equations, least-squares solutions of linear systems of equations, eigenvalue problems, and singular value problems." }, + { + "name": "PCRE", + "SPDXID": "SPDXRef-PCRE", + "downloadLocation": "https://ftp.pcre.org/pub/pcre/", + "filesAnalyzed": false, + "homepage": "https://www.pcre.org", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "BSD-3-Clause", + "licenseDeclared": "BSD-3-Clause", + "copyrightText": "Copyright (c) 1997-2021 University of Cambridge All rights reserved.\nCopyright(c) 2009-2021 Zoltan Herczeg\n", + "summary": "PCRE2 is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language." + }, { "name": "libunwind", "SPDXID": "SPDXRef-libunwind", @@ -433,6 +445,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-PCRE", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-libunwind", "relationshipType": "BUILD_DEPENDENCY_OF", From 7aaa9b0022cca1cec613f958329981697423b09c Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sun, 24 Oct 2021 20:42:13 -0700 Subject: [PATCH 27/39] Add SuiteSparse library to SPDX Document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 2b0fa775c164b..1490b3ce4fc1a 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-b0475c92-f7c3-4414-b7e4-65f3950faabd", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-cc8b3e09-5f9b-4745-94da-e48e2389fa6e", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-19T05:42:33Z" + "created": "2021-10-25T03:39:11Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -269,6 +269,18 @@ "copyrightText": "Copyright (c) 1997-2021 University of Cambridge All rights reserved.\nCopyright(c) 2009-2021 Zoltan Herczeg\n", "summary": "PCRE2 is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language." }, + { + "name": "LibSuiteSparse", + "SPDXID": "SPDXRef-LibSuiteSparse", + "downloadLocation": "git+https://github.com/DrTimothyAldenDavis/SuiteSparse", + "filesAnalyzed": false, + "homepage": "https://people.engr.tamu.edu/davis/suitesparse.html", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "copyrightText": "", + "summary": "The official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" + }, { "name": "libunwind", "SPDXID": "SPDXRef-libunwind", @@ -450,6 +462,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-LibSuiteSparse", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-libunwind", "relationshipType": "BUILD_DEPENDENCY_OF", From 1c149245caf28ea06340e51f983b2b774d15b340 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Fri, 29 Oct 2021 09:47:26 -0700 Subject: [PATCH 28/39] In SPDX, break LibSuiteSparse into the individual modules used by Julia, starting with CHOLMOD --- julia.spdx.json | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 1490b3ce4fc1a..6fe424d22473c 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-cc8b3e09-5f9b-4745-94da-e48e2389fa6e", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8228553d-ab90-4fd3-a06b-5eb3b0014ade", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-25T03:39:11Z" + "created": "2021-10-29T16:44:24Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -270,16 +270,17 @@ "summary": "PCRE2 is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language." }, { - "name": "LibSuiteSparse", - "SPDXID": "SPDXRef-LibSuiteSparse", - "downloadLocation": "git+https://github.com/DrTimothyAldenDavis/SuiteSparse", + "name": "LibSuiteSparse-CHOLMOD", + "SPDXID": "SPDXRef-LibSuiteSparse-CHOLMOD", + "packageFileName": "./CHOLMOD", + "downloadLocation": "git+https://github.com/DrTimothyAldenDavis/SuiteSparse.git", "filesAnalyzed": false, "homepage": "https://people.engr.tamu.edu/davis/suitesparse.html", "sourceInfo": "The version in use can be found in the file deps/Versions.make", - "licenseConcluded": "NOASSERTION", - "licenseDeclared": "NOASSERTION", - "copyrightText": "", - "summary": "The official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" + "licenseConcluded": "GPL-2.0-or-later", + "licenseDeclared": "LGPL-2.0-or-later AND GPL-2.0-or-later", + "copyrightText": "CHOLMOD/Check Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Cholesky module, Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Core Module. Copyright (C) 2005-2006, Univ. of Florida. Author: Timothy A. Davis.