-
-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for SPDX v2.3 #353
base: main
Are you sure you want to change the base?
Add support for SPDX v2.3 #353
Conversation
eb35f62
to
14073c1
Compare
…92734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…34+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
… <61292734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…ers.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
ac0be49
to
30a4a1f
Compare
…er.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…inaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
Add Built Date, Release Date and Valid Until Date fields Make Packages and files properties opctional Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
… Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…ra <61292734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…Oliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…Oliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…rolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…inaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…aOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…y: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
4075c25
to
532c73c
Compare
@coderpatros @stevespringett can you review this? |
…-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…2734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…292734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
First of all thank you for the contribution. I currently maintain this project, however I know only very little about SPDX. Can you(eg. @Kiril1512) assure me, that you reviewed the code good and deep enough and @CarolinaOliiveira, that you can take time to fix bugs that might arrise from the integration of your code? |
@mtsfoni What is the strategy here with respect to version support? Support only the latest 2.x version of SPDX (or is the aim to support both 2.2 and 2.3)? |
…liiveira@users.noreply.github.com> added spdx json validator testsfor v2.2 and invalid package purpose; added converter tests from spdx v2.2 to cyclonedx Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
…iiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
@andreas-hilti the code was built to support only the latest version, if we want to support both 2.2 and 2.3 it will require a lot more work. |
Hello @mtsfoni Me and @p-brito did an extended review and also @CarolinaOliiveira updated the PR description so it will be much easier for you to navigate what was changed and allow a smoother review. This is not the first time we have contributed to this repo Add support to SPDX.xml so we can assure maintenance and bug fixing that may rise. |
…<61292734+CarolinaOliiveira@users.noreply.github.com> Signed-off-by: Carolina Oliveira <61292734+CarolinaOliiveira@users.noreply.github.com>
@mtsfoni can you please review it? |
Upgrade SPDX to version 2.3
This PR was developed to update SPDX implementation from version 2.2 to version 2.3. In this link, differences between these two versions are listed, where only the first four are relevant since annexes have not been implemented. In the following section, I’ll briefly explain the changes to version 2.3.
Added four new fields to Package Information: Primary Package Purpose, Built Date, Release Date, Valid Until Date.
Added eight hash algorithms (SHA3-256, SHA3-384, SHA3-512, BLAKE2b-256, BLAKE2b-384, BLAKE2b-512, BLAKE3, ADLER32) to the set recognized by Package Checksum field and File checksum field.
Update Package Information, File Information and Snippet information to make several of the licensing properties optional rather than requiring the use of "NOASSERTION" when no value is provided. The required fields for these sections are now:
Update Relationships between SPDX elements to add the new relationship types: REQUIREMENT_DESCRIPTION_FOR and SPECIFICATION_FOR.
Support for version 2.2: