Hi All, There has been a small discrepancy in the SPDX 2.2 JSON schema and the SPDX spec for a while: the 2.2 spec <https://spdx.github.io/spdx-spec/v2.2.2/package-information/#721-external-reference-field> indicates External Reference Category should have a value of: SECURITY | PACKAGE-MANAGER | PERSISTENT-ID | OTHER, however the latest JSON schema <https://github.com/spdx/spdx-spec/blob/development/v2.2.2/schemas/spdx-schema.json#L320> has values of: "OTHER", "PERSISTENT_ID", "SECURITY", "PACKAGE_MANAGER". Note the differences between dash and underscore.
As I understand it, the guidance has been that tools should accept both values (e.g. PACKAGE_MANAGER and PACKAGE-MANAGER). Would it be possible to get a new version of the 2.2 schema published that includes the correct values? The 2.3 schema already has this <https://github.com/spdx/spdx-spec/blob/development/v2.3.1/schemas/spdx-schema.json#L325>, but some users are still tied to 2.2 and it would be nice to have this corrected so documents adhering to the SPDX spec are also valid against the JSON schema. Would a GitHub issue be a better place for this request? Thanks, -Keith Zantow -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1628): https://lists.spdx.org/g/spdx/message/1628 Mute This Topic: https://lists.spdx.org/mt/97165456/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
