-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add PURL and CPE into the SPDX examples file #473
Comments
That would help us a lot ;-) |
Still not being successful in using PURL with SPDX. Trying to convert this example into Tag format --> error message in the context of package mgrs. Whatever I've tried within last weeks, I get problems with PURL, let it be Dependency Track, OSS Review Toolkit, SPDX converter, it leads to problems. I believe having examples would help all of us quite a bit. |
@MarkusTe The error is due to issue 16 in the SPDX Java Jackson Store. The spec isn't clear on if we should be using the Tag/Value format of It looks like ORT is using the dashes while the other SPDX tools are expecting the underscrore. @tsteenbe @zvr any opinions on which of these formats should be used in JSON/YAML? If the consensus is to use dashes, I can fix the Java code be compatible. |
Why am I reminded of #58? |
Good memory @zvr ! It is a bit of a pain to deal with dashes in a serialization format that doesn't support them. Java, for examples, doesn't support dashes in enums. |
FYI, @tsteenbe fixed ORT to use underscores in oss-review-toolkit/ort#3867 some two weeks ago. |
Based on this, I'll leave the Java implementation as is - it will be consistent with ORT |
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
…473 Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
I just added a PR to add a purl example. Please review PR #509 and let me know if this works. My apologies for the randomizing of the element order making the diffs rather useless - a side-effect of using tools to generate the examples. |
Assuming that the examples are accepted as correct, here my findings as expected
|
…473 Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
Now that Package URL's and CPE references are supported, we should add those to the examples
The text was updated successfully, but these errors were encountered: