spdx 1.3.5 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: 18a9b9588031eddd1a787be85971dcdbbe31358ea5920fe28beb8344178cb38a
-  data.tar.gz: 7eee08f17656cd956e4e714596e31acc3f29b24b552cb14e25591323b69bed9c
+SHA1:
+  metadata.gz: 7fedfa04ef8b1582c7bf76779ff2629ade6bee4d
+  data.tar.gz: cc4ccc67e9701856f0775da98e73be440d377863
 SHA512:
-  metadata.gz: a7da57c1862c298bacb89469286fffcd26865a09db51fcf07de0673359a9b8a84c55f3f7d81a793b21d03980c8f7c61f3b2f9f782982a794e6e7303a7666fc4a
-  data.tar.gz: 339d1af0dedca6f9579e6458908a8cfbd924a0b873b39d61d324d759436cf2f73acd619e07b4090f9a3c7015fb62227bf2d6d210f314ccbcd7a1757948b2410b
+  metadata.gz: b040ba198af0f0e2dda3fdaa7e1fafb9fff7345a0fa791436f3f6939272676b5fdca2866bc77722d42697839a919366b2e635352c8ce86ea0e48e93c9cdd5c12
+  data.tar.gz: ca4f65e759007a81c06b64e80ab50e495e39835e3c15f44919d107abe747f085da2ab87ee06b2c8f03bbcf5fc9dbe79fbbe2af138ba20855f80f9949f0f3b3ff

data/.github/CONTRIBUTING.md

@@ -4,9 +4,11 @@ Thanks for considering contributing. These guidelines outline how to contribute
 ## Table of Contents
 [What is Libraries.io all about?](#whats-librariesio-about)
 
+[Who is Libraries.io for?](#who-is-librariesio-for)
+
 [What should I know Before I get started?](#what-should-i-know-before-i-get-started)
 * [Code of conduct](#code-of-conduct)
-* [Langauge](#langauge)
+* [Language](#language)
 * [Installation and setup](#setup)
 
 [How can I contribute?](#how-can-i-contribute)
@@ -35,6 +37,17 @@ By outlining our [mission and strategy](/strategy.md) we hope to give you more p
 * Maintainability: _Helping maintainers understand more about the software they depend upon and the consumers of their software._
 * Sustainability: _Supporting undervalued software by highlighting shortfalls in contribution and funneling support to them._
 
+The first of these problems is our foccus for Libraries.io. The other two we are trying to tackle at [Tidelift](https://tidelift.com).
+
+## Who is Libraries.io For?
+Libraries.io currently caters for the needs of three distinct user groups:
+
+* Google: _is hungry for your linked datas so she can serve you up search traffic_
+* Searcher: _is a developer with a problem, she is looking for something to help solve it._
+* Maintainer: _has a project that is used within and/or incorporates open dependencies. She needs to ensure her project(s) are working as expected for users._
+
+These groups have been expanded into [personas](/personas.md) for contributors to reference.
+
 ## What Should I Know Before I Get Started?
 
 ### Code of Conduct
@@ -58,7 +71,7 @@ The simplest thing that you can do to help us is by filing good bug reports, so
 #### Before Submitting a Bug Report
 
 * Double-check that the bug is persistent. The site is still in it's infancy and sometimes artifacts may appear and disappear.
-* Double-check the bug hasn't already been reported [on our issue tracker](https://github.com/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio), they *should* be labelled `bug` or `bugsnag`.
+* Double-check the bug hasn't already been reported [on our issue tracker](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio), they *should* be labelled `bug` or `bugsnag`.
 
 If something hasn't been raised, you can go ahead and create a new issue using [the template](/issue_template.md). If you'd like to help investigate further or fix the bug just mention it in your issue and check out our [workflow](#workflow).
 
@@ -68,7 +81,7 @@ The next simplest thing you can do to help us is by telling us how we can improv
 
 #### Before Submitting an Enhancement
 
-* Check that the enhancement is not already [in our issue tracker](https://github.com/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio), they should be labelled 'enhancement'.
+* Check that the enhancement is not already [in our issue tracker](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio), they should be labelled 'enhancement'.
 
 If there isn't already an issue for feature then go ahead and create a new issue for it using the [template](/issue_template.md). If you'd like to work on the enhancement then just mention it in a comment and check out our [workflow](#workflow).
 
