Hi Dick, Currently, the Python tools complain when the path is absolute (beginning with “/”). The Java tools (used by the online tools) currently do not complain. The ticket below is for implementing the same control in Java as in Python.
We will issue an error if the path starts with “/”. But the precise question was: should we issue an error if the path does not start with “./” ? Marc-Etienne Vargenau -- Marc-Etienne Vargenau [email protected]<mailto:[email protected]> Nokia, 12, rue Jean-Bart, 91300 Massy, FRANCE Mobile: +33 6 24 49 78 68<tel:+33624497868> Senior Specialist Open Source Planned absence: none De : Dick Brooks <[email protected]> Date : mardi, 5 septembre 2023 à 13:12 À : Marc-Etienne Vargenau (Nokia) <[email protected]>, 'spdx-tech' <[email protected]> Objet : RE: [spdx-tech] Question about FileName syntaxe Many of the implementations that participated in the DocFest did not include the “relative path” (/) syntax. The online validation tool will pass an SBOM that does not contain the relative path filename syntax. Thanks, Dick Brooks [cid:[email protected]] [cid:[email protected]] Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report!<https://reliableenergyanalytics.com/products> ™ http://www.reliableenergyanalytics.com<http://www.reliableenergyanalytics.com/> Email: [email protected]<mailto:[email protected]> Tel: +1 978-696-1788 From: [email protected] <[email protected]> On Behalf Of Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) Sent: Tuesday, September 5, 2023 6:44 AM To: spdx-tech <[email protected]> Subject: [spdx-tech] Question about FileName syntaxe Hello, This is related to https://github.com/spdx/Spdx-Java-Library/issues/195 FileName is defined in the spec as “a relative filename”. So, we should reject as invalid a FileName starting with “/”. The spec then says “In general, every filename is preceded with a ./” Is this mandatory? In other words, should we reject: FileName: package/foo.c What is your opinion? Best regards, Marc-Etienne Vargenau -- Marc-Etienne Vargenau [email protected]<mailto:[email protected]> Nokia, 12, rue Jean-Bart, 91300 Massy, FRANCE Mobile: +33 6 24 49 78 68<tel:+33624497868> Senior Specialist Open Source Planned absence: none -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5330): https://lists.spdx.org/g/Spdx-tech/message/5330 Mute This Topic: https://lists.spdx.org/mt/101166533/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
