Gary O'Neall
Gary O'Neall
Validation is currently failing. There are 3 categories of errors. Not sure if this is an issue with the validator or the example file. Some sample errors from each category:...
> Decimal data type validation This validation issue can be solved by enclosing the decimal values in quotes. FYI - @JPEWdev - your suggestion worked :)
Most validation issues have been fixed. There is one remaining issue with a class constraint on `customlicense1` I created a separate SPDX example file [expanded-license-example.json](https://github.com/user-attachments/files/23402090/expanded-license-example.json) with just the expanded licensing...
Fixed validation issue - it was a duplicate IRI for customlicense1. @JPEWdev @bact @zvr - If I could get a couple reviews, we can merge
As part of the spdx-3-model CI, we could generate a new example each time based on the generated SHACL file. This would eliminate the need to manually commit updates on...
> Ha. I got it now, the JSON can be generated from SHACL. Populate anything that will fit the restrictions. I think it's good if we want some examples for...
Having a `downloadLocation` at the `Software/SoftwareArtifact` level makes sense to me - in addition to packages, files - and even snippets - can have a URL location associated with them....
@zvr Good point - although a file still may have a download location even though it is not intended to be distributed. That being said, perhaps we should leave the...
From 16 September 2025 Tech call: - We lack a relationship for describing the modified files to originating upstream package. At a file to file level, we are coherent. But...
> Thank you [@goneall](https://github.com/goneall). I believe the "derived from" relationship could be appropriate for scenario 2 — file to package. However, this relationship is not currently included in the SPDX...