Gary,
I agree with your point about minor releases. I view V 2.3 as something beyond a minor release largely because of the introduction of PackagePurpose, which could result in the replacement of some “File” objects with Package objects, in order to express versioning information. REA is planning to replace all of it’s SPDX generated “File” objects with “Package” objects containing a PackagePurpose = “File” in order to properly meet NTIA minimum element requirements for Executive Order 14028. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 From: [email protected] <[email protected]> On Behalf Of Gary O'Neall Sent: Tuesday, June 7, 2022 3:58 PM To: [email protected]; 'SPDX Technical Mailing List' <[email protected]> Subject: Re: [spdx-tech] Question about minor version changes Hi Brandon, From: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > On Behalf Of Brandon Lum via lists.spdx.org Sent: Tuesday, June 7, 2022 12:53 PM To: SPDX Technical Mailing List <[email protected] <mailto:[email protected]> > Subject: [spdx-tech] Question about minor version changes I'm currently thinking about some QOL ideas for the golang library, hopefully to add some helpers to interface with some of the consumers of the library i've been talking to. Pardon the ignorance on some of these topics. It is unfortunate I have a conflict with the tooling WG, but I guess that would have been the best place to bring up this question. Is there a description of what's considered a minor version / major version change for SPDX? I am asking this from a tooling perspective where I'm considering adding in function receivers (for tools-golang repo). Assuming there is some level of backward compatibility, would there be a change in behavior of how certain fields are handled? (i.e. can we take an SPDX 2.1 document and convert it to 2.2 and have all operations done on it be valid?). Would it be fair to also say that a 2.2 element would encapsulate all fields of a 2.1 element? And that one could embed the struct within it? [G.O.] I believe the answer is yes – minor versions should be backwards compatible. New fields may be added and the cardinality for a given field may be changed from required to optional – so the validation would be updated, but in general the datastructure should be compatible. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4563): https://lists.spdx.org/g/Spdx-tech/message/4563 Mute This Topic: https://lists.spdx.org/mt/91609001/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
