Many of the implementations that participated in the DocFest did not include the "relative path" (/) syntax. The online validation tool will pass an SBOM that does not contain the relative path filename syntax.
Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership Never trust software, always verify and report! <https://reliableenergyanalytics.com/products> T http://www.reliableenergyanalytics.com <http://www.reliableenergyanalytics.com/> Email: [email protected] <mailto:[email protected]> Tel: +1 978-696-1788 From: [email protected] <[email protected]> On Behalf Of Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) Sent: Tuesday, September 5, 2023 6:44 AM To: spdx-tech <[email protected]> Subject: [spdx-tech] Question about FileName syntaxe Hello, This is related to <https://github.com/spdx/Spdx-Java-Library/issues/195> https://github.com/spdx/Spdx-Java-Library/issues/195 FileName is defined in the spec as "a relative filename". So, we should reject as invalid a FileName starting with "/". The spec then says "In general, every filename is preceded with a ./" Is this mandatory? In other words, should we reject: FileName: package/foo.c What is your opinion? Best regards, Marc-Etienne Vargenau -- Marc-Etienne Vargenau <mailto:[email protected]> [email protected] Nokia, 12, rue Jean-Bart, 91300 Massy, FRANCE Mobile: <tel:+33624497868> +33 6 24 49 78 68 Senior Specialist Open Source Planned absence: none -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5328): https://lists.spdx.org/g/Spdx-tech/message/5328 Mute This Topic: https://lists.spdx.org/mt/101166533/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
