Merge pull request #897 from boschglobal/mkurzman_20241011

.github/workflows/validate-pr.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
             python-version: "3.12"

CHANGELOG.md

@@ -1,6 +1,6 @@
 # Change Log
 
-## 3.0.1 (under development - last update 2024-08-14)
+## 3.0.1 (Unrelease - under development - last update 2024-09-25)
 
 ### Changes since 3.0
 
@@ -23,11 +23,24 @@
 - **Added:** `adler32` entry to `Core/HashAlgorithm` - [#826](https://github.com/spdx/spdx-3-model/pull/826)
   - The Adler-32 checksum, previously available in SPDX 2.3, has been
     reintroduced.
-- **Clarified:** `AI/autonomyType` property - [#741](https://github.com/spdx/spdx-3-model/pull/741)
+- **Added:** `Core/SpdxOrganization` - [#880](https://github.com/spdx/spdx-3-model/pull/880)
+  - An `SpdxOrganization` individual, an Organization representing the SPDX
+    Project, is added. It is by definition the creator of all Element type individuals 
+    defined by the SPDX Project.
+- **Clarified:** `AI/autonomyType` - [#741](https://github.com/spdx/spdx-3-model/pull/741)
   - Specified the meaning of `yes`, `no`, and `noAssertion` values in the
     `AI/autonomyType` property description.
+- **Clarified:** `Build/buildType` - [#875](https://github.com/spdx/spdx-3-model/pull/875)
+  - Its intent is added: "The buildType is used to interpret the meaning of
+    other build parameters by defining the "type" of build...".
+- **Clarified:** `hasData` entry in `Core/RelationshipType` - [#815](https://github.com/spdx/spdx-3-model/pull/815)
 - **Improved:** JSON-LD examples.
   - All JSON-LD examples in the "Syntax" section of class descriptions are now
-    validated.
+    validated - [#794](https://github.com/spdx/spdx-3-model/pull/794)
   - Added JSON-LD examples for `AI/EnergyConsumption` and
-    `AI/EnergyConsumptionDescription`.
+    `AI/EnergyConsumptionDescription` - [#780](https://github.com/spdx/spdx-3-model/pull/780)
+- **Updated:** Model diagrams.
+  - Use updated names
+  - Specify XSD data types
+  - All named individuals are removed - [#884](https://github.com/spdx/spdx-3-model/pull/884)
+- General typos and formatting fixes

Glossary.md

@@ -11,7 +11,7 @@ A process that takes data in any valid form (e.g., various serializations of SPD
 
 ## Class
 
-A represention of a scope/set of individual instances of a particular “concept” (e.g., File, Person, ExternalReference, etc.).
+A representation of a scope/set of individual instances of a particular “concept” (e.g., File, Person, ExternalReference, etc.).
 
 Each individual instance of a class has an Internationalized Resource Identifier (IRI) and is asserted as a member of a particular class via a type statement.
 
@@ -25,7 +25,7 @@ One example could be the requirement of a specific hash algorithm to be present.
 
 ## Core
 
-The namespace which contains definitions and constraints for all concpet classes and properties which are common to all other domains within the targeted scope of SPDX.
+The namespace which contains definitions and constraints for all concept classes and properties which are common to all other domains within the targeted scope of SPDX.
 
 ## Datatype property
 

model/AI/AI.md

@@ -25,8 +25,7 @@ the following has to hold:
 
 1. for every `/AI/AIPackage` there MUST exist exactly one `/Core/Relationship`
    of type `hasConcludedLicense` having that element as its `from` property
-   and an `/SimpleLicensing/AnyLicenseInfo` as its `to` property.
+   and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property.
 2. for every `/AI/AIPackage` there MUST exist exactly one `/Core/Relationship`
    of type `hasDeclaredLicense` having that element as its `from` property
-   and an `/SimpleLicensing/AnyLicenseInfo` as its `to` property.
-
+   and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property.

model/Build/Build.md

@@ -31,9 +31,9 @@ In addition, the following Relationship Types may be used to describe a Build.
   or host.
 - configures: Describes the relationship from a configuration to the Build
   element.
-- ancestorOf: Describes a relationship from a Build element to Build eelements
+- ancestorOf: Describes a relationship from a Build element to Build elements
   that describe its child builds.
-- decendentOf: Describes a relationship from a child Build element to its
+- descendantOf: Describes a relationship from a child Build element to its
   parent.
 - usesTool: Describes a relationship from a Build element to a build tool.
 

model/Build/Properties/buildType.md

@@ -18,7 +18,7 @@ elements, it means they are the same kind of build, but difference instances
 and possible with different configurations.
 
