SPDX Version always return SPDX-2.3 #349
Comments
|
Thanks for pointing out. The o/p must be according to what user provided. It should be Thanks @warpkwd for raising this issue, it's a bug and will fix it out !! |
|
This is an upstream issue. Because the value itself of var d *spdx.Document
switch format {
case FileFormatJSON:
d, err = spdx_json.Read(f)
case FileFormatTagValue:
d, err = spdx_tv.Read(f)
case FileFormatYAML:
d, err = spdx_yaml.Read(f)
case FileFormatRDF:
d, err = spdx_rdf.Read(f)
default:
err = fmt.Errorf("unsupported spdx format %s", string(format))
}Where, |
|
And the problem with |
|
I have reproduce the issue for |
|
Thank you. |
Hey @warpkwd, The tools-golang library is designed to convert all SPDX documents to the latest supported version (currently 2.3), even if the input file specifies an older version (such as 2.2). This approach simplifies handling multiple SPDX versions by standardizing them to a single format, avoiding the need to write separate code for each version. |
|
@riteshnoronha should we conclude with a NOTE: spdx version with 2.1, 2.2, 2.3 will be converted to 2.3(or latest, in future it will be 3.0) as per designed in the tools-golang library. |
|
@warpkwd , this will be fixed in next release.
|
SPDX Version always return SPDX-2.3.
But, Is this the correct specification?
SPDXJSONExample-v2.2.spdx.json is:
{ "SPDXID" : "SPDXRef-DOCUMENT", "spdxVersion" : "SPDX-2.2", "creationInfo" : { "comment" : "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", "created" : "2010-01-29T18:30:22Z", "creators" : [ "Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()" ], "licenseListVersion" : "3.9" },I think this is because of the following code:
https://github.com/spdx/tools-golang/blob/main/spdx/model.go
The text was updated successfully, but these errors were encountered: