tools-python
tools-python copied to clipboard
spdx
A Python library to parse, validate and create SPDX documents.
We have to implement functions that convert our model into an RDF graph and back. This will allow for easy serialization and validation with SHACL.
The [ExternalIdentifier](https://github.com/spdx/tools-python/blob/main/src/spdx_tools/spdx3/model/external_identifier.py) class file identifierLocator property should be optional. It is not clear how the dataclass tagging for Optional and List properties interact, but messages without that property should be...
The [SPDX model files](https://github.com/spdx/spdx-3-model/blob/main/model/Core/Classes/ExternalIdentifier.md) have properties with camelCase names: ``` - externalIdentifierType - type: ExternalIdentifierType - minCount: 1 - maxCount: 1 ``` but the [tool class files](https://github.com/spdx/tools-python/blob/main/src/spdx_tools/spdx3/model/external_identifier.py) have snake_case property...
In the current implementation the `OrLaterOperator`is not used when converting license expressions from 2.3 to 3.0. There is an open issue concerning the mismatch of classes (https://github.com/spdx/spdx-3-model/issues/324) in the spdx-3-model....
Depending on the solution of https://github.com/spdx/spdx-3-model/issues/319 we need to implement the conversion for `license_comment`. Subtask of #427
The `jsonschema` package is currently rather full and incomprehensible. Introducing a new subpackage `conversion` can change that.
#562 added an optional feature to generate a graph representing all relationships defined in the document. To run this feature the user needs to install the package `networkx`. As this...
The conversion of relationships from SPDX 2 to SPDX 3 needs to be updated to match the spec (cited below). A relationship to `NONE` or `NOASSERTION` affects the completeness of...
The sdist at https://pypi.org/project/spdx-tools/0.7.0a3/#files includes two files `spdx/parsers/{parser.out,parsetab.py}` which are apparently not part of the source, and these are being installed. They look like generated artifacts of the tests. I...
Over at at reuse-tool we're [looking into adopting this library for the SPDX handling](https://github.com/fsfe/reuse-tool/issues/671). As reuse-tool is [present in many distributions](https://repology.org/project/reuse/versions), we have to be considerate to our distribution packaging...
