spdx-spec icon indicating copy to clipboard operation
spdx-spec copied to clipboard
verified publisher icon spdx

Proposal add UNKNOWN as possible value for related SPDX elements

Open goneall opened this issue 5 years ago • 0 comments

Proposal: Introduce a value for related SPDX element UNKNOWN defined as there being a related element but the identity of the related element is unknown.

Background:

In the SPDX spec version 2.2, we added NOASSERTION and NONE as possible values for the related SPDX element (e.g. Relationship: SPDXRef-BobBrowser CONTAINS NOASSERTION).

The value NOASSERTION is defined to allow for 0 or 1 unknown SPDX element to be related. There are use cases where the author would like to communicate there is definitely a related element, they just don't know what the element ID is.

For example, a file is known to be auto generated, but the author does not now or did not capture which tool generated the file. To capture the autogenerated file, we could use the relationship Relationship: SPDXRef-generatedFile GENERATED_FROM UNKNOWN.

goneall avatar May 26 '20 15:05 goneall