Hi Keith,
Please feel free to create an issue and/or a pull requests for the 2.2 JSON schema update. If there are no objections, we can merge it into the 2.2 spec branch. Thanks, Gary From: [email protected] <[email protected]> On Behalf Of Keith Zantow via lists.spdx.org Sent: Wednesday, February 22, 2023 9:47 AM To: [email protected] Subject: [spdx] JSON schema v2.2 PACKAGE_MANAGER discrepancy Hi All, There has been a small discrepancy in the SPDX 2.2 JSON schema and the SPDX spec for a while: the 2.2 spec <https://spdx.github.io/spdx-spec/v2.2.2/package-information/#721-external-reference-field> indicates External Reference Category should have a value of: SECURITY | PACKAGE-MANAGER | PERSISTENT-ID | OTHER, however the latest JSON schema <https://github.com/spdx/spdx-spec/blob/development/v2.2.2/schemas/spdx-schema.json#L320> has values of: "OTHER", "PERSISTENT_ID", "SECURITY", "PACKAGE_MANAGER". Note the differences between dash and underscore. As I understand it, the guidance has been that tools should accept both values (e.g. PACKAGE_MANAGER and PACKAGE-MANAGER). Would it be possible to get a new version of the 2.2 schema published that includes the correct values? The 2.3 schema already has this <https://github.com/spdx/spdx-spec/blob/development/v2.3.1/schemas/spdx-schema.json#L325> , but some users are still tied to 2.2 and it would be nice to have this corrected so documents adhering to the SPDX spec are also valid against the JSON schema. Would a GitHub issue be a better place for this request? Thanks, -Keith Zantow -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1629): https://lists.spdx.org/g/spdx/message/1629 Mute This Topic: https://lists.spdx.org/mt/97165456/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