@@ -79,13 +92,12 @@ If you're into this zone then you need to understand a little more about what we
 #### Before Suggesting a Feature
 
 * Check that it aligns with [our strategy](strategy.md) and is specifically not in line with something we have said we will not do (for the moment this is anything to do with ranking *people*).
-* Check that the feature is not already [in our issue tracker](https://github.com/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio), they should be tagged 'feature'.
-* Specifically check that it is not already a [funded commitment](https://github.com/librariesio/supporters/issues).
+* Check that the feature is not already [in our issue tracker](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio), they should be tagged 'feature'.
 
 If you're still thinking about that killer feature that no one else is thinking about then *please* create an issue for it using the [template](/issue_template.md).
 
 ### Your First Contribution
-You're in luck! We label issues that are ideal for first time contributors with [`first-pr`](https://github.com/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+user%3Alibrariesio+label%3A%22first-pr%22). For someone who wants something a little more meaty you might find an issue that needs some assistance with [`help wanted`](https://github.com/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+user%3Alibrariesio+label%3A%22help+wanted%22). Next you'll want to read our [workflow](#workflow).
+You're in luck! We label issues that are ideal for first time contributors with [`first-pr`](https://github.com/search?l=&q=is%3Aopen+is%3Aissue+org%3Alibrariesio+label%3Afirst-pr&ref=advsearch&type=Issues&utf8=%E2%9C%93). For someone who wants something a little more meaty you might find an issue that needs some assistance with [`help wanted`](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio+label%3A%22help+wanted%22&type=Issues). Next you'll want to read our [workflow](#workflow).
 
 ### Tackling Something Meatier
 
@@ -94,7 +106,7 @@ Tickets are labeled by size, skills required and to indicate workflow. Details c
 To get you started you might want to check out issues concerning [documentation](https://github.com/librariesio/documentation/issues/), [user experience](https://github.com/librariesio/libraries.io/labels/ux), [visual design](https://github.com/librariesio/libraries.io/issues/labels/visual%20design) or perhaps something already [awaiting help](https://github.com/librariesio/libraries.io/labels/help%20wanted). You may find the following useful:
 
 * Our [strategy](/strategy.md) which outlines what our goals are, how we are going to achieve those goals and what we are specifically going to avoid.
-* A [techncial overview](/overview.md) of the components that make up the Libraries.io project and run the [https://libraries.io](https://libraries.io) site.
+* An [overview](/overview.md) of the components that make up the Libraries.io project and run the [https://libraries.io](https://libraries.io) site.
 
 ## How Can I Talk To Other Contributors?
 
@@ -113,9 +125,9 @@ Members are encouraged to openly discuss their work, their lives, share views an
 [Google Hangouts](http://hangouts.google.com) is our preferred tool for video chat. We operate an [open hangout](http://bit.ly/2kWtYak) for anyone to jump into at any time to discuss issues face to face.
 
 ### Regular updates
-Contributors are encouraged to share what they're working on. We do this through daily or weekly updates in the `#general` channel on Slack. Updates should take the format 'currently working on X, expecting to move onto Y, blocked on Z' where x, y and z are issues in our [issue tracker](https://github.com/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio).
+Contributors are encouraged to share what they're working on. We do this through daily or weekly updates in the `#general` channel on Slack. Updates should take the format 'currently working on X, expecting to move onto Y, blocked on Z' where x, y and z are issues in our [issue tracker](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio).
 
-Additionally we host an [open hangout](http://bit.ly/2kWtYak) for any contributor to join at *5pm UTC on a Tuesday* to discuss their work, the next week's priorities and to ask questions of other contributors regarding any aspect of the project. Again this is considered a *safe space* in which *there is no such thing as a stupid question*.
+Additionally we host an [open hangout](http://bit.ly/2kWtYak) for any contributor to join at *5pm BST/GMT on a Tuesday* to discuss their work, the next week's priorities and to ask questions of other contributors regarding any aspect of the project. Again this is considered a *safe space* in which *there is no such thing as a stupid question*.
 
 ### Mail
 The [core team](https://github.com/orgs/librariesio/teams/core) operate a mailing list for project updates. If you'd like to subscribe you'll find a form in the footer on [Libraries.io](http://libraries.io).
@@ -132,24 +144,15 @@ We have a Medium account at [@librariesio](https://medium.com/@librariesio) and
 ## Who Are Libraries.io's Users?
 Libraries.io focusses on the following personas:
 
-### Google 
+### Google
 _Is hungry for linked data so she can serve you up search traffic_
 
-### 'Searcher' 
-_Is a developer with a problem, she is looking for something to help solve it._ 
-
-### 'Producer' 
-_Has a product or products that incorporates some free/open source dependencies. She needs to ensure the product(s) are well maintained, free of vulnerabilities and licence compatible._
-
-### 'Maintainer'
-_Is a developer with a successful free/open source project. She's looking to understand more about those who use her project, attract more contributors and manage their contributions well._
+### 'Searcher'
+_Is a developer with a problem, she is looking for something to help solve it._
 
 ### 'Extender'
 _Has her own ideas. She wants access to the raw data so that she can mash up her own service and offer it to the world._
 
-### 'Overlord'
-_Has a vast empire of people, products and projects. Some of which she publishes as open source, some are proprietary. She wants to ensure that her policies regarding the use of dependencies are adhered to and that her team are as efficient as possible._
-
 ## Workflow
 In general we use [GitHub](https://help.github.com/) and [Git](https://git-scm.com/docs/gittutorial) to support our workflow. If you are unfamiliar with those tools then you should check them out until you feel you have a basic understanding of GitHub and a working understanding of Git. Specifically you should understand how forking, branching, committing, PRing and merging works.
 
@@ -169,7 +172,7 @@ We constrain labels as they are a key part of our workflow. Tickets will be labe
 We use templates to guide contributors toward good practice in [filing bugs, requesting enhancements and features](/issue_template.md) and in [issuing pull-requests](/pull_request_template.md).
 
 #### Commenting
-If it possible to comment your contribution — for instance if you are contributing code — then do so in a way that is simple, clear, concise and lowers the level of understanding necessary for others to comprehend what comes afterward does or achieves. If you are contributing code it is very likely it will be rejected if it does not contain sufficient comments.
+If it is possible to comment your contribution — for instance if you are contributing code — then do so in a way that is simple, clear, concise and lowers the level of understanding necessary for others to comprehend what comes afterward. If you are contributing code it is very likely it will be rejected if it does not contain sufficient comments.
 
 #### Committing
 When committing to a branch be sure to use plain, simple language that describes the incremental changes made on the branch toward the overall goal. Avoid unnecessary complexity. Simplify whenever possible. Assume a reasonable but not comprehensive knowledge of the tools, techniques and context of your work.
@@ -183,9 +186,10 @@ Once a piece of work (in a branch) is complete it should be readied for review.
 It is likely that your contributions will need to be checked by at least one member of the [core team](https://github.com/orgs/librariesio/teams/core) prior to merging. It is also incredibly likely that your contribution may need some re-work in order to be accepted. Particularly if it lacks an appropriate level of comments, tests or it is difficult to understand your commits. Please do not take offense if this is the case. We understand that contributors give their time because they want to improve the project but please understand it is another's responsibility to ensure that the project is maintainable, and good practices like these are key to ensuring that is possible.
 
 #### Reviewing a PR
-We appreciate that it may be difficult to offer constructive criticism, but it is a necessary part of ensuring the project is maintainable and successful. If it is difficult to understand something, request it is better commented. If you do not feel assured of the robustness of a contribution, request it is better tested. If it is unclear what the goal of the piece of work is and how it relates to the [strategy](/strategy.md), request a clarification in the corresponding issue. If a pull-request has no corresponding issue, decreases code coverage or otherwise decreases the quality of the project. Reject it. Otherwise, merge it.
+We appreciate that it may be difficult to offer constructive criticism, but it is a necessary part of ensuring the project is maintainable and successful. If it is difficult to understand something, request it is better documented and/or commented. If you do not feel assured of the robustness of a contribution, request it is better tested. If it is unclear what the goal of the piece of work is and how it relates to the [strategy](/strategy.md), request a clarification in the corresponding issue. If a pull-request has no corresponding issue, decreases test coverage or otherwise decreases the quality of the project. Reject it. Otherwise, merge it.
 
 #### Merging
 As we keep the `master` branch in a permanent state of 'deployment ready' once-merged your contribution will be live on the next deployment.
+
 #### Deploying
 Any member of the [deployers](https://github.com/orgs/librariesio/teams/deployers) team are able to redeploy the site. If you require a deployment then you might find one of them in our `#general` [chat channel on Slack](slack.libraries.io).

data/.github/SUPPORT.md

@@ -0,0 +1,10 @@
+# Libraries.io Support
+
+If you're looking for support for Libraries.io there are a lot of options, check out:
+
+* Documentation — https://docs.libraries.io
+* Email — support@libraries.io
+* Twitter — https://twitter.com/librariesio
+* Chat — https://slack.libraries.io
+
+On Discuss and in the Libraries.io Slack team, there are a bunch of helpful community members that should be willing to point you in the right direction.

data/.travis.yml

@@ -1,8 +1,11 @@
 language: ruby
 rvm:
-  - 2.4.2
-  - 2.5.0
+- 2.4.2
+- 2.5.0
 cache: bundler
 sudo: false
 before_install:
-  - gem update --system
+- gem update --system
+notifications:
+  slack:
+    secure: Peh2ABalhVqVbHXxpEEIyjdp2zbtUFaL0rS7ZFq5+yly70nbsIGrx4vYWzz1Vfa6QQEFUAlchuOyF3Xou/ug8sM1FSTwWfvtKbF4pJV+z3RnaXxbVWGEGQX7FYVPKM3Eg2T2zOL9fncl6yoEEkb4nAHm6iKmBqrT6hCHzQq0N94=

data/lib/spdx.rb

@@ -70,6 +70,7 @@ module Spdx
       'perl_5' => 'Artistic-1.0-Perl',
       'bsd3' => 'BSD-3-Clause',
       'bsd' => 'BSD-3-Clause',
+      'bsd license' => 'BSD-3-Clause',
       'new bsd license' => 'BSD-3-Clause',
       'gpl' => 'GPL-2.0+',
       'gpl-2 | gpl-3 [expanded from: gpl (≥ 2.0)]' => 'GPL-2.0+',

data/lib/spdx/version.rb

@@ -1,3 +1,3 @@
 module Spdx
-  VERSION = "1.3.5"
+  VERSION = "1.4.0"
 end

data/spdx.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "spdx-licenses", "~> 1.0"
+  spec.add_dependency "spdx-licenses", "~> 1.2"
   spec.add_dependency "fuzzy_match", "~> 2.1"
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "rake", "~> 12"

data/spec/spdx_spec.rb

@@ -63,26 +63,26 @@ describe Spdx do
       expect(Spdx.find("GPL-2 | GPL-3 [expanded from: GPL (≥ 2.0)]").name).to eq('GNU General Public License v2.0 or later')
       expect(Spdx.find("GPL2 w/ CPE").name).to eq('GNU General Public License v2.0 w/Classpath exception')
       expect(Spdx.find("GPL 2.0").name).to eq('GNU General Public License v2.0 only')
-      expect(Spdx.find("New BSD License (GPL-compatible)").name).to eq('BSD 3-clause "New" or "Revised" License')
+      expect(Spdx.find("New BSD License (GPL-compatible)").name).to eq('BSD 3-Clause "New" or "Revised" License')
       expect(Spdx.find("The GPL V3").name).to eq('GNU General Public License v3.0 only')
       expect(Spdx.find('perl_5').name).to eq("Artistic License 1.0 (Perl)")
-      expect(Spdx.find('BSD3').name).to eq('BSD 3-clause "New" or "Revised" License')
-      expect(Spdx.find('BSD').name).to eq('BSD 3-clause "New" or "Revised" License')
+      expect(Spdx.find('BSD3').name).to eq('BSD 3-Clause "New" or "Revised" License')
+      expect(Spdx.find('BSD').name).to eq('BSD 3-Clause "New" or "Revised" License')
       expect(Spdx.find('GPLv3').name).to eq('GNU General Public License v3.0 only')
-      expect(Spdx.find('LGPLv2 or later').name).to eq('GNU Lesser General Public License v2.1 or later')
+      expect(Spdx.find('LGPLv2 or later').name).to eq('GNU Library General Public License v2.1 or later')
       expect(Spdx.find('GPLv2 or later').name).to eq('GNU General Public License v2.0 or later')
       expect(Spdx.find('Public Domain').name).to eq('The Unlicense')
       expect(Spdx.find('GPL-2').name).to eq('GNU General Public License v2.0 only')
       expect(Spdx.find('GPL').name).to eq('GNU General Public License v2.0 or later')
-      expect(Spdx.find('GNU LESSER GENERAL PUBLIC LICENSE').name).to eq('GNU Lesser General Public License v2.1 or later')
-      expect(Spdx.find('New BSD License').name).to eq('BSD 3-clause "New" or "Revised" License')
+      expect(Spdx.find('GNU LESSER GENERAL PUBLIC LICENSE').name).to eq('GNU Library General Public License v2.1 or later')
+      expect(Spdx.find('New BSD License').name).to eq('BSD 3-Clause "New" or "Revised" License')
       expect(Spdx.find('(MIT OR X11) ').name).to eq('MIT License')
       expect(Spdx.find('mit-license').name).to eq('MIT License')
       expect(Spdx.find('lgpl-3').name).to eq('GNU Lesser General Public License v3.0 only')
       expect(Spdx.find('agpl-3').name).to eq('GNU Affero General Public License v3.0')
-      expect(Spdx.find('cc by-sa 4.0').name).to eq('Creative Commons Attribution Share Alike 4.0')
-      expect(Spdx.find('cc by-nc-sa 3.0').name).to eq('Creative Commons Attribution Non Commercial Share Alike 3.0')
-      expect(Spdx.find('cc by-sa 3.0').name).to eq('Creative Commons Attribution Share Alike 3.0')
+      expect(Spdx.find('cc by-sa 4.0').name).to eq('Creative Commons Attribution Share Alike 4.0 International')
+      expect(Spdx.find('cc by-nc-sa 3.0').name).to eq('Creative Commons Attribution Non Commercial Share Alike 3.0 Unported')
+      expect(Spdx.find('cc by-sa 3.0').name).to eq('Creative Commons Attribution Share Alike 3.0 Unported')
       expect(Spdx.find('gpl_1').name).to eq('GNU General Public License v1.0 only')
       expect(Spdx.find('gpl_2').name).to eq('GNU General Public License v2.0 only')
       expect(Spdx.find('gpl_3').name).to eq('GNU General Public License v3.0 only')
@@ -93,11 +93,11 @@ describe Spdx do
       expect(Spdx.find('lgpl_2_1').name).to eq('GNU Lesser General Public License v2.1 only')
       expect(Spdx.find('lgpl_v2_1').name).to eq('GNU Lesser General Public License v2.1 only')
 
-      expect(Spdx.find("BSD 3-Clause").name).to eq("BSD 3-clause \"New\" or \"Revised\" License")
-      expect(Spdx.find("BSD 3-clause").name).to eq("BSD 3-clause \"New\" or \"Revised\" License")
-      expect(Spdx.find("BSD 2-Clause").name).to eq("BSD 2-clause \"Simplified\" License")
-      expect(Spdx.find("BSD 2-clause").name).to eq("BSD 2-clause \"Simplified\" License")
-      expect(Spdx.find("BSD Style").name).to eq("BSD 3-clause \"New\" or \"Revised\" License")
+      expect(Spdx.find("BSD 3-Clause").name).to eq("BSD 3-Clause \"New\" or \"Revised\" License")
+      expect(Spdx.find("BSD 3-Clause").name).to eq("BSD 3-Clause \"New\" or \"Revised\" License")
+      expect(Spdx.find("BSD 2-Clause").name).to eq("BSD 2-Clause \"Simplified\" License")
+      expect(Spdx.find("BSD 2-clause").name).to eq("BSD 2-Clause \"Simplified\" License")
+      expect(Spdx.find("BSD Style").name).to eq("BSD 3-Clause \"New\" or \"Revised\" License")
 
       expect(Spdx.find("GNU LGPL v3+").name).to eq("GNU Lesser General Public License v3.0 only")
       expect(Spdx.find("ZPL 2.1").name).to eq("Zope Public License 2.1")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spdx
 version: !ruby/object:Gem::Version
-  version: 1.3.5
+  version: 1.4.0
 platform: ruby
 authors:
 - Andrew Nesbitt
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-26 00:00:00.000000000 Z
+date: 2018-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spdx-licenses
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: fuzzy_match
   requirement: !ruby/object:Gem::Requirement
@@ -90,6 +90,7 @@ files:
 - ".github/CONTRIBUTING.md"
 - ".github/ISSUE_TEMPLATE.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/SUPPORT.md"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
@@ -123,7 +124,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: A SPDX license normalizer