spdx-spec icon indicating copy to clipboard operation
spdx-spec copied to clipboard
verified publisher icon spdx

Problem of cardinality in some of fields

Open dyphn1 opened this issue 3 years ago • 3 comments

In the SPDX version 2.3 spec.

The PackageName field cardinality is 1..1. But in the sample that have more than on package described in one SPDX file.

Does it correct? How do I know exactly how many times those fields can appear in SPDX?

Like LicenseID Could it describe more than one times?

Because now I have a package with two extra-license files.

dyphn1 avatar Nov 30 '22 01:11 dyphn1

PackageName is part of the Package Information section, so I'd take the 1..1 cardinality to mean it appears exactly once per package. Similarly, LicenseID is defined once per custom license.

alilleybrinker avatar Nov 30 '22 02:11 alilleybrinker

I see. So cardinality decide that how many times the description could be described on each paragraph. Right?

So, If I describe a paragraph like this

LicenseID: LicenseRef-1

....

# Package glibc
PackageName: glibc
...
PackageLicenseConcluded: LicenseRef-1 AND Zlib
...
LicenseID: LicenseRef-2
...
FileName: ./docs/xxx.txt
LicenseConcluded: LicenseRef-1 AND LicenseRef-2

# Package Saxon
PackageName: Saxon
....
PackageLicenseConcluded: LicenseRef-1 AND GPL-2
...
LicenseID: LicenseRef-3
...
FileName: ./docs/sss.txt
LicenseConcluded: LicenseRef-1 AND LicenseRef-3

Is this correct?

dyphn1 avatar Nov 30 '22 05:11 dyphn1

I think once per package, not once per paragraph, but otherwise yes.

alilleybrinker avatar Dec 02 '22 15:12 alilleybrinker

I believe this has been answered - closing issue as resolved

goneall avatar Apr 04 '24 23:04 goneall