Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URI of the predicate type SPDX is broken #376

Closed
segevshar opened this issue Aug 4, 2024 · 5 comments
Closed

URI of the predicate type SPDX is broken #376

segevshar opened this issue Aug 4, 2024 · 5 comments
Labels

Comments

@segevshar
Copy link

Hey
The URI in the spec of the predicate type SPDX is broken (404)

Type URI: https://spdx.dev/Document

same as the predicateType in the example

"predicateType": "https://spdx.dev/Document/v2.3",

Another question - in the example you direct to the specific version of the SPDX documentation. I saw this issue about CycloneDX predicateType which excludes the specific version. Why is it different in SPDX?

Thanks :)

@marcelamelara
Copy link
Contributor

Thanks for raising this issue. It looks like the SPDX site organization has changed, so that Type URI is indeed no longer a valid URL. There are a few ways to resolve this: 1) We update the type URI, but that's likely going to cause incompatibility issues with tools using SPDX + in-toto. 2) We don't change the type URI, since they don't need to resolve to a human-readable document.

Do you have a specific use case for resolving the predicate type?

I saw this #82 about CycloneDX predicateType which excludes the specific version. Why is it different in SPDX?

I'm not sure what you're referring to? A version number is required for every predicate, so the CDX predicateType does include a version number.

@marcelamelara
Copy link
Contributor

CC @in-toto/attestation-maintainers

@TomHennen
Copy link
Contributor

I agree with Marcela. I don't think there's anything for us to do here. The URI doesn't need to resolve and if we changed it it would break anyone that uses it unnecessarily.

@pxp928
Copy link
Member

pxp928 commented Aug 6, 2024

I agree with Marcela. I don't think there's anything for us to do here. The URI doesn't need to resolve and if we changed it it would break anyone that uses it unnecessarily.

+1 I agree with the others.

@segevshar
Copy link
Author

Make sense thank you all!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants