You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The spec is a bit weird about the external reference categories
When looking at the reference category documentation the following values are allowed: SECURITY | PACKAGE-MANAGER | PERSISTENT-ID | OTHER
If you have a look at the json schema in the v2.2.2 tag the allowed values are "OTHER", "SECURITY", "PACKAGE_MANAGER"
This was raised in #792. It was decided that both values should be read, but the hyphens are be preferred over underscores. However, the docs nor the schema state this.
I guess this means that the 2.2.2 schema got amended after the fact, which is fine i guess(?), but now it's inconsistent between the documentation and there are different schema files floating around.
What schema file should be used when validating, reading and writing SPDX files?
Should the docs be changed to include both hyphens and underscore values?
The text was updated successfully, but these errors were encountered:
I would recommend using the draft schema. If we end up doing another dot release of SPDX 2, it will include a fully documented official fix - until then, I'll be using the draft schema.
The spec is a bit weird about the external reference categories
When looking at the reference category documentation the following values are allowed:
SECURITY | PACKAGE-MANAGER | PERSISTENT-ID | OTHER
If you have a look at the json schema in the v2.2.2 tag the allowed values are
"OTHER", "SECURITY", "PACKAGE_MANAGER"
This was raised in #792. It was decided that both values should be read, but the hyphens are be preferred over underscores. However, the docs nor the schema state this.
In issue CycloneDX/cyclonedx-dotnet-library#267 (comment) @andreas-hilti found that there is a development branch with a schema file with updated enum values:
"OTHER", "PERSISTENT-ID", "PERSISTENT_ID", "SECURITY", "PACKAGE-MANAGER", "PACKAGE_MANAGER"
I guess this means that the 2.2.2 schema got amended after the fact, which is fine i guess(?), but now it's inconsistent between the documentation and there are different schema files floating around.
What schema file should be used when validating, reading and writing SPDX files?
Should the docs be changed to include both hyphens and underscore values?
The text was updated successfully, but these errors were encountered: