William, Thanks. I was confusing graph equivalence (if Alice and Bob each create an SBOM for Package X, are the SBOMs equivalent?) with data equivalence (canonicalization). As you say, each element has a unique SPDXID. But even if Alice and Bob screw up and assign colliding IDs that aren't discovered until the two SBOMs are entered into the same element store, the elements still have different creation information.
So this isn't a canonicalization problem at all. Or as Emily Litella would say, "never mind". Regards, David On Sat, Aug 20, 2022 at 1:52 PM William Bartholomew (CELA) < [email protected]> wrote: > I want to separate my thoughts on this from decisions that were already > made for 3.0, not saying we can't reopen them but the bar for that should > be high. The decisions that have already been made are: > > 1. We will identify each relationship type as either directional or > non-directional (DESCRIBES is directional, RELATED_TO is not). > 2. For directional relationships from: X to: Y and from: Y to: X are > not equal, for non-directional relationships from: X to: Y and from: Y to: > X are equal. > 3. We will remove the inverse relationship types for directional > relationships since the same can be achieved by inverting the to: and > from:. > 4. To decide which of the inverse relationships to keep we'll use two > criteria: > 1. The one where the to: direction makes more sense to be plural > (since as you point out the from: is singular). > 2. The most common direction (if these are in conflict, we'll need > to evaluate). > > I think this helps with canonicalization because it clarifies the rules > around directionality and equality. The other thing to remember is that > relationships are elements, as a result they have unique identities, so > from a canonicalization perspective two relationships, even if they express > the same relations, will canonicalize differently because of the SPDXID of > the relationship element itself. > > William > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4749): https://lists.spdx.org/g/Spdx-tech/message/4749 Mute This Topic: https://lists.spdx.org/mt/93147542/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
