JSON schema v2.2 PACKAGE_MANAGER discrepancy

Keith Zantow

Hi All,

There has been a small discrepancy in the SPDX 2.2 JSON schema and the SPDX spec for a while: the 2.2 spec indicates External Reference Category should have a value of: SECURITY | PACKAGE-MANAGER | PERSISTENT-ID | OTHER, however the latest JSON schema has values of: "OTHER", "PERSISTENT_ID", "SECURITY", "PACKAGE_MANAGER". Note the differences between dash and underscore.

As I understand it, the guidance has been that tools should accept both values (e.g. PACKAGE_MANAGER and PACKAGE-MANAGER).

Would it be possible to get a new version of the 2.2 schema published that includes the correct values?

The 2.3 schema already has this, but some users are still tied to 2.2 and it would be nice to have this corrected so documents adhering to the SPDX spec are also valid against the JSON schema.

Would a GitHub issue be a better place for this request?

-Keith Zantow

Join {spdx@lists.spdx.org to automatically receive all group messages.