Question on DRAFT 20110605 (package cardinality/verification)

Home Messages Hashtags Subgroups

Mario Tokarz <mario@...> #424 Hi all, I have two questions regarding the latest spec from your home page. Thanks in advance for the time and consideration. 1.) Page 10 states that "A package can contain subpackages". How would those be added to the description, they do not seem to be part of the data model as shown on pg 35. Supporting subpackages with a full set of metadata seems to be a good approach to support descriptions of a full system image. 2.) Page 11/12: While package verification code is optional (most likely to be used when SPDX is not part of the src-archive), the verification code is mandatory. While discussing this with a colleague we could not quite figure out why this is the case or whether this should be better one or the other (i.e. it is mandatory to have one of the two within one description). I would be glad to get some thoughts on this. Thx, Mario -- Mario Tokarz BMW Car IT GmbH
More

Join {spdx@lists.spdx.org to automatically receive all group messages.