 If you are not using a well-known buildType, it should be namespaced to a
-domain you own to prevent conflicts with other builtType IRIs.
+domain you own to prevent conflicts with other buildType IRIs.
 
 Examples of a buildType might be:
 

model/Core/Datatypes/MediaType.md

@@ -5,7 +5,7 @@ SPDX-License-Identifier: Community-Spec-1.0
 ## Summary
 
 Standardized way of indicating the type of content of an Element or a Property.
-A String constrained to the RFC 2046 specificiation.
+A String constrained to the RFC 2046 specification.
 
 ## Description
 

model/Core/Individuals/NoAssertionElement.md

@@ -23,7 +23,7 @@ For example, a Relationship with
 and
 `to`=NoAssertionElement
 is explicitly expressing that
-no assertion is being made about any potential descendents of Element1.
+no assertion is being made about any potential descendants of Element1.
 
 ## Metadata
 

model/Core/Individuals/NoneElement.md

@@ -17,7 +17,7 @@ For example, a Relationship with
 `from`=Element1,
 and `to`=NoneElement
 is explicitly expressing an assertion that
-Element1 has no descendents.
+Element1 has no descendants.
 
 ## Metadata
 

model/Core/Individuals/SpdxOrganization.md

@@ -9,7 +9,8 @@ An Organization representing the SPDX Project.
 ## Description
 
 SpdxOrganization is an Organization representing the SPDX Project.
-It is by definition the creator of all individuals defined by the SPDX Project.
+It is by definition the creator of all Element type individuals defined by
+the SPDX Project.
 These individuals include licences and exceptions defined in the SPDX License
 List, as well as individuals defined in the specification.
 

model/Core/Properties/dataLicense.md

@@ -23,7 +23,6 @@ and the identification of the supplier of SPDX files.
 Compliance with this document includes populating the SPDX fields therein
 with data related to such fields ("SPDX-Metadata").
 
-
 This document contains numerous fields where an SPDX file creator may provide
 relevant explanatory text in SPDX-Metadata. Without opining on the lawfulness
 of "database rights" (in jurisdictions where applicable),

model/Core/Properties/externalSpdxId.md

@@ -9,7 +9,7 @@ external to that SpdxDocument.
 
 ## Description
 
-ExternalSpdxId identifies an external Element used within an SpdxDocument but
+An externalSpdxId identifies an external Element used within an SpdxDocument but
 defined external to that SpdxDocument.
 
 ## Metadata

model/Core/Properties/hashValue.md

@@ -8,7 +8,7 @@ The result of applying a hash algorithm to an Element.
 
 ## Description
 
-HashValue is the result of applying a hash algorithm to an Element.
+A hashValue is the result of applying a hash algorithm to an Element.
 
 ## Metadata
 

model/Core/Properties/import.md

@@ -8,7 +8,7 @@ Provides an ExternalMap of Element identifiers.
 
 ## Description
 
-Import provides an ExternalMap of an Element identifier that is used within a
+An import provides an ExternalMap of an Element identifier that is used within a
 document but defined external to that document.
 
 ## Metadata

model/Core/Properties/originatedBy.md

@@ -8,7 +8,7 @@ Identifies from where or whom the Element originally came.
 
 ## Description
 
-OriginatedBy identifies from where or whom the Element originally came.
+An originatedBy identifies from where or whom the Element originally came.
 
 ## Metadata
 

model/Core/Properties/spdxId.md

@@ -8,7 +8,7 @@ Identifies an Element to be referenced by other Elements.
 
 ## Description
 
-SpdxId uniquely identifies an Element which may thereby be referenced by other Elements.
+An spdxId uniquely identifies an Element which may thereby be referenced by other Elements.
 These references may be internal or external.
 While there may be several versions of the same Element, each one needs to be able to be referred to uniquely
 so that relationships between Elements can be clearly articulated.

model/Core/Properties/verifiedUsing.md

@@ -9,7 +9,7 @@ asserted.
 
 ## Description
 
-VerifiedUsing provides an IntegrityMethod with which the integrity of an
+A verifiedUsing provides an IntegrityMethod with which the integrity of an
 Element can be asserted.
 
 Please note that different profiles may also provide additional methods for

model/Core/Vocabularies/AnnotationType.md

@@ -16,5 +16,5 @@ AnnotationType specifies the type of an annotation.
 
 ## Entries
 
-- other: Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element).
+- other: Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element).
 - review: Used when someone reviews the Element.

model/Core/Vocabularies/ExternalIdentifierType.md

@@ -8,7 +8,7 @@ Specifies the type of an external identifier.
 
 ## Description
 
-ExteralIdentifierType specifies the type of an external identifier.
+ExternalIdentifierType specifies the type of an external identifier.
 
 ## Metadata
 

model/Core/Vocabularies/RelationshipType.md

@@ -73,7 +73,7 @@ name completes the sentence:
 - hasVariant: Every `to` Element is a variant the `from` Element (`from` hasVariant `to`).
 - invokedBy: The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step).
 - modifiedBy: The `from` Element is modified by each `to` Element.
-- other: Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless).
+- other: Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless).
 - packagedBy: Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`).
 - patchedBy: Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`).
 - publishedBy: Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent.

model/Dataset/Dataset.md

@@ -24,9 +24,9 @@ the following has to hold:
 
 1. for every `/Dataset/DatasetPackage` there MUST exist exactly one
    `/Core/Relationship` of type `hasConcludedLicense` having that element as its
-   `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
     property.
 2. for every `/Dataset/DatasetPackage` there MUST exist exactly one
    `/Core/Relationship` of type `hasDeclaredLicense` having that element as its
-   `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
     property.

model/Licensing/Licensing.md

@@ -119,5 +119,5 @@ the following has to hold:
 
 1. for every `/Software/SoftwareArtifact` there MUST exist exactly one
    `/Core/Relationship` of type `hasConcludedLicense` having that element as
-   its `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   its `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
    property.

model/Lite/Lite.md

@@ -40,11 +40,11 @@ Additionally:
 
 1. for every `/Software/Package` there MUST exist exactly one
    `/Core/Relationship` of type `hasConcludedLicense` having that element as
-   its `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   its `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
    property.
 2. for every `/Software/Package` there MUST exist exactly one
    `/Core/Relationship` of type `hasDeclaredLicense` having that element as its
-   `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
    property.
 
 For a `/Core/SpdxDocument` to be conformant with this profile, the following has to hold:

model/Operations/Classes/ApplicationFacts.md

@@ -0,0 +1,100 @@
+SPDX-License-Identifier: Community-Spec-1.0
+
+# ApplicationFacts
+
+## Summary
+
+The Application facts summarize the business context metadata of an application. An application may consist of one to n deliverables.
+
+## Description
+
+The Application Facts are collected all along the product lifecyle and contents may be updated when the product reaches a new phase.
+```
+
+## Metadata
+
+- name: ApplicationFacts
+- SubclassOf: tbd
+- Instantiability: Concrete
+
+## Properties
+
+- productOwner
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- documentationLink
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- productAccessURL
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- commentComment
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- distributedDeliverables
+  - type: tbd
+  - minCount: 1
+  - maxCount: n
+
+- technicalDeploymnent
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- contact
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- scope
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- relationType
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- supplyChainContext
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- releaseCycles
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- fossComplianceBundelProvision
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- contractSetup
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- fossTermsTowardsCustomer
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- distributionTermsTowardsCustomer
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1
+
+- customerFossContact
+  - type: tbd
+  - minCount: 1
+  - maxCount: 1