The PackageVerificationCode is a strange field, the "required"-ness of it is specified in the cardinality text: "0..1 if FilesAnalyzed (7.8) is true or omitted, 0..0 (must be omitted) if FilesAnalyzed is false". The way I read this is: it is *required* if FilesAnalyzed is true, but it *must be omitted* if FilesAnalyzed is false. I think the slightly confusing bit is the 0..1, I think it would make more sense if it read: "1..1 if FilesAnalyzed (7.8) is true or omitted, 0..0 (must be omitted) if FilesAnalyzed is false". If this is an accurate understanding, maybe this could be updated in the spec?
-Keith On Wed, Mar 1, 2023 at 9:40 AM Brandon Lum via lists.spdx.org <lumb= [email protected]> wrote: > Hi! > > I have a quick question about required and cardinality. I was looking at > the docs from yesterday's meeting and noticed that for PackageVerification > code > <https://spdx.github.io/spdx-spec/v2.3/package-information/#79-package-verification-code-field>, > the cardinality is 0..1 or 0..0 but required is YES. Can someone help with > how it should be expressed? There's probably some nuance I'm not > understanding here. Thanks! > > Brandon > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5004): https://lists.spdx.org/g/Spdx-tech/message/5004 Mute This Topic: https://lists.spdx.org/mt/97316018/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
