New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce SPDX compatible shortnames #855
Comments
Makes absolutely sense from my opinion. needs to be placed at various locations (candidate licenses, add license, license import by CSV) though, and also we need a policy how to deal with importing licenses and a non-SPDX name is found. Simple error in the import log (which is returned on the page) would be enough imho. |
|
@MaximilianHuber https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 has the official specification, which doesn't mention length restrictions. Is the |
I think spdx-tools is using the regex defined here: https://github.com/spdx/tools/blob/02657c72bec23a0f3a2578f6f63e2f0a89235309/src/org/spdx/rdfparser/SpdxRdfConstants.java#L254
EDIT: Regex was updated in this commit. I've updated the code block above with the change. |
@timurphy You are absolutely right. I have found the restriction somewhere in the correct context and have copied it without thinking. |
It might be good to enforce SPDX compatible shortnames, i.e which satisfy that they are made up of the characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', '.', and '-'.
Otherwise are the generated SPDX Documents possibly not valid. The broken files then can not be parsed with the spdx-tools.
The enforcing can be done by disallowing the creation of licenses with invalid shortnames.
Additionally it would be good if we fail the SPDX generation if it would contain invalid shortnames.
The text was updated successfully, but these errors were encountered: