Merge branch 'development/v3.0.1' into update-contributing-guideline

bact · Jul 22, 2024 · 626033a · 626033a
2 parents be12438 + fdf1f09
commit 626033a
Show file tree

Hide file tree

Showing 5 changed files with 284 additions and 283 deletions.
diff --git a/.github/workflows/publish_v3.yml b/.github/workflows/publish_v3.yml
@@ -1,7 +1,7 @@
 on:
   push:
     branches:
-      - development/v3.0
+      - development/v3.0.1
   repository_dispatch:
     types:
       - publish_v3_spec
@@ -13,7 +13,7 @@ jobs:
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
-          ref: development/v3.0
+          ref: development/v3.0.1
           path: spdx-spec
           fetch-depth: 0 # Because we will be pushing the gh-pages branch
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
@@ -39,15 +39,15 @@ jobs:
           shacl2code generate \
             --input spdx-spec/docs/model/spdx-model.ttl \
             --input spdx-spec/docs/model/jsonld-annotations.ttl \
-            --context-url spdx-spec/docs/model/spdx-context.jsonld https://spdx.org/rdf/3.0.0/spdx-context.jsonld \
+            --context-url spdx-spec/docs/model/spdx-context.jsonld https://spdx.org/rdf/3.0.1/spdx-context.jsonld \
             jsonschema \
             --output spdx-spec/docs/model/schema.json
       - name: Set git identity
         run: git config user.name ci-bot; git config user.email ci-bot@spdx.dev
         working-directory: spdx-spec
       - name: Sync gh-pages
-        run: git checkout gh-pages && git pull && git checkout development/v3.0
+        run: git checkout gh-pages && git pull && git checkout development/v3.0.1
         working-directory: spdx-spec
       - name: Build docs
-        run: mike deploy v3.0 v3-draft -b gh-pages -p
+        run: mike deploy v3.0.1 latest -b gh-pages -p
         working-directory: spdx-spec
diff --git a/docs/annexes/SPDX-Lite.md b/docs/annexes/SPDX-Lite.md
@@ -10,7 +10,7 @@ The Lite profile offers the flexibility to be used either alone or in combinatio
 
 ## H.2 Table of the Lite profile elements <a name="H.2"></a>  
 
-A SPDX document with the Lite profile must include properties for each class listed in **Table H.1**. And ```Cardinality 1..1``` means a **REQUIRED** element, and the others **SHOULD** be filled in as much as possible if necessary.  
+A SPDX document with the Lite profile must include properties for each class listed in **Table H.1**. And ```Cardinality 1..``` means a **REQUIRED** element, and the others **SHOULD** be filled in as much as possible if necessary.  
 
 **Table H.1 — the Lite profile elements**  
 
@@ -22,9 +22,9 @@ A SPDX document with the Lite profile must include properties for each class lis
    | 2 | /Core/SpdxDocument/name            | 0..1	| |  
    | 3 | /Core/SpdxDocument/comment			| 0..1	| |  
    | 4 | /Core/SpdxDocument/creationInfo	| 1..1	| |  
-   | 5 | /Core/SpdxDocument/verifiedUsing	| 0..1	| This should be an object of /Core/Hash |  
-   | 6 | /Core/SpdxDocument/element			| 1..*	| MUST have at least one element |  
-   | 7 | /Core/SpdxDocument/rootElement		| 1..1	| This should be an object of /Core/Sbom |  
+   | 5 | /Core/SpdxDocument/verifiedUsing	| 0..*	| This should be objects of /Core/Hash |  
+   | 6 | /Core/SpdxDocument/element			| 1..*	| MUST have at least one /Core/Sbom object |  
+   | 7 | /Core/SpdxDocument/rootElement		| 1..*	| This should be objects of /Core/Sbom |  
    | 8 | /Core/SpdxDocument/namespaceMap	| 0..*	| |  
    | 9 | /Core/SpdxDocument/dataLicense		| 0..1	| |  
 
@@ -41,18 +41,18 @@ A SPDX document with the Lite profile must include properties for each class lis
    |:-:|:--|:--|:--|  
    | 1 | /Software/Sbom/spdxId			| 1..1	| |  
    | 2 | /Software/Sbom/creationInfo	| 1..1	| |  
-   | 3 | /Software/Sbom/element			| 1..*	| MUST have at least one element |  
-   | 4 | /Software/Sbom/rootElement    | 1..1	| This should be an object of /Software/Package |  
-   | 5 | /Software/Sbom/sbomType		   | 0..1	| |  
+   | 3 | /Software/Sbom/element			| 1..*	| MUST have at least one /Software/Package object |  
+   | 4 | /Software/Sbom/rootElement    | 1..*	| This should be objects of /Software/Package |  
+   | 5 | /Software/Sbom/sbomType		   | 0..*	| |  
 
 4. For a /Core/CreationInfo to be conformant with this profile, the following has to hold:  
 
    | # | Property Name | Cardinality | Comments |  
    |:-:|:--|:--|:--|  
-   | 1 | /Core/CreationInfo/specVersion | 1..1	| This should be a fixed string, “3.0”. |  
+   | 1 | /Core/CreationInfo/specVersion | 1..1	| This should be a fixed string, “3.0.0”. |  
    | 2 | /Core/CreationInfo/comment 	| 0..1	| |  
    | 3 | /Core/CreationInfo/created 	| 1..1	| |  
-   | 4 | /Core/CreationInfo/createdBy	| 1..1	| This should be an object of /Core/Agent |  
+   | 4 | /Core/CreationInfo/createdBy	| 1..*	| This should be objects of /Core/Agent |  
 
 5. For a /Core/Agent (createdBy, suppliedBy, originatedBy) to be conformant with this profile, the following has to hold:  
 
@@ -61,7 +61,7 @@ A SPDX document with the Lite profile must include properties for each class lis
    | 1 | /Core/Agent/spdxId				| 1..1	| |  
    | 2 | /Core/Agent/name			    | 1..1	| |  
    | 3 | /Core/Agent/creationInfo		| 1..1	| This should be “BlankNode” |  
-   | 4 | /Core/Agent/externalIdentifier	| 0..1	| |  
+   | 4 | /Core/Agent/externalIdentifier	| 0..*	| |  
 
 6. For a /Core/ExternalIdentifier to be conformant with this profile, the following has to hold:  
 
@@ -79,15 +79,15 @@ And all /Software/Package objects MUST have “downloadLocation” OR “package
    | 2 | /Software/Package/name			        | 1..1	| |  
    | 3 | /Software/Package/comment			    | 0..1	| |  
    | 4 | /Software/Package/creationInfo			| 1..1	| |  
-   | 5 | /Software/Package/verifiedUsing		| 0..1	| This should be an object of /Core/Hash |  
-   | 6 | /Software/Package/originatedBy		    | 0..*	| This should be an object of /Core/Agent |  
+   | 5 | /Software/Package/verifiedUsing		| 0..*	| This should be objects of /Core/Hash |  
+   | 6 | /Software/Package/originatedBy		    | 0..*	| This should be objects of /Core/Agent |  
    | 7 | /Software/Package/suppliedBy			| 1..1	| This should be an object of /Core/Agent |  
    | 8 | /Software/Package/builtTime			| 0..1	| |  
    | 9 | /Software/Package/releaseTime			| 0..1	| |  
    | 10 | /Software/Package/validUntilTime		| 0..1	| |  
-   | 11 | /Software/Package/supportLevel		| 0..1	| |  
+   | 11 | /Software/Package/supportLevel		| 0..*	| |  
    | 12 | /Software/Package/copyrightText		| 1..1	| |  
-   | 13 | /Software/Package/attributionText		| 0..1	| |  
+   | 13 | /Software/Package/attributionText		| 0..*	| |  
    | 14 | /Software/Package/packageVersion		| 1..1	| |  
    | 15 | /Software/Package/downloadLocation	| 0..1	| |  
    | 16 | /Software/Package/packageUrl			| 0..1	| |