Hi Anthony and Rose,
Thanks for bumping this up. This fell off my radar and definitely should be resolved. First, I want to apologize for the general inconsistency between JSON and the spec. I should have caught these earlier. I also missed the issue 813 <https://github.com/spdx/spdx-spec/issues/813> comment which I just responded to. Since 3.0 allow for breaking changes, we should be able to fix all the Enum inconsistencies. All - please review for this (and other) inconsistencies in the serialization specifications for 3.0 and help make sure we don’t make any similar mistakes. Best, Gary From: [email protected] <[email protected]> On Behalf Of Anthony Harrison Sent: Tuesday, April 11, 2023 9:26 AM To: Rose Judge <[email protected]> Cc: [email protected] Subject: Re: [spdx-tech] Clarifcation on Package Purpose Thanks Rose Good to see I am not the only one finding these issues. I note that the Python SPDX tool library assumes OPERATING-SYSTEM and I think this is preferable to having an _ and is consistent with CycloneDX.. Supporting both - and _ is not a good solution IMHO. At the moment we have at least 2 inconsistencies between two SPDX products (online validator and Python SPDX tool library) which is not ideal. Anthony On Tue, 11 Apr 2023 at 16:49, Rose Judge <[email protected] <mailto:[email protected]> > wrote: Hi Anthony, This issue is documented here as well: https://github.com/spdx/spdx-spec/issues/813 and also similar to https://github.com/spdx/spdx-spec/issues/792 which was resolved by allowing both – and _: https://github.com/spdx/spdx-spec/pull/793. Based off these issues I would assume either is correct but Gary can confirm. -Rose From: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > on behalf of Anthony Harrison via lists.spdx.org <http://lists.spdx.org> <[email protected] <mailto:[email protected]> > Date: Tuesday, April 11, 2023 at 7:42 AM To: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > Subject: [spdx-tech] Clarifcation on Package Purpose !! External Email According to Clause 7.24.1, of SPDX 2.3 spec, OPERATING-SYSTEM is a valid package purpose. However if I look at the JSON spec (https://github.com/spdx/spdx-spec/blob/master/schemas/spdx-schema.json), this is OPERATING_SYSTEM (note the subtle difference between the - and _). The online validator allows OPERATING_SYSTEM and not OPERATING-SYSTEM as a valid purpose. There is clearly some inconsistency here. Which is correct? (For reference, the equivalent value in CycloneDX is 'operating-system') Anthony !! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5074): https://lists.spdx.org/g/Spdx-tech/message/5074 Mute This Topic: https://lists.spdx.org/mt/98199005/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
