In implementing the SPDX 2.0 model, I found a minor inconsistency. Although I would like to address this for SPDX 2.0, I am concerned it may cause a delay. Perhaps we could discuss on Tuesday's call.
Here's the issue: In the model, SpdxFile is a subclass of SpdxItem. SpdxItem has a licenseDeclared property. SpdxFile has a licenseInfoInFile property. licenseInfoInFile is a subproperty of licenseDeclared. So far, so good. The problem is that the range (or type, if you happen to be writing Java code) for licenseDeclared and licenseInfoInFile is different. licenseDeclared is AnyLicenseInfo and licenseInfoInFile is one or more SimpleLicenseingInfo. This creates an inconsistency which I believe actually reflects itself in the spec. It would be more consistent if the range of licenseInfoInFile were AnyLicenseInfo. Below are some options I can think of: 1. Leave it as is and live with the inconsistency for SPDX 2.0. Document it as a bug. 2. Change the range for licenseInfoInFile to be an AnyLicenseInfo. This would create an incompatibility with the previous versions in that only one licenseInfoInFile would be allowed. 3. Change the model to remove declaredLicense from SpdxItem and move it to all of it's subclasses. I'm OK with #1 or #2 - I don't like 3 since I believe the intent of the SpdxItem is to represent a copyrightable item which should have a licenseDeclared property. For now, I am going to implement option 1 by allowing multiple licenseInfoInFile, but I will immediately convert it to a single DisjunctiveLicenseSet for forward compatibility if we go with option 2 in the future. Gary ------------------------------------------------- Gary O'Neall Principal Consultant Source Auditor Inc. Mobile: 408.805.0586 Email: <mailto:g...@sourceauditor.com> g...@sourceauditor.com
_______________________________________________ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
