I'm curious what the motivation is for paths being relative. If I scan an image, for example, I would expect to see absolute paths to the files within the image filesystem, rather than those being translated to relative paths.
Cheers, -Keith On Tue, Sep 5, 2023 at 11:48 AM Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) <[email protected]> wrote: > Hi William, > > > > I think https://www.ietf.org/rfc/rfc3986.txt only allows “/”, not “\”. > > > > Marc-Etienne > > > > -- > Marc-Etienne Vargenau [email protected] > Nokia, 12, rue Jean-Bart, 91300 Massy, FRANCE > Mobile: +33 6 24 49 78 68 <+33624497868> > > Senior Specialist Open Source > Planned absence: *none* > > > > > > *De : *William Bartholomew (CELA) <[email protected]> > *Date : *mardi, 5 septembre 2023 à 17:43 > *À : *Marc-Etienne Vargenau (Nokia) <[email protected]>, > 'spdx-tech' <[email protected]>, Richard Brooks < > [email protected]> > *Objet : *Re: [EXTERNAL] Re: [spdx-tech] Question about FileName syntaxe > > I would recommend against requiring the "./" prefix, but still require > that the path be relative (and clarifying that is relative to the location > of the package that the file is contained in). We may also want to clarify > whether you can use Windows-style path separators ("\") or only Linux-style > ones ("/"), and we should say that a relative path can't backtrack (i.e. no > ".."). > > > > William > ------------------------------ > > *From:* [email protected] <[email protected]> on behalf of > Dick Brooks via lists.spdx.org <dick= > [email protected]> > *Sent:* Tuesday, September 5, 2023 4:12 AM > *To:* 'Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay)' < > [email protected]>; 'spdx-tech' <[email protected]> > *Subject:* [EXTERNAL] Re: [spdx-tech] Question about FileName syntaxe > > > > Many of the implementations that participated in the DocFest did not > include the “relative path” (/) syntax. The online validation tool will > pass an SBOM that does not contain the relative path filename syntax. > > > > Thanks, > > > > Dick Brooks > > > > *Active Member of the CISA Critical Manufacturing Sector, * > > *Sector Coordinating Council – A Public-Private Partnership* > > > > *Never trust software, always verify and report! > <https://reliableenergyanalytics.com/products>* ™ > > http://www.reliableenergyanalytics.com > > Email: [email protected] > > Tel: +1 978-696-1788 > > > > > > *From:* [email protected] <[email protected]> *On Behalf Of > *Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) > *Sent:* Tuesday, September 5, 2023 6:44 AM > *To:* spdx-tech <[email protected]> > *Subject:* [spdx-tech] Question about FileName syntaxe > > > > Hello, > > > > This is related to https://github.com/spdx/Spdx-Java-Library/issues/195 > > > > FileName is defined in the spec as “a relative filename”. > > > > So, we should reject as invalid a FileName starting with “/”. > > > > The spec then says “In general, every filename is preceded with a ./” > > Is this mandatory? > > > > In other words, should we reject: > > FileName: package/foo.c > > > > What is your opinion? > > > > Best regards, > > > > Marc-Etienne Vargenau > > > > -- > Marc-Etienne Vargenau [email protected] > Nokia, 12, rue Jean-Bart, 91300 Massy, FRANCE > Mobile: +33 6 24 49 78 68 <+33624497868> > > Senior Specialist Open Source > Planned absence: *none* > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5334): https://lists.spdx.org/g/Spdx-tech/message/5334 Mute This Topic: https://lists.spdx.org/mt/101166533/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
