Jeff Schutt

The `ExternalDocumentRef` `[Checksum]` value in [Section 6.6.1 Table 7](https://github.com/spdx/spdx-spec/blob/development/v2.2.1/chapters/document-creation-information.md#66-external-document-references-field-) refers back to the list of supported checksum algorithms described in the `FileChecksum` field of File Information [Section 8.4](https://github.com/spdx/spdx-spec/blob/development/v2.2.1/chapters/file-information.md#84-file-checksum-field-). So updates...

I support this idea and encourage continued collaboration and alignment between SLSA and SBOM standards in whatever form it takes, e.g. by directly implementing the SPDX 3.0 Build Profile for...

Following up on this topic after our discussion today, @stevespringett. Thanks for the details :) ``` > In purl, the namespace is optional, but the name is required. Do gitboms...

## 1. PURL Syntax: `scheme:type/namespace/name@version?qualifiers#subpath` * Part of the Gitoid Identifier Type, the `Git Object Type` and the `GitBOM hash algorithm` would be placed in the Package URL `type` field...

If I'm interpreting the [purl spec](https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst) correctly, then I believe that this is an invalid syntax as PURL won't allow a colon (`:`) as part of the type field.

## 2. PURL Syntax: `scheme:type/namespace/name@version?qualifiers#subpath` * Parts of the Gitoid Identifier Type, the `Git Object Type`, would be placed in the Package URL `type` field. * Part of the Gitoid...

## 3. PURL Syntax: `scheme:type/namespace/name@version?qualifiers#subpath` * Part of the Gitoid Identifier Type, the `GitBOM hash algorithm` would be placed in the `type` field. * The `GitBOM Artifact Identifier` would be...

@iamwillbar I discussed this with the GitBOM community and yes, this is reasonable. We agree with explicitly including the hash algorithm in the scheme, by using “%3A” encoding of the...