tools-python icon indicating copy to clipboard operation
tools-python copied to clipboard

Published 20 hours ago verified publisher icon spdx

Wrong conversion of relationships to NONE or NOASSERTION

Open meretp opened this issue 2 years ago • 2 comments

The conversion of relationships from SPDX 2 to SPDX 3 needs to be updated to match the spec (cited below). A relationship to NONE or NOASSERTION affects the completeness of other relationships from that element, not the relationships itself.

In cases where there are "known unknowns", the use of the keyword NOASSERTION can be used on the right hand side of a relationship to indicate that the author is not asserting whether there are other SPDX elements (package/file/snippet) that are connected by relationships or not. That is, there could be some, but the author is not asserting one way or another.

Similarly, the use of the keyword NONE can be used to indicate that an SPDX element (package/file/snippet) has no other elements connected by some relationship to it.

meretp avatar Jan 25 '23 11:01 meretp

I would like to work on this issue but I am new to open-source contributions so can you please elaborate on this issue? thank you

HarshvMahawar avatar Mar 15 '23 18:03 HarshvMahawar

Hi @HarshvMahawar! The definition for SPDX3.0 is still in progress and so is this completeness property for relationships. Therefore, this issue ican't be solved for now.

meretp avatar Mar 16 '23 10:03 meretp