\nCHOLMOD/Demo Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Include/* files. Copyright (C) 2005-2006, either Univ. of Florida or T. Davis, depending on the file\nCHOLMOD/MATLAB Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/MatrixOps Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Modify Module. Copyright (C) 2005-2006, Timothy A. Davis and William W. Hager.\nCHOLMOD/Partition Module. Copyright (C) 2005-2006, Univ. of Florida. Author: Timothy A. Davis\nCHOLMOD/Supernodal Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Tcov Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Valgrind Module. Copyright (C) 2005-2006, Timothy A. Davis.", + "summary": "CHOLMOD module of the official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" }, { "name": "libunwind", @@ -463,9 +464,9 @@ "relatedSpdxElement": "SPDXRef-JuliaMain" }, { - "spdxElementId": "SPDXRef-LibSuiteSparse", + "spdxElementId": "SPDXRef-LibSuiteSparse-CHOLMOD", "relationshipType": "BUILD_DEPENDENCY_OF", - "relatedSpdxElement": "SPDXRef-JuliaMain" + "relatedSpdxElement": "SPDXRef-JuliaSuiteSparse" }, { "spdxElementId": "SPDXRef-libunwind", From a3336074fe19db98d23f33280cb822f14f507669 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Fri, 29 Oct 2021 12:19:40 -0700 Subject: [PATCH 29/39] Add SPQR module of LibSuiteSparse to SPDX Document --- julia.spdx.json | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 6fe424d22473c..97382a5efc99c 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-8228553d-ab90-4fd3-a06b-5eb3b0014ade", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-b8fba2d8-e097-4650-9c1b-40646e9cbccd", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-29T16:44:24Z" + "created": "2021-10-29T19:17:49Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -282,6 +282,19 @@ "copyrightText": "CHOLMOD/Check Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Cholesky module, Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Core Module. Copyright (C) 2005-2006, Univ. of Florida. Author: Timothy A. Davis.\nCHOLMOD/Demo Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Include/* files. Copyright (C) 2005-2006, either Univ. of Florida or T. Davis, depending on the file\nCHOLMOD/MATLAB Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/MatrixOps Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Modify Module. Copyright (C) 2005-2006, Timothy A. Davis and William W. Hager.\nCHOLMOD/Partition Module. Copyright (C) 2005-2006, Univ. of Florida. Author: Timothy A. Davis\nCHOLMOD/Supernodal Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Tcov Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Valgrind Module. Copyright (C) 2005-2006, Timothy A. Davis.", "summary": "CHOLMOD module of the official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" }, + { + "name": "LibSuiteSparse-SPQR", + "SPDXID": "SPDXRef-LibSuiteSparse-SPQR", + "packageFileName": "./SPQR", + "downloadLocation": "git+https://github.com/DrTimothyAldenDavis/SuiteSparse.git", + "filesAnalyzed": false, + "homepage": "https://people.engr.tamu.edu/davis/suitesparse.html", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "GPL-2.0-or-later", + "licenseDeclared": "GPL-2.0-or-later", + "copyrightText": "", + "summary": "SPQR module of the official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" + }, { "name": "libunwind", "SPDXID": "SPDXRef-libunwind", @@ -468,6 +481,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaSuiteSparse" }, + { + "spdxElementId": "SPDXRef-LibSuiteSparse-SPQR", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaSuiteSparse" + }, { "spdxElementId": "SPDXRef-libunwind", "relationshipType": "BUILD_DEPENDENCY_OF", From 