The "ah ha" moment for me out of the last meeting was that ContextualCollection
and Package were trying to do double duty, representing both a grouping of
elements (metadata about artifacts) and describing the artifacts contained
within another artifact. This also overlapped with the purpose of the CONTAINS
relationship which is used to describe the artifacts contained within another
artifact.
If we split these purposes and say that:
1. ContextualCollection is a grouping of elements
2. Package is a grouping of artifacts
3. CONTAINS relationship is the only method to describe the artifacts
contained within another artifact
Then you get the benefits of grouping of elements (being able to refer to a set
of elements so you can re-use them) but you avoid the multiple methods of
describing artifacts contained within another artifact.
A couple of examples:
* These are logically equivalent:
* PackageA (artifact) CONTAINS (relationship) FileA (artifact) and FileB
(artifact)
* PackageA (artifact) CONTAINS (relationship) PackageAContents
(contextualcollection) which includes FileA (artifact) and FileB (artifact)
* So are these:
* PackageA (artifact) DEPENDS_ON (relationship) PackageB (artifact) and
PackageC (artifact)
* PackageA (artifact) DEPENDS_ON (relationship) PackageADependencies
(contextualcollection) which includes PackageB (artifact) and PackageC
(artifact)
Another way of thinking about it is that ContextualCollection has meaning
inside the SPDX realm whereas Relationships have meaning in the "real world".
Regards,
William Bartholomew (he/him) - Let's
chat<https://outlook.office.com/findtime/[email protected]&anonymous&ep=plink>
Principal Security Strategist
Cybersecurity Policy - Digital Diplomacy
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4262): https://lists.spdx.org/g/Spdx-tech/message/4262
Mute This Topic: https://lists.spdx.org/mt/87262902/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
