Dear all, I would like to second Nisha's request, and also to elaborate on a few solutions for the first point.
------------- # 1: File Elements have a 'path' property on them ## Pros: - Makes it easy for SBOM consumers to locate the file - Does not require extensive changes to the specification ## Cons: - Effectively prevents reuse of Elements (one of the key opportunities of SPDX 3.0) by making Files specific to their 'containing' Package Element. ------------- # 2: 'path' property is a field on the Contains relationship ## Pros: - Allows reuse of File Elements between Packages ## Cons: - Requires adding extra fields to the Relationship Element, which up until this point has had only 'relationship' type and 'comment' ------------- # 3: a new Element is created for mapping between Element IDs and file paths ## Pros: - Faciliates reuse of Elements - Only requires one new Relationship type (from Package to itself) ## Cons: I can't think of any ;) ------------- Out of these, #2 or #3 would be my favoured options. Best wishes, Sebastian On Tue, Jun 14, 2022 at 06:00:01AM -0700, Nisha Kumar wrote: > Hello, > > The build profile group would like some feedback on some discussion topics > that came up during our meetings. I was wondering if we could add this to > today's (Jun 14) agenda: > > - A package includes or contains files, which has hashes but does not > necessary encode any path information. > > - Expressing environment variables as a "Map" object. > > Thanks. > > -- > nisha > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4579): https://lists.spdx.org/g/Spdx-tech/message/4579 Mute This Topic: https://lists.spdx.org/mt/91748372/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
