spdx-spec
spdx-spec copied to clipboard
spdx
Redirection requirement of v3.0 URL -> latest URL
From Tech call 2024-08-13
These URLs (not an exhaustive list):
- https://spdx.github.io/spdx-spec/v3.0/model/Core/Classes/CreationInfo/
- https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/Sbom/
- https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/Sbom/
- https://spdx.github.io/spdx-spec/v3.0/model/Software/Classes/Package/
should be redirected to these URLs or displayed the content of these URLs:
- https://spdx.github.io/spdx-spec/v3.0.1/model/Core/Classes/CreationInfo/
- https://spdx.github.io/spdx-spec/v3.0.1/model/Software/Classes/Sbom/
- https://spdx.github.io/spdx-spec/v3.0.1/model/Software/Classes/Sbom/
- https://spdx.github.io/spdx-spec/v3.0.1/model/Software/Classes/Package/ (or the latest version)
The URLs are used by "Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)" and few other whitepapers to be released in a future.
For properties with "new" name
In v3.0.1, there're several fixes in property names. For example, v3.0.0 imports is v3.0.1 import. Because of that:
- Standard mkdocs redirection will redirects "v3.0/imports/" to non-exist "v3.0.1/imports/", resulting 404
- With mkdocs-redirects plugin, we may able to define a map between
importsandimport- has to explore- With some configuration work, we may able to redirect "v3.0/imports/" to "v3.0.1/import/"
(1)
Currently RDF and schema IRIs on https://spdx.org/... like:
https://spdx.org/rdf/3.0.0/spdx-context.jsonld https://spdx.org/schema/3.0.0/spdx-json-schema.json
will be redirected to the actual physical files in model/ directory on spdx-spec gh-pages:
https://spdx.github.io/spdx-spec/v3.0/model/spdx-context.jsonld https://spdx.github.io/spdx-spec/v3.0/model/schema.json
--
(2)
New schema and RDF paths on spdx-spec gh-pages are likely to be:
https://spdx.github.io/spdx-spec/v3.0.1/rdf/spdx-context.jsonld https://spdx.github.io/spdx-spec/v3.0.1/rdf/schema.json
According to
- https://github.com/spdx/spdx-spec/issues/1066
- https://github.com/spdx/spdx-spec/pull/1046#discussion_r1713022625 (expand to see zvr comment)
--
(3)
The https://spdx.github.io/spdx-spec/ website for multiple versions of spec is managed by mike.
With the requirement here to have v3.0 as a latest version, mike will overwrite v3.0/* with new path structure (from #1066), where RDF files will be in rdf/ (instead of model/).
This means the schema and RDF files will no longer available in model/ directory and will make IRIs like the following broken:
https://spdx.github.io/spdx-spec/v3.0/model/spdx-context.jsonld https://spdx.github.io/spdx-spec/v3.0/model/schema.json
Thus makes the redirections in (1) broken as well.
--
(4)
Proposal to fix
-
(mandatory) LF must change redirection of https://spdx.org/... to the new path structure
-
(optional) While it may not be possible to make a redirect from https://spdx.github.io/spdx-spec/v3.0/model/spdx-context.jsonld to https://spdx.github.io/spdx-spec/v3.0.1/rdf/spdx-context.jsonld as:
- The file is not HTML, so browser redirection with
http-equiv="refresh"doesn't work - GitHub Pages doesn't have .htaccess for Redirect directive
it is possible to make another copy of schema and RDF files from the new
rdf/directory to also be available inmodel/as well (a copying script is needed). So the IRIs like https://spdx.github.io/spdx-spec/v3.0/model/spdx-context.jsonld will still be working. (However, we should not advertise these IRIs, they are solely for fallback/backward-compatibility purpose). - The file is not HTML, so browser redirection with
Really good catch @bact
Agree with the proposal.
I can take care of the new redirect to the new path structure - just need to add it to issue #1094 so I don't forget ;)
We'll need a pull request to make the copy of the schema/RDF file to the model directory.
@goneall #1100 is now taking care of
- general 3.0/3.0.1 redirections
- 3.0.0/3.0.1 name difference redirections
- schema/RDF files copying