spdx-spec icon indicating copy to clipboard operation
spdx-spec copied to clipboard
verified publisher icon spdx

Inconsistency in the date format example and specification

Open goneall opened this issue 4 years ago • 3 comments

The Created field in the document Creation information specifies The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard. However, the milliseconds is not included in the SPDX format definition even though it is allowed in the ISO 8601 standard.

This has been reported as an issue for the SPDX online tools.

goneall avatar Mar 14 '21 23:03 goneall

It looks like most uses of the date do not include the milliseconds, but this does cause an inconsistency.

We can either add a qualification to the ISO 8601 statement:

The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard without the milliseconds.

Alternatively, we can add an optional (emphasis on optional) milliseconds to the format table.

goneall avatar Mar 14 '21 23:03 goneall

Note that the Java tools were just updated to allow the milliseconds in the verification to resolve the online tools issue.

Before Java version 8, this would have been a somewhat challenging change. It may be difficult for other libraries to fully support this format.

goneall avatar Mar 14 '21 23:03 goneall

@goneall if we're going this deep, I'd really like to actually exactly specify what is allowed there: Full ISO-8601? Full RFC-3339? Something else?

My vote: leave the format definition as in the spec, YYYY-MM-DDThh:mm:ssZ and add some wording about "format like ISO-8601/RFC-3339". I think it would be too complicated to allow all formats allowed by any of these standards.

Examples for your entertainment:

  • RFC-3339 accepts 2021-03-15 17:51:23+00:00, while ISO-8601 does not (no space between date and time, has to be a T
  • ISO-8601 accepts 2021-03-15T17:51:23,456 with a comma , separating fractional numbers. FYI, log4j produces these by default
  • ISO-8601 accepts reduced precision, like 210315 -- omitting century and time, omitting hyphens
  • ISO-8601 also accepts calendar week and date numbers(!)

Let's avoid all this and specify a single format.

zvr avatar Mar 15 '21 17:03 zvr

In the SPDX 3.0 spec, we use the actual REGEX, so I think this can be closed.

@zvr if you disagree, please open a new issue or (better yet) pull request.

goneall avatar Apr 04 '24 16:04 goneall