4738c35b06ca657c98587d796ff770d9f5574192 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sun, 31 Oct 2021 09:53:30 -0700 Subject: [PATCH 30/39] Add UMFPACK module of SuiteSparse to the SPDX document. Add copyright text for SPQR module. --- julia.spdx.json | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 97382a5efc99c..60672a1043187 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-b8fba2d8-e097-4650-9c1b-40646e9cbccd", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-a3a6ef66-ab64-47b5-af3d-59373a8bad76", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-29T19:17:49Z" + "created": "2021-10-31T16:51:30Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -292,9 +292,22 @@ "sourceInfo": "The version in use can be found in the file deps/Versions.make", "licenseConcluded": "GPL-2.0-or-later", "licenseDeclared": "GPL-2.0-or-later", - "copyrightText": "", + "copyrightText": "SPQR, Copyright 2008-2016 by Timothy A. Davis.", "summary": "SPQR module of the official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" }, + { + "name": "LibSuiteSparse-UMFPACK", + "SPDXID": "SPDXRef-LibSuiteSparse-UMFPACK", + "packageFileName": "./UMFPACK", + "downloadLocation": "git+https://github.com/DrTimothyAldenDavis/SuiteSparse.git", + "filesAnalyzed": false, + "homepage": "https://people.engr.tamu.edu/davis/suitesparse.html", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "GPL-2.0-or-later", + "licenseDeclared": "GPL-2.0-or-later", + "copyrightText": "UMFPACK, Copyright 1995-2009 by Timothy A. Davis.", + "summary": "UMFPACK module of the official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" + }, { "name": "libunwind", "SPDXID": "SPDXRef-libunwind", @@ -486,6 +499,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaSuiteSparse" }, + { + "spdxElementId": "SPDXRef-LibSuiteSparse-UMFPACK", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaSuiteSparse" + }, { "spdxElementId": "SPDXRef-libunwind", "relationshipType": "BUILD_DEPENDENCY_OF", From ea9fd96089d96c29571327c2ef1f86641c4b28e0 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sun, 31 Oct 2021 10:32:20 -0700 Subject: [PATCH 31/39] Add BlasTrampoline to the SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 60672a1043187..c87137f7e457d 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-a3a6ef66-ab64-47b5-af3d-59373a8bad76", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-6e7271ec-ee4d-4171-b4b0-0e09f08453f4", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-31T16:51:30Z" + "created": "2021-10-31T17:30:07Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -308,6 +308,18 @@ "copyrightText": "UMFPACK, Copyright 1995-2009 by Timothy A. Davis.", "summary": "UMFPACK module of the official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" }, + { + "name": "LibBlasTrampoline", + "SPDXID": "SPDXRef-LibBlasTrampoline", + "downloadLocation": "git+https://github.com/JuliaLinearAlgebra/libblastrampoline.git", + "filesAnalyzed": false, + "homepage": "https://github.com/JuliaLinearAlgebra", + "sourceInfo": "The version in use can be found in the file deps/blastrampoline.version", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2021: Elliot Saba, Viral B. Shah, Julia Computing.", + "summary": "Using PLT trampolines to provide a BLAS and LAPACK demuxing library." + }, { "name": "libunwind", "SPDXID": "SPDXRef-libunwind", @@ -504,6 +516,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaSuiteSparse" }, + { + "spdxElementId": "SPDXRef-LibBlasTrampoline", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-libunwind", "relationshipType": "BUILD_DEPENDENCY_OF", From 644333e4415a7f85b5cb776f4d35ebd07eb7c7f8 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Wed, 10 Nov 2021 22:38:33 -0800 Subject: [PATCH 32/39] Taking back the idea of listing all the SuiteSparse modules individually in the SPDX doc. There's just too many. Combine it all into one package. --- julia.spdx.json | 57 ++++++++++--------------------------------------- 1 file changed, 11 insertions(+), 46 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index c87137f7e457d..8f6fee9e47fa6 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-6e7271ec-ee4d-4171-b4b0-0e09f08453f4", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-98303dbd-7cfe-4c4d-8a4d-b01847d8a9e9", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-10-31T17:30:07Z" + "created": "2021-11-11T06:36:26Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -270,43 +270,18 @@ "summary": "PCRE2 is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language." }, { - "name": "LibSuiteSparse-CHOLMOD", - "SPDXID": "SPDXRef-LibSuiteSparse-CHOLMOD", - "packageFileName": "./CHOLMOD", - "downloadLocation": "git+https://github.com/DrTimothyAldenDavis/SuiteSparse.git", - "filesAnalyzed": false, - "homepage": "https://people.engr.tamu.edu/davis/suitesparse.html", - "sourceInfo": "The version in use can be found in the file deps/Versions.make", - "licenseConcluded": "GPL-2.0-or-later", - "licenseDeclared": "LGPL-2.0-or-later AND GPL-2.0-or-later", - "copyrightText": "CHOLMOD/Check Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Cholesky module, Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Core Module. Copyright (C) 2005-2006, Univ. of Florida. Author: Timothy A. Davis.\nCHOLMOD/Demo Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Include/* files. Copyright (C) 2005-2006, either Univ. of Florida or T. Davis, depending on the file\nCHOLMOD/MATLAB Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/MatrixOps Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Modify Module. Copyright (C) 2005-2006, Timothy A. Davis and William W. Hager.\nCHOLMOD/Partition Module. Copyright (C) 2005-2006, Univ. of Florida. Author: Timothy A. Davis\nCHOLMOD/Supernodal Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Tcov Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Valgrind Module. Copyright (C) 2005-2006, Timothy A. Davis.", - "summary": "CHOLMOD module of the official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" - }, - { - "name": "LibSuiteSparse-SPQR", - "SPDXID": "SPDXRef-LibSuiteSparse-SPQR", - "packageFileName": "./SPQR", - "downloadLocation": "git+https://github.com/DrTimothyAldenDavis/SuiteSparse.git", - "filesAnalyzed": false, - "homepage": "https://people.engr.tamu.edu/davis/suitesparse.html", - "sourceInfo": "The version in use can be found in the file deps/Versions.make", - "licenseConcluded": "GPL-2.0-or-later", - "licenseDeclared": "GPL-2.0-or-later", - "copyrightText": "SPQR, Copyright 2008-2016 by Timothy A. Davis.", - "summary": "SPQR module of the official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" - }, - { - "name": "LibSuiteSparse-UMFPACK", - "SPDXID": "SPDXRef-LibSuiteSparse-UMFPACK", - "packageFileName": "./UMFPACK", + "name": "LibSuiteSparse", + "SPDXID": "SPDXRef-LibSuiteSparse", + "packageFileName": "./", "downloadLocation": "git+https://github.com/DrTimothyAldenDavis/SuiteSparse.git", "filesAnalyzed": false, "homepage": "https://people.engr.tamu.edu/davis/suitesparse.html", "sourceInfo": "The version in use can be found in the file deps/Versions.make", "licenseConcluded": "GPL-2.0-or-later", - "licenseDeclared": "GPL-2.0-or-later", - "copyrightText": "UMFPACK, Copyright 1995-2009 by Timothy A. Davis.", - "summary": "UMFPACK module of the official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" + "licenseDeclared": "LGPL-2.0-or-later AND GPL-2.0-or-later AND BSD-3 AND Apache-2.0 ", + "licenseComments": "SuiteSparse consists of many modules, each of which is licensed separately.", + "copyrightText": "AMD, Copyright (c), 1996-2015, Timothy A. Davis,\nBTF, Copyright (C) 2004-2013, University of Florida\nCAMD, Copyright (c) by Timothy A. Davis, Yanqing Chen, Patrick R. Amestoy, and Iain S. Duff. All Rights Reserved.