Re: Element IDs

Home Messages Hashtags Subgroups

David Kemp #4146 My bad. I didn't mean "under control" as having an integrity mechanism, I meant "having the ability to decide what goes into the local ID". Which is synonymous with saying that as far as the SPDX standard and SPDX-consuming applications are concerned, local IDs are opaque. toggle quoted message Show quoted text On Tue, Aug 3, 2021 at 3:48 PM William Bartholomew <iamwillbar@...> wrote: On Tue, Aug 3, 2021 at 11:34 AM David Kemp <dk190a@...> wrote: 2) elements are always identified by namespace and local ID, where local means under the control of the namespace owner. Don't get hung up on what owner means - anybody can become an owner by generating a 256 bit random number for their namespace. We're not proposing a model where namespaces are "controlled", which would require either a central authority or some form of challenge-response process for verifying control. Nothing would stop me declaring elements in your namespace, what I can't do is sign an SBOM as you.
More All Messages By This Member

Join Spdx-tech@lists.spdx.org to automatically receive all group messages.