-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change declared and concluded licenses to relationships #448
Conversation
Implements decision made on whether licenses should be a property or relationship on the 2023-05-02 tech call Note that this introduces issues as documented in #254 This fixes the parsing errors #443 Also fixes #Signed-off-by: Gary O'Neall <[email protected]>
Per the minutes from 2023-05-02 @kestewart @tsteenbe and @swinslow are to review the pull request for changing from properties to relationships. |
Note: I would like to merge this to fix the parser errors. |
@@ -25,10 +25,12 @@ between a Package and a File, between two Packages, or between one SPDXDocument | |||
- buildDependency: Every `to` Element is a build dependency of the `from` Element | |||
- buildTool: Build tool used to build an Element. This may be used to describe the build tool of a Build instance | |||
- coordinatedBy: (Security) Used to identify the vendor, researcher, or consumer agent performing coordination for a vulnerability | |||
- concludedLicense: Identifies the license that that SPDX data creator has concluded as governing the software Package, File or Snippet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
... "governing the software Artifact."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please be explicit, what is "to" and what is "from" here
- contains: Every `to` Element is contained by the `from` Element | ||
- configOf: (Build) Configuration information applied to an Element instance during a LifeycleScopeType period. Example: Build configuration of the build instance | ||
- copy: Every `to` Element is a copy of the `from` Element | ||
- dataFile: Every `to` Element is a data file related to the the `from` Element | ||
- declaredLicense: dentifies the license information actually found in the software Package, File or Snippet, for example as detected by use of automated tooling. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"software Artifact"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aslo please fix typo "dentifies" --> "Identifies", can you also be explict as to the "to" and "from". ie. what goes on which side of the relationship.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated per comments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please be explicit about what is "to" and what should be "from" for concludedLicense & declaredLicense.
- contains: Every `to` Element is contained by the `from` Element | ||
- configOf: (Build) Configuration information applied to an Element instance during a LifeycleScopeType period. Example: Build configuration of the build instance | ||
- copy: Every `to` Element is a copy of the `from` Element | ||
- dataFile: Every `to` Element is a data file related to the the `from` Element | ||
- declaredLicense: dentifies the license information actually found in the software Package, File or Snippet, for example as detected by use of automated tooling. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aslo please fix typo "dentifies" --> "Identifies", can you also be explict as to the "to" and "from". ie. what goes on which side of the relationship.
@@ -25,10 +25,12 @@ between a Package and a File, between two Packages, or between one SPDXDocument | |||
- buildDependency: Every `to` Element is a build dependency of the `from` Element | |||
- buildTool: Build tool used to build an Element. This may be used to describe the build tool of a Build instance | |||
- coordinatedBy: (Security) Used to identify the vendor, researcher, or consumer agent performing coordination for a vulnerability | |||
- concludedLicense: Identifies the license that that SPDX data creator has concluded as governing the software Package, File or Snippet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please be explicit, what is "to" and what is "from" here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. That fixes the issue note.
Since @zvr is away from the office this week and I have made his requested changes plus we have a positive review from @kestewart , I'm going to merge this. It should fix the error's we're seeing in the CI. If anyone has any additional improvements on this, please open a new PR. |
Implements decision made on whether licenses should be a property or relationship on the 2023-05-02 tech call
Note that this introduces issues as documented in #254
This fixes the parsing errors #443
Also fixes #Signed-off-by: Gary O'Neall [email protected]