\nCCOLAMD: Copyright (C) 2005-2016, Univ. of Florida. Authors: Timothy A. Davis, Sivasankaran Rajamanickam, and Stefan Larimore. Closely based on COLAMD by Davis, Stefan Larimore, in collaboration with Esmond Ng, and John Gilbert.\nCHOLMOD/Check Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Cholesky module, Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Core Module. Copyright (C) 2005-2006, Univ. of Florida. Author: Timothy A. Davis.\nCHOLMOD/Demo Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Include/* files. Copyright (C) 2005-2006, either Univ. of Florida or T. Davis, depending on the file\nCHOLMOD/MATLAB Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/MatrixOps Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCHOLMOD/Modify Module. Copyright (C) 2005-2006, Timothy A. Davis and William W. Hager.\nCHOLMOD/Partition Module. Copyright (C) 2005-2006, Univ. of Florida. Author: Timothy A. Davis\nCHOLMOD/Supernodal Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Tcov Module. Copyright (C) 2005-2006, Timothy A. Davis\nCHOLMOD/Valgrind Module. Copyright (C) 2005-2006, Timothy A. Davis.\nCOLAMD, Copyright 1998-2016, Timothy A. Davis.\nCSparse, Copyright (c) 2006, Timothy A. Davis.\nCXSparse: Copyright (c) 2006, Timothy A. Davis.\nGPUQREngine, Copyright (c) 2013, Timothy A. Davis, Sencer Nuri Yeralan, and Sanjay Ranka.\nKLU, Copyright (C) 2004-2013, University of Florida by Timothy A. Davis and Ekanathan Palamadai.\nLDL, Copyright (c) 2005-2013 by Timothy A. Davis.\nThe MATLAB_Tools collection of packages is Copyright (c), Timothy A. Davis, All Rights Reserved, with the exception of the spqr_rank package, which is Copyright (c), Timothy A. Davis and Les Foster, All Rights Reserved\nMATLAB_Tools, SSMULT, Copyright (c) 2007-2011, Timothy A. Davis,\nMongoose Graph Partitioning Library Copyright (C) 2017-2018, Scott P. Kolodziej, Nuri S. Yeralan, Timothy A. Davis, William W. Hager\nRBio toolbox. Copyright (C) 2006-2009, Timothy A. Davis\nSLIP_LU: (c) 2019-2020, Chris Lourenco, Jinhao Chen, Erick Moreno-Centeno, Timothy A. Davis, Texas A&M University. \nSPQR, Copyright 2008-2016 by Timothy A. Davis.\nSuiteSparse_GPURuntime Copyright (c) 2013-2016, Timothy A. Davis, Sencer Nuri Yeralan, and Sanjay Ranka.\nUMFPACK, Copyright 1995-2009 by Timothy A. Davis.", + "summary": "The official SuiteSparse library: a suite of sparse matrix algorithms authored or co-authored by Tim Davis, Texas A&M University" }, { "name": "LibBlasTrampoline", @@ -502,19 +477,9 @@ "relatedSpdxElement": "SPDXRef-JuliaMain" }, { - "spdxElementId": "SPDXRef-LibSuiteSparse-CHOLMOD", + "spdxElementId": "SPDXRef-LibSuiteSparse", "relationshipType": "BUILD_DEPENDENCY_OF", - "relatedSpdxElement": "SPDXRef-JuliaSuiteSparse" - }, - { - "spdxElementId": "SPDXRef-LibSuiteSparse-SPQR", - "relationshipType": "BUILD_DEPENDENCY_OF", - "relatedSpdxElement": "SPDXRef-JuliaSuiteSparse" - }, - { - "spdxElementId": "SPDXRef-LibSuiteSparse-UMFPACK", - "relationshipType": "BUILD_DEPENDENCY_OF", - "relatedSpdxElement": "SPDXRef-JuliaSuiteSparse" + "relatedSpdxElement": "SPDXRef-JuliaMain" }, { "spdxElementId": "SPDXRef-LibBlasTrampoline", From 14664b021f20735c1582d39d8ec2502b9934a950 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Wed, 10 Nov 2021 22:53:32 -0800 Subject: [PATCH 33/39] Add NGHTTP2 to the SPDX document --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 8f6fee9e47fa6..a37ebff49680f 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-98303dbd-7cfe-4c4d-8a4d-b01847d8a9e9", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-bc23e123-6728-4ec3-ac07-8b671d27875c", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-11-11T06:36:26Z" + "created": "2021-11-11T06:52:04Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -295,6 +295,18 @@ "copyrightText": "Copyright (c) 2021: Elliot Saba, Viral B. Shah, Julia Computing.", "summary": "Using PLT trampolines to provide a BLAS and LAPACK demuxing library." }, + { + "name": "NGHTTP2", + "SPDXID": "SPDXRef-NGHTTP2", + "downloadLocation": "git+https://github.com/nghttp2/nghttp2.git", + "filesAnalyzed": false, + "homepage": "https://nghttp2.org", + "sourceInfo": "The version in use can be found in the file deps/Version.make", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2012, 2014, 2015, 2016 Tatsuhiro Tsujikawa\nCopyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors", + "summary": "nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C." + }, { "name": "libunwind", "SPDXID": "SPDXRef-libunwind", @@ -486,6 +498,11 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-LibBlasTrampoline", + "relationshipType": "BUILD_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-libunwind", "relationshipType": "BUILD_DEPENDENCY_OF", From 48e7898fd505f4ad7b0ff419234450639eabc4c9 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Wed, 24 Nov 2021 23:35:14 -0800 Subject: [PATCH 34/39] Add objconv to the SPDX file --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index a37ebff49680f..71475838ed562 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-bc23e123-6728-4ec3-ac07-8b671d27875c", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-6b8c89c8-1d6b-4574-9716-25d5fbc93fa3", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-11-11T06:52:04Z" + "created": "2021-11-25T07:33:19Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -385,6 +385,18 @@ "copyrightText": "Copyright (C) 2007 Free Software Foundation, Inc. ", "summary": "A small utility to modify the dynamic linker and RPATH of ELF executables.", "comment": "PATCHELF is not part of the Julia binary. It is a tool used as part of building the binary, a bit like a compiler. Julia chooses to build the tool from source during the build process as a convienence." + }, + { + "name": "objconv", + "SPDXID": "SPDXRef-objconv", + "downloadLocation": "https://www.agner.org/optimize/objconv.zip", + "filesAnalyzed": false, + "homepage": "https://www.agner.org/optimize/#objconv", + "licenseConcluded": "GPL-3.0-or-later", + "licenseDeclared": "GPL-3.0-or-later", + "copyrightText": "By Agner Fog © 2018", + "summary": "A utility for cross-platform development of function libraries, for converting and modifying object files and for dumping and disassembling object and executable files for all x86 and x86-64 platforms.", + "comment": "OBJCONV is not part of the Julia binary. It is a tool used as part of building the binary, a bit like a compiler. Julia chooses to build the tool from source during the build process as a convienence." } ], "relationships": [ @@ -532,6 +544,11 @@ "spdxElementId": "SPDXRef-patchelf", "relationshipType": "BUILD_TOOL_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" + }, + { + "spdxElementId": "SPDXRef-objconv", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" } ], "hasExtractedLicensingInfos": [ From c5556db8adb6f03614736559563a1674fca84eda Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Fri, 26 Nov 2021 11:19:24 -0800 Subject: [PATCH 35/39] Add libwhich to the SPDX doc --- julia.spdx.json | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 71475838ed562..65a8295fefd2a 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-6b8c89c8-1d6b-4574-9716-25d5fbc93fa3", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-5e61f006-6d99-4c92-b004-87f85474008a", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-11-25T07:33:19Z" + "created": "2021-11-26T19:17:56Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -397,6 +397,18 @@ "copyrightText": "By Agner Fog © 2018", "summary": "A utility for cross-platform development of function libraries, for converting and modifying object files and for dumping and disassembling object and executable files for all x86 and x86-64 platforms.", "comment": "OBJCONV is not part of the Julia binary. It is a tool used as part of building the binary, a bit like a compiler. Julia chooses to build the tool from source during the build process as a