Spdx-tech@lists.spdx.org | Review of zlib example

Gary O'Neall

I got a start at doing a more detailed review of the zlib example posted last Wednesday.

The namespace for spdx rdf is slightly different (trailing “/” is no longer present). I think the current example is correct.

I also noticed a richer model for “Describes”. In the previous example, the model was pretty flat (“DescribesPackage” rather than <Describes> <Package> … </package> </Describes>).

I can’t remember if we discussed this on the RDF calls or not. This area will probably change with the recent proposal anyway, but I would like to just review how we want to handle the describes predicate. Specifically, do we want to make a general predicate that would apply to the file, license and package or do we want to make the predicates specific to the subject. The former is a better model (imho), but the latter is closer to the keyword keyvalue approach and would make it easier to translate to the text parsing world.

Gary

Peter Williams <peter.williams@...>

#10

On 11/22/10 11:07 AM, Gary O'Neall wrote:
I got a start at doing a more detailed review of the zlib example posted
last Wednesday.I assume you are reviewing <http://www.spdx.org/system/files/openlogic-zlib-1.2.5-all-src-1.spdx_.txt>. If that is not correct please let me know.


The namespace for spdx rdf is slightly different (trailing “/” is no
longer present). I think the current example is correct.I think we should switch the namespace to <http://spdx.org/spec#> (or where ever the spec will end up).  Now that we have agreed to integrate the rdf ontology into the spec we do not need a separate uri for the namespace.

I also noticed a richer model for “Describes”. In the previous example,
the model was pretty flat (“DescribesPackage” rather than <Describes>
<Package> … </package> </Describes>).The flatter model is actual not well formed rdf.  The structure of those examples was chosen as the closest to the tag structure in the spec that actually parsed successfully.  It is worth noting that the graph described in that example is gibberish.

I can’t remember if we discussed this on the RDF calls or not. This area
will probably change with the recent proposal anyway, but I would like
to just review how we want to handle the describes predicate.
Specifically, do we want to make a general predicate that would apply to
the file, license and package or do we want to make the predicates
specific to the subject. The former is a better model (imho), but the
latter is closer to the keyword keyvalue approach and would make it
easier to translate to the text parsing world.I think we should shoot for removing the describes altogether.  The following seems a lot more palatable:

    <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://spdx.org/spec#">
      <Package rdf:about="https://olex.openlogic.com/package_versions/download/9423?path=openlogic/zlib/1.2.5/openlogic-zlib-1.2.5-all-src-1.zip&;package_version_id=3690">
        <DeclaredName>zlib 1.2.5 Source</DeclaredName>
        ...
        <ContainsFile rdf:about="#contrib/iostream2/zstream.h">
          <Type>source</Type>
          <License rdf:nodeID="FullLicense-2"/>
          ...
        </ContainsFile>
      </Package>
      <License rdf:nodeID="FillLicense-2">
        <LicenseText>...</LicenseText>
      </License>
    </rdf:RDF>

I think we could make this a valid spdx file without much work.

Peter