Greetings,
From: [email protected] <[email protected]> On Behalf Of Yasutake Kurita Sent: Thursday, March 28, 2024 7:52 PM To: [email protected] Subject: [spdx-tech] Questions about package checksum? Questions about the following items. https://spdx.github.io/spdx-spec/v2.3/package-information/#710-package-checksum-field Am I correct in understanding that if a package consists of a single file, such as a ZIP file, the checksum of that file is described? [G.O.] Yes If a package consists of multiple files that are not compressed, what should be written in the checksum? [G.O.] In this case, the Package Verification Code should be used in place of the checksum. See https://github.com/spdx/spdx-spec/blob/development/v2.3.1/chapters/how-to-use.md#k3-verifying-spdx-packages for a more complete description. Regards, Yasutake Kurita. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5587): https://lists.spdx.org/g/Spdx-tech/message/5587 Mute This Topic: https://lists.spdx.org/mt/105210336/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