convienence." + }, + { + "name": "libwhich", + "SPDXID": "SPDXRef-libwhich", + "downloadLocation": "git+https://github.com/vtjnash/libwhich.git", + "filesAnalyzed": false, + "homepage": "https://github.com/vtjnash/libwhich", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "Copyright (c) 2017 Jameson Nash", + "summary": "Like `which`, for dynamic libraries", + "comment": "LIBWHICH is not part of the Julia binary. It is a tool used as part of building the binary, a bit like a compiler. Julia chooses to build the tool from source during the build process as a convienence." } ], "relationships": [ @@ -549,6 +561,11 @@ "spdxElementId": "SPDXRef-objconv", "relationshipType": "BUILD_TOOL_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" + }, + { + "spdxElementId": "SPDXRef-libwhich", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" } ], "hasExtractedLicensingInfos": [ From e07cd46d4cce01780be213c865e921da69c7ea3a Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Fri, 26 Nov 2021 11:45:31 -0800 Subject: [PATCH 36/39] Add 7zip to SPDX doc, plus cleanup in a few spots --- julia.spdx.json | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 65a8295fefd2a..55f58820687ab 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-5e61f006-6d99-4c92-b004-87f85474008a", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-b3cf5f58-e5e2-467e-8227-ad1c978ab76d", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-11-26T19:17:56Z" + "created": "2021-11-26T19:41:09Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -361,6 +361,18 @@ "copyrightText": "Copyright © 2014-2019 by Steven G. Johnson, Jiahao Chen, Tony Kelman, Jonas Fonseca, and other contributors listed in the git history.", "summary": "utf8proc is a small, clean C library that provides Unicode normalization, case-folding, and other operations for data in the UTF-8 encoding." }, + { + "name": "7-Zip", + "SPDXID": "SPDXRef-7zip", + "downloadLocation": "https://sourceforge.net/projects/p7zip/files/p7zip", + "filesAnalyzed": false, + "homepage": "https://www.7-zip.org", + "sourceInfo": "The version in use can be found in the file deps/Versions.make", + "licenseConcluded": "LGPL-3.0-or-later", + "licenseDeclared": "LGPL-3.0-or-later AND BSD-3", + "copyrightText": "Copyright (C) 1999-2021 Igor Pavlov", + "summary": "7-Zip is a file archiver with a high compression ratio." + }, { "name": "zlib", "SPDXID": "SPDXRef-zlib", @@ -402,6 +414,7 @@ "name": "libwhich", "SPDXID": "SPDXRef-libwhich", "downloadLocation": "git+https://github.com/vtjnash/libwhich.git", + "sourceInfo": "The git hash of the version in use can be found in the file stdlib/libwhich.version", "filesAnalyzed": false, "homepage": "https://github.com/vtjnash/libwhich", "licenseConcluded": "MIT", @@ -547,9 +560,14 @@ "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, + { + "spdxElementId": "SPDXRef-7zip", + "relationshipType": "RUNTIME_DEPENDENCY_OF", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-zlib", - "relationshipType": "DISTRIBUTION_ARTIFACT", + "relationshipType": "RUNTIME_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, { From dab807dd39c28186c921f93fcdae1118c8e579db Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sun, 28 Nov 2021 14:49:54 -0800 Subject: [PATCH 37/39] A few corrections to the SPDX doc --- julia.spdx.json | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index 55f58820687ab..df2309ac89a70 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-b3cf5f58-e5e2-467e-8227-ad1c978ab76d", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-e5e5febd-cf98-4ce6-9927-6659141e126b", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-11-26T19:41:09Z" + "created": "2021-11-28T19:31:24Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -425,6 +425,11 @@ } ], "relationships": [ + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relationshipType": "DESCRIBES", + "relatedSpdxElement": "SPDXRef-JuliaMain" + }, { "spdxElementId": "SPDXRef-JuliaPkg", "relationshipType": "BUILD_DEPENDENCY_OF", @@ -536,7 +541,7 @@ "relatedSpdxElement": "SPDXRef-JuliaMain" }, { - "spdxElementId": "SPDXRef-LibBlasTrampoline", + "spdxElementId": "SPDXRef-NGHTTP2", "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, From 0e06a72b2606b3452e16e9ab00ae635b848c5018 Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Sun, 5 Dec 2021 23:53:11 -0800 Subject: [PATCH 38/39] Fix zlib relationship in SPDX doc --- julia.spdx.