Alexios Zavras (zvr)
Alexios Zavras (zvr)
This would be a great addition to the https://github.com/spdx/using repo!
You mean like https://github.com/spdx/spdx-3-model/blob/12174d04bc8e591b5674700ff4ac72b85e4f9d41/model/Software/Classes/File.md?plain=1#L24 ?
The problem, of course, is that this means that profile B (where the class is) depends on profile A (where the property is defined). We have not implemented any such...
Thanks for the comments, @goneall. I'll try to answer everything in a single comment. > a component to be an instance of another component Yes, this is needed, because a...
Here are a couple of example diagrams. They show different classes by shapes and different relationships by arrow line style. They also illustrate two different approaches, one using a single...
Thanks, @goneall . And now that I think about it, we might add some more text that this is not typically expected to be in SBOMs. SBOMs are always about...
@stevenc-stb I also find it redundant, but from the discussion today it seems that other areas refer to components. I'll change it -- this will not be the only case...
@JPEWdev you are correct that, because our Relationships have one `from` but may have multiple `to`, having a relationship going "upwards" might seem to make more sense. _[I am using...
OK, I don't mind reversing the direction of the Relationship. As I wrote above, we already have the RelationshipType for "curl 8.9.1" —`packagedBy`→"Ubuntu curl 8.9.1" (the last level, where `from`...
Ah, but @swinslow did you see the second diagram I've put on the [comment above](https://github.com/spdx/spdx-3-model/pull/1044#issuecomment-3046047536) ? As you say, there is no way to associate a single license with "OpenSSL"....