Steve Winslow
Steve Winslow
Hi @wallrat, You may have seen that I asked about this in the main SPDX 2.x spec repo, at https://github.com/spdx/spdx-spec/issues/870. Based on the discussion there, it sounds like "validation" for...
Hi @chewong, just to confirm, were you using the SPDX-2.1 parser (`tvloader/parser2v1`) or the SPDX-2.2 parser (`tvloader/parser2v2`)? SHA512 wasn't a valid optional checksum in SPDX v2.1 (see [SPDX 2.1 spec...
Having now taken a closer look at this (finally): This is a bug which does need to be addressed, because it is causing valid SPDX 2.2 documents not to be...
Hi @aharal, can you clarify what the error is that you're seeing here?
This is an interesting thought, @RishabhBhatnagar. For the future SPDX 3.0 spec, when we implement that in the Golang tools, I definitely agree that we should more closely follow the...
Marking this as part of 0.4.0, so we can consider it together with some other potential API changes for that release.
This is awesome, thank you @ianling!
@kzantow Just to share a bit of context on this (which you may already know!) This originated with language that's now found in [Section 5.2.3 of the SPDX 2.3 spec](https://spdx.github.io/spdx-spec/v2.2.2/composition-of-an-SPDX-document/):...
Filled in Basics section; much more to do! https://bestpractices.coreinfrastructure.org/projects/5710
@lumjjb I just updated a couple of the items after merging #154 (to add SECURITY.md). Let me check what I can configure for the BadgeApp settings -- will circle back...