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/julia.spdx.json b/julia.spdx.json index df2309ac89a70..cb0c02459035e 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-e5e5febd-cf98-4ce6-9927-6659141e126b", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-58fd2211-1a18-454c-ad92-e373304a94c7", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-11-28T19:31:24Z" + "created": "2021-12-06T07:52:05Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -572,7 +572,7 @@ }, { "spdxElementId": "SPDXRef-zlib", - "relationshipType": "RUNTIME_DEPENDENCY_OF", + "relationshipType": "BUILD_DEPENDENCY_OF", "relatedSpdxElement": "SPDXRef-JuliaMain" }, { From 7d7ec12ec5269404172c5427370ee3972f2d09cc Mon Sep 17 00:00:00 2001 From: Simon Avery Date: Mon, 20 Dec 2021 23:18:48 -0800 Subject: [PATCH 39/39] New script contrib/updateSPDX.jl . Ran the script to update the SPDX file. --- contrib/updateSPDX.jl | 31 +++++++++++++++++++++++++++++++ julia.spdx.json | 8 ++++---- 2 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 contrib/updateSPDX.jl diff --git a/contrib/updateSPDX.jl b/contrib/updateSPDX.jl new file mode 100644 index 0000000000000..f2932d36422c8 --- /dev/null +++ b/contrib/updateSPDX.jl @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: MIT +# This file is a part of Julia. License is MIT: https://julialang.org/license +# +# Run this script with each new Julia release to update "../julia.spdx.json" + +using UUIDs +using Dates +using JSON +using TimeZones +using DataStructures + +spdxDocument= "../julia.spdx.json" +spdxData= JSON.parsefile(spdxDocument; dicttype=OrderedDict{String, Any}) + +# At the moment we can only update a few items automatically with each release. +# These are the crucial elements to make a new version of the SPDX file. +# Any other changes (ex. Adding or removing of external dependencies, updating copyright text, etc.) must be performed manually +spdxData["documentNamespace"]= "https://julialang.org/spdxdocs/julia-spdx-" * string(uuid4()) +spdxData["creationInfo"]["created"]= Dates.format(now(tz"UTC"), "yyyy-mm-ddTHH:MM:SS") * "Z" + +for pkg in spdxData["packages"] + if pkg["SPDXID"] == "SPDXRef-JuliaMain" + pkg["versionInfo"]= readline("../VERSION") + pkg["downloadLocation"]= "git+https://github.com/JuliaLang/julia.git@v" * pkg["versionInfo"] + break + end +end + +open(spdxDocument, "w") do f + JSON.print(f, spdxData, 4) +end \ No newline at end of file diff --git a/julia.spdx.json b/julia.spdx.json index cb0c02459035e..40fa04d338240 100644 --- a/julia.spdx.json +++ b/julia.spdx.json @@ -3,13 +3,13 @@ "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "julia-spdx", - "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-58fd2211-1a18-454c-ad92-e373304a94c7", + "documentNamespace": "https://julialang.org/spdxdocs/julia-spdx-7b93ad83-27bf-433f-b769-cde3288fe3a1", "creationInfo": { "creators": [ "Organization: julialang.org ()", "Person: Simon Avery ()" ], - "created": "2021-12-06T07:52:05Z" + "created": "2021-12-21T07:13:19Z" }, "documentDescribes": [ "SPDXRef-JuliaMain" @@ -18,9 +18,9 @@ { "name": "Julia", "SPDXID": "SPDXRef-JuliaMain", - "versionInfo": "v1.8.0", + "versionInfo": "1.8.0-DEV", "packageFileName": "./", - "downloadLocation": "git+https://github.com/JuliaLang/julia.git@v1.8.0", + "downloadLocation": "git+https://github.com/JuliaLang/julia.git@v1.8.0-DEV", "filesAnalyzed": false, "homepage": "https://julialang.org", "licenseConcluded": "MIT",