Merge branch 'spdx:main' into add-spec-markdown-docs

.github/workflows/validate-pr.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
             python-version: "3.12"

CHANGELOG.md

@@ -1,6 +1,6 @@
 # Change Log
 
-## 3.0.1 (under development - last update 2024-08-14)
+## 3.0.1 (Unrelease - under development - last update 2024-09-25)
 
 ### Changes since 3.0
 
@@ -23,11 +23,24 @@
 - **Added:** `adler32` entry to `Core/HashAlgorithm` - [#826](https://github.com/spdx/spdx-3-model/pull/826)
   - The Adler-32 checksum, previously available in SPDX 2.3, has been
     reintroduced.
-- **Clarified:** `AI/autonomyType` property - [#741](https://github.com/spdx/spdx-3-model/pull/741)
+- **Added:** `Core/SpdxOrganization` - [#880](https://github.com/spdx/spdx-3-model/pull/880)
+  - An `SpdxOrganization` individual, an Organization representing the SPDX
+    Project, is added. It is by definition the creator of all Element type individuals 
+    defined by the SPDX Project.
+- **Clarified:** `AI/autonomyType` - [#741](https://github.com/spdx/spdx-3-model/pull/741)
   - Specified the meaning of `yes`, `no`, and `noAssertion` values in the
     `AI/autonomyType` property description.
+- **Clarified:** `Build/buildType` - [#875](https://github.com/spdx/spdx-3-model/pull/875)
+  - Its intent is added: "The buildType is used to interpret the meaning of
+    other build parameters by defining the "type" of build...".
+- **Clarified:** `hasData` entry in `Core/RelationshipType` - [#815](https://github.com/spdx/spdx-3-model/pull/815)
 - **Improved:** JSON-LD examples.
   - All JSON-LD examples in the "Syntax" section of class descriptions are now
-    validated.
+    validated - [#794](https://github.com/spdx/spdx-3-model/pull/794)
   - Added JSON-LD examples for `AI/EnergyConsumption` and
-    `AI/EnergyConsumptionDescription`.
+    `AI/EnergyConsumptionDescription` - [#780](https://github.com/spdx/spdx-3-model/pull/780)
+- **Updated:** Model diagrams.
+  - Use updated names
+  - Specify XSD data types
+  - All named individuals are removed - [#884](https://github.com/spdx/spdx-3-model/pull/884)
+- General typos and formatting fixes

model/AI/AI.md

@@ -25,8 +25,7 @@ the following has to hold:
 
 1. for every `/AI/AIPackage` there MUST exist exactly one `/Core/Relationship`
    of type `hasConcludedLicense` having that element as its `from` property
-   and an `/SimpleLicensing/AnyLicenseInfo` as its `to` property.
+   and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property.
 2. for every `/AI/AIPackage` there MUST exist exactly one `/Core/Relationship`
    of type `hasDeclaredLicense` having that element as its `from` property
-   and an `/SimpleLicensing/AnyLicenseInfo` as its `to` property.
-
+   and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property.

model/Core/Datatypes/MediaType.md

@@ -5,7 +5,7 @@ SPDX-License-Identifier: Community-Spec-1.0
 ## Summary
 
 Standardized way of indicating the type of content of an Element or a Property.
-A String constrained to the RFC 2046 specificiation.
+A String constrained to the RFC 2046 specification.
 
 ## Description
 

model/Core/Individuals/NoAssertionElement.md

@@ -23,7 +23,7 @@ For example, a Relationship with
 and
 `to`=NoAssertionElement
 is explicitly expressing that
-no assertion is being made about any potential descendents of Element1.
+no assertion is being made about any potential descendants of Element1.
 
 ## Metadata
 

model/Core/Individuals/NoneElement.md

@@ -17,7 +17,7 @@ For example, a Relationship with
 `from`=Element1,
 and `to`=NoneElement
 is explicitly expressing an assertion that
-Element1 has no descendents.
+Element1 has no descendants.
 
 ## Metadata
 

model/Core/Individuals/SpdxOrganization.md

@@ -9,7 +9,8 @@ An Organization representing the SPDX Project.
 ## Description
 
 SpdxOrganization is an Organization representing the SPDX Project.
-It is by definition the creator of all individuals defined by the SPDX Project.
+It is by definition the creator of all Element type individuals defined by
+the SPDX Project.
 These individuals include licences and exceptions defined in the SPDX License
 List, as well as individuals defined in the specification.
 

model/Dataset/Dataset.md

@@ -24,9 +24,9 @@ the following has to hold:
 
 1. for every `/Dataset/DatasetPackage` there MUST exist exactly one
    `/Core/Relationship` of type `hasConcludedLicense` having that element as its
-   `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
     property.
 2. for every `/Dataset/DatasetPackage` there MUST exist exactly one
    `/Core/Relationship` of type `hasDeclaredLicense` having that element as its
-   `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
     property.

model/Licensing/Licensing.md

@@ -119,5 +119,5 @@ the following has to hold:
 
 1. for every `/Software/SoftwareArtifact` there MUST exist exactly one
    `/Core/Relationship` of type `hasConcludedLicense` having that element as
-   its `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   its `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
    property.

model/Lite/Lite.md

@@ -40,11 +40,11 @@ Additionally:
 
 1. for every `/Software/Package` there MUST exist exactly one
    `/Core/Relationship` of type `hasConcludedLicense` having that element as
-   its `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   its `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
    property.
 2. for every `/Software/Package` there MUST exist exactly one
    `/Core/Relationship` of type `hasDeclaredLicense` having that element as its
-   `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to`
+   `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to`
    property.
 
 For a `/Core/SpdxDocument` to be conformant with this profile, the following has to hold:

model/Security/Classes/VexVulnAssessmentRelationship.md

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Community-Spec-1.0
 
 ## Summary
 
-Asbtract ancestor class for all VEX relationships
+Abstract ancestor class for all VEX relationships
 
 ## Description
 
@@ -17,10 +17,10 @@ When linking elements using a VexVulnAssessmentRelationship, the following
 requirements must be observed:
 
 - The from: end must be a /Security/Vulnerability classed element
-- The to: end must point to elements representing the VEX _products_.
+- The to: end must point to elements representing the VEX *products*.
 
 To specify a different element where the vulnerability was detected, the VEX
-relationship can optionally specify _subcomponents_ using the assessedElement
+relationship can optionally specify *subcomponents* using the assessedElement
 property.
 
 VEX inherits information from the document level down to its statements. When a