JSON is not copatible with v2.2 spec - "packages" and "files" lists should be outside "documentDescribes"

[yanyag]

I see a major gap between the the v2.2 spec and the current python-tool implementation of the JSON format. In https://github.com/Yash-Varshney/tools-python/issues/9 discussion with @Yash-Varshney, @goneall have processed to add spec issue around it.

Python-tool (presently)	Java-tool (v2.2)	proposed	Spec
[MAJOR CHANGE] documentDescribes contains Package and Files	documentDescribes is only a list and packages and files another separate entity	Add spec issue	documentDescribes should only be the top-level package/file that the document describes, not the entire list - may need more research
Package is a dict	Package is a list in which there is dict ex. [{}]	Add spec issue	This is related to the documentDescribes difference

The v2.2 spec points to https://github.com/spdx/spdx-spec/blob/master/schemas/spdx-schema.json schema. In addition, all the other spdx tools implementations are aligned with the spec (java-tools, golang, etc).

I think that we should align the python-tool as well, to complete the v2.2 support (formally declared as WIP now). Do you guys agree? Do you have any plans/roadmap of closing the v2.2 support gap?

Thanks, Yan

[dholth]

I am also having this issue. The json generated by tools-python does not validate against spdx-schema.json.