spdx-spec icon indicating copy to clipboard operation
spdx-spec copied to clipboard

Published 20 hours ago verified publisher icon spdx

Support for additional properties disabled in JSON schema

Open apmccartney opened this issue 2 years ago • 7 comments

As currently written, the JSON schema does not allow for additional properties to accommodate extended vendor-specific data. This appears to be at odds with the SPDX Use Cases 2.0, specifically section 16.1, Communicate data beyond what is described in spec.

Earlier versions of the schema did allow for this behavior, but that feature was disabled in commit a08ffa4.

apmccartney avatar Mar 29 '22 14:03 apmccartney

@goneall - what's been done in 2.3 schema now that it's generated?

kestewart avatar Aug 10 '22 02:08 kestewart

@kestewart Nothing has changed - as @apmccartney accurately describes, we added restrictions to the JSON schema which limited classes and properties to what was defined in the SPDX spec.

This is consistent with the other schemas.

@apmccartney - the Annotation and comments properties are commonly used to add additional data and support the referenced use case.

That being said, I'm personally open to relaxing the restrictions, but we should discuss this on one of the tech team calls and come to a consensus.

goneall avatar Aug 10 '22 05:08 goneall

@apmccartney - can you add this to an upcoming tech call agenda at: https://spdx.swinslow.net/p/spdx-tech-minutes and plan to participate in the discussion?

kestewart avatar Aug 11 '22 15:08 kestewart

Moving to 3.1 for consideration.

cc: @JPEWdev

goneall avatar Apr 04 '24 16:04 goneall

FWIW, my though is that the Extension mechanism is what should be used for additional information about Elements, and the JSON schema should retain "additionalProperties" : false (or in the newer generated schema, "unevaluatedProperties": false). The reason for this is that it signals to users if they mistype a field name, since it will fail schema validation in that case. Otherwise (for non mandatory fields) the error would go unnoticed. Also, it allows us to add more properties to the core objects without needing to worry about conflicting with properties unknown to us added by other parties.

JPEWdev avatar Apr 04 '24 16:04 JPEWdev

FWIW, my though is that the Extension mechanism is what should be used for additional information about Elements, and the JSON schema should retain "additionalProperties" : false (or in the newer generated schema, "unevaluatedProperties": false). The reason for this is that it signals to users if they mistype a field name, since it will fail schema validation in that case. Otherwise (for non mandatory fields) the error would go unnoticed. Also, it allows us to add more properties to the core objects without needing to worry about conflicting with properties unknown to us added by other parties.

Makes sense. @apmccartney - pls. take a look at the Extension class in 3.0 and if that satisfies your use case we can close this issue.

goneall avatar Apr 04 '24 21:04 goneall

Apologize for my lack communication. I've transitioned employers since initially filing this issue. I'll contact a former colleague who's in a better position to represent my former employer's use case.

apmccartney avatar Apr 05 '24 01:04 apmccartney