Hello SPDX community,
I have a question on Relationship and RelationshipType also.
Is "RelationshipType" DESCRIBES limited to describing relationships between
SPDX documents and software packages?
Here is some background on the question;
In consideration that a Usage Profile informs the terms of use of
deliverables from a supplier downstream, the issue is how to express the
relationship between a profile and software packages.
Here, if the 3.0 model Relationship follows the v2.3 specification, using
DESCRIBES looks to have less impact. However, DESCRIBES is defined to
indicate the relationship between an SPDX Document and software packages it
covers [1], and an SPDX Document has only one as itself [2]. In that case,
a profile should be configured as its SPDX Document as its own. Also,
CONTAINS is better used only for evaluating the relationship between
software packages for machine readability, so it is unsuitable for
expressing the relationship between a profile and software packages.
If the answer to the question is YES, we should find another way.
Considering to evaluate the relationship between SPDX elements only with
"relationshipType" concisely and to indicate the relationship between a
profile and software packages clearly, we may introduce a new identifier
for a profile and a new "RelationshipType" to show the relationship between
a profile and software packages.
The following is just my opinion.
New SPDX identifier field
Profile SPDX identifier field
Format: "SPDXRef-PROFILE-"[idstring]
Example:
SPDXID: SPDXRef-PROFILE-USAGE-1
New RelationshipType
RelationshipType: COVERS
Example:
"relationships": [
{
"relationshipType": "COVERS",
"relatedSpdxElement": "SPDXRef-PROFILE-USAGE-1",
"spdxElementId": "SPDXRef-1"
}
],
Any comments are really welcome!
[1]
https://spdx.github.io/spdx-spec/v2.3/relationships-between-SPDX-elements/
[2]
https://spdx.github.io/spdx-spec/v2.3/document-creation-information/#63-spdx-identifier-field
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4948): https://lists.spdx.org/g/Spdx-tech/message/4948
Mute This Topic: https://lists.spdx.org/mt/96574608/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
