Change declared and concluded licenses to relationships #448
Conversation
|
Per the minutes from 2023-05-02 @kestewart @tsteenbe and @swinslow are to review the pull request for changing from properties to relationships. |
|
Note: I would like to merge this to fix the parser errors. |
| @@ -25,10 +25,12 @@ between a Package and a File, between two Packages, or between one SPDXDocument | |||
| - buildDependency: Every `to` Element is a build dependency of the `from` Element | |||
| - buildTool: Build tool used to build an Element. This may be used to describe the build tool of a Build instance | |||
| - coordinatedBy: (Security) Used to identify the vendor, researcher, or consumer agent performing coordination for a vulnerability | |||
| - concludedLicense: Identifies the license that that SPDX data creator has concluded as governing the software Package, File or Snippet. | |||
There was a problem hiding this comment.
... "governing the software Artifact."
There was a problem hiding this comment.
Please be explicit, what is "to" and what is "from" here
| - contains: Every `to` Element is contained by the `from` Element | ||
| - configOf: (Build) Configuration information applied to an Element instance during a LifeycleScopeType period. Example: Build configuration of the build instance | ||
| - copy: Every `to` Element is a copy of the `from` Element | ||
| - dataFile: Every `to` Element is a data file related to the the `from` Element | ||
| - declaredLicense: dentifies the license information actually found in the software Package, File or Snippet, for example as detected by use of automated tooling. |
There was a problem hiding this comment.
aslo please fix typo "dentifies" --> "Identifies", can you also be explict as to the "to" and "from". ie. what goes on which side of the relationship.
| - contains: Every `to` Element is contained by the `from` Element | ||
| - configOf: (Build) Configuration information applied to an Element instance during a LifeycleScopeType period. Example: Build configuration of the build instance | ||
| - copy: Every `to` Element is a copy of the `from` Element | ||
| - dataFile: Every `to` Element is a data file related to the the `from` Element | ||
| - declaredLicense: dentifies the license information actually found in the software Package, File or Snippet, for example as detected by use of automated tooling. |
There was a problem hiding this comment.
aslo please fix typo "dentifies" --> "Identifies", can you also be explict as to the "to" and "from". ie. what goes on which side of the relationship.
| @@ -25,10 +25,12 @@ between a Package and a File, between two Packages, or between one SPDXDocument | |||
| - buildDependency: Every `to` Element is a build dependency of the `from` Element | |||
| - buildTool: Build tool used to build an Element. This may be used to describe the build tool of a Build instance | |||
| - coordinatedBy: (Security) Used to identify the vendor, researcher, or consumer agent performing coordination for a vulnerability | |||
| - concludedLicense: Identifies the license that that SPDX data creator has concluded as governing the software Package, File or Snippet. | |||
There was a problem hiding this comment.
Please be explicit, what is "to" and what is "from" here
|
Since @zvr is away from the office this week and I have made his requested changes plus we have a positive review from @kestewart , I'm going to merge this. It should fix the error's we're seeing in the CI. If anyone has any additional improvements on this, please open a new PR. |
Implements decision made on whether licenses should be a property or relationship on the 2023-05-02 tech call
Note that this introduces issues as documented in #254
This fixes the parsing errors #443
Also fixes #Signed-off-by: Gary O'Neall gary@sourceauditor.com