Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use simpler notation for ExternalRefs in JSON, YAML and XML #156

Closed
tsteenbe opened this issue Nov 19, 2019 · 5 comments
Closed

Use simpler notation for ExternalRefs in JSON, YAML and XML #156

tsteenbe opened this issue Nov 19, 2019 · 5 comments
Labels
new format
Milestone
2.2

Comments

@tsteenbe
Copy link
Member

In the SPDX 2.2 YAML example I found

externalRefs:
  - referenceCategory: "referenceCategory_security"
    referenceType:
      referenceTypeUri: "http://spdx.org/rdf/references/cpe23Type"
    referenceLocator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*"
    comment: null

which seems to based on below RDF example in the SPDX 2.1 spec

<spdx:externalRef>
  <spdx:ExternalRef>
    <spdx:referenceCategory rdf:resouce=”http://spdx.org/rdf/terms#referenceCategory_packageManager” />
    <spdx:referenceType rdf:resource=”http://spdx.org/rdf/refeferences/maven-central” />
    <spdx:referenceLocator>org.apache.commons:commons-lang:3.2.1</spdx:referenceLocator>
  </spdx:ExternalRef>
</spdx:externalRef>

Propose to simplify the format for ExternalRef to:

externalRefs:
 - category: "SECURITY"
    type: "cpe23Type"
    locator: "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*"
    comment: ""
@tsteenbe tsteenbe added this to the 2.2 milestone Nov 19, 2019
@tsteenbe
Copy link
Member Author

Proposal based on discussion in the SPDX Tech call on November 19, 2019 - agreed by @kestewart, @goneall, @zvr and @swinslow.

@kestewart
Copy link
Contributor

Reviewed with wider set in today's call, no issues raise. Waiting for PR.

@swinslow
Copy link
Member

FYI, in #182 (if it gets merged) I fixed the enums as part of the broader enum reworking, but hadn't otherwise touched the format of ExternalRefs.

@goneall
Copy link
Member

goneall commented Jan 29, 2020
edited

Going back over the open issues, it looks like this one is partially resolved.

There was an issue raised on the email thread about incompatibilities between the names of the different formats.

Based on that, I am now thinking we leave the property names in their longer forms so that we don't have a different name for the RDF/XML. Perhaps we can revisit in 3.0 and change the property names for all of the document formats.

There is also an argument to be made to leave the property names in their long form to better describe the semantics for the property name. In the RDF world this is important since the property names carry specific semantic information which can be used in queries.

@kestewart
Copy link
Contributor

From call, Gary indicates that this has been fixed, and all the property names have been addressed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new format
Projects
None yet
Milestone
2.2
Development

No branches or pull requests
5 participants
@goneall @tsteenbe @swinslow @iamwillbar @kestewart