Add the SPDX Cryptographic Algorithm List to the SPDX website

[toscalix]

Background

The List has gone through a process of inception. The standard requires that any reference is published so, given that the new SPDX standard uses the List as reference, it is time to publish it on the SPDX website

These are the main references to check:

• License List repository including the XML source and schema files used to generate the authoritative, supported SPDX list file formats, including:
  • the web pages you see at spdx.org/licenses
  • other generated data formats found in the SPDX license-list-data repository.

The build process of the list is described in the README.md file of the license-list-data repository

The documentation The Cryptography Team needs to take as reference is the documentation included in the DOCS folder of the release-list-XML repository

This is the output of the License List in marcdown format

Rationale

The publication of the SPDX Cryptographic Algorithm List will follow a mix of two processes:

• the mechanism established by SPDX for the SPDX License List where there is a root page including the Full name and the ID as main piece of information. The, the rest of the information corresponding to each license is published as child-page, using the full name of the licenses and link to each license page.
  • SPDX has developed an automated mechanism to create the website version of the list as well as in other formats, published in the license-list-data repository
  • It has also developed an online tool to submit the licenses requests.
• the specs, where a python script generates , using templates, the static pages of the website, published at github.io

Based on them, a specific release process and deployment process should be developed, including the corresponding toolchain.

Description

There are several group of actions that should be performed to publish the CryptAlg List on the website:

• Improve the existing documentation and create new one: Create a DOCS folder with some documents #56 Add the process to include and remove algorithms to CONTRIBITING.md #59
• Design the Release process
  • A specific issue has been created for this action SPDX Cryptographic Algorithm List release policy #52
• Design the Deployment process
• Documentation: a specific issue has been created to track this action Create a DOCS folder with some documents #56
  • Generate the missing documentation
  • Update existing documentation
• Implement the Deployment process
  • Develop the script cryptalg-parser
• Validate the deployment toolchain
• First release and deployment

Actions

Design the release process

• Design, approve, create and publish the release process SPDX Cryptographic Algorithm List release policy #52

Design the deployment process

• Learn about List Publisher
• Look for and designate and engineer to coordinate and execute the technical work associated to the List deployment
• Create a draft of the deployment requirements
• Agreement on the deployment requirements

Website design

• List layout on the website
  • Discussion during the cryptography group meeting about the website layout
  • Decide about the website layout for the list
    • The layout will include three columns: Full name, id and CryptoClass
  • Detailed proposal of the website layout presented to the Cryptography Group
  • Agreement on the detailed proposal

Implementation of the website

The actions related with the cryptalg-parser and other elements needed to publish the SPDX CryptoAlg List on the website will be described in #58

Documentation

• Create and add to the repository the mandatory documentation Create a DOCS folder with some documents #56
• Adapt CONTRIBUTING.md including the addition and deprecation/removal process Add the process to include and remove algorithms to CONTRIBITING.md #59

Deployment validation

First release and deployment of the List

DoD

• Release process
  • Link to the release process document:
• Deployment process
  • Link to the deployment process design:
• Website design
• cryptalg-parser
  • Link to the cryptalg-parser
  • Link to the List website:
• Documentation
  • Link to the docs folder:
  • Link to the documents:
  • Link to the enhanced CONTRIBUTING.md
• Deployment validation
• First release and deployment of the List
  • Link to the List website:
  • Link to the output repository:

[toscalix]

The decision about the website layout for the list, taken during the meeting on 2026-02-04 has been added to the action section of this ticket, for the record

[toscalix]

I have created a second version of the repository structure and deployment design:

• spdx-crypt-alg-website-workflow.pdf

The url of the input/output repositories might need to be different, according to @zvr , due to technical restrictions, since the subdomain and the output repository should have the "same name".

This point will be discussed during the Cryptography meeting, since it might require renaming the input reopsitory

[toscalix]

• Redesigned this ticket to serve as epic
• Created Create a DOCS folder with some documents #56

[toscalix]

New iddue created to enhance CONTRIBUTING.md including the algorithms removal and addition process #59