You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An internal tool is failing to validate SPDX files which use PACKAGE_MANAGER as an ExternalPackageRefCategory. Presumably PERSISTENT_ID would fail validation as well.
According to SPDX 2.2.2 spec, those underscores should be dashes, i.e. PACKAGE-MANAGER and PERSISTENT-ID.
This is an old issue with the specification that regularly resurfaces, see for example here: spdx/spdx-spec#792.
The SPDX python tools support both versions (with dash or underscore) when parsing JSON/YAML/XML formats.
Do you have a specific issue with the python-tools?
In my case, the internal tools are going by the spec which uses dashes, and so are rejecting the generated SPDX from this repository. Is there a version of the spec that uses underscores, or is this simply to accommodate other implementations? I don't have a problem with accepting both, but would hope we would generate using dashes to conform to the spec (unless I am simply misinformed and looking at the wrong spec!!). Currently, I have to run a filter over the generated SPDX to replace the underscores with dashes. Only then can I upload into our own database, otherwise it is rejected.
An internal tool is failing to validate SPDX files which use PACKAGE_MANAGER as an ExternalPackageRefCategory. Presumably PERSISTENT_ID would fail validation as well.
According to SPDX 2.2.2 spec, those underscores should be dashes, i.e. PACKAGE-MANAGER and PERSISTENT-ID.
Same is true in SPDX 2.3 spec
The text was updated successfully, but these errors were encountered: