System Package Data Exchange Avatar
  1. OMG Specification

System Package Data Exchange — Closed Issues

  • Acronym: SPDX
  • Issues Count: 37
  • Description: Issues resolved by a task force and approved by Board
Closed All
Issues resolved by a task force and approved by Board

Issues Summary

Key Issue Reported Fixed Disposition Status
SPDX3-34 Missing difference report and details on the object model SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-55 Names are inconsistent SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-57 Missing the Model and serialization section SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-74 word tense and definition clean up SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-59 File clause needs to be more flexible SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-56 Missing trademark compliance section SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-73 Missing Section SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-58 Need to move most URLs into footnotes for readability SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-60 Information in summaries, descriptions, and examples can be improved SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-72 Bom minCount SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-30 Media Type needs additional information and explaination SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-61 Wrong Lite Profile Annex included SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-32 Need properties defined for the Extensioin Profile Class SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-31 Content identifier details missing SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-35 Change annex letters SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-37 Add details of Package URL specifics SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-29 Missing property in Package SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-36 Clarify SPDX Lite purpose, utility, and compliane definition SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-27 Revise legal clauses to capture agreement of OMG and LF teams SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-33 Additonal profile conformance details needed for Licensing, Dataset, AI, and Lite profiles SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-1 Adopt Linux Foundation legal clauses approach SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-2 move OMG specifics to single page SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-5 change version from 3.0 to 3.0.1 SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-13 consolidate references SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-23 move History section to new Annex. SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-21 Figures to Annex SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-28 Add super class derived properties, remove profile names from classes and references to relocated figures. SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-38 Rename History, Motivation and Rational Annex SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-15 Terms and Definitions SPDX 3.0a1 SPDX 3.0b2 Closed; No Change closed
SPDX3-39 Added additional annexes so need to rename later ones SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-17 Symbols SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-7 remove "," from title SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-11 Replace Scope with approved one SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-18 merge conformance clauses SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-26 Terms section out of date SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-25 Super class details not in spec SPDX 3.0a1 SPDX 3.0b2 Resolved closed
SPDX3-9 The Scope section covers more than scoping the document. SPDX 3.0a1 SPDX 3.0b2 Resolved closed

Issues Descriptions

Missing difference report and details on the object model


Names are inconsistent

  • Key: SPDX3-55
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Use of names is inconsistent – capitalization, spelling, and inclusion of the full name – i.e. including the word “Profile”.

  • Reported: SPDX 3.0a1 — Fri, 23 Aug 2024 17:35 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Names are inconsistent

    Use of names is inconsistent – capitalization, spelling, and inclusion of the full name – i.e. including the word “Profile”.

  • Updated: Sun, 27 Oct 2024 01:49 GMT

Missing the Model and serialization section

  • Key: SPDX3-57
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Missing the Model and serializations chapter

  • Reported: SPDX 3.0a1 — Fri, 23 Aug 2024 17:37 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Missing the Model and serialization section

    In the comments on the RFC from the AB there was a request for more information on the serializations and model.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

word tense and definition clean up


File clause needs to be more flexible

  • Key: SPDX3-59
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Replace File clause with fileKind clause

  • Reported: SPDX 3.0a1 — Fri, 23 Aug 2024 17:40 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    File clause needs to be more flexible

    Replace File clause with fileKind clause.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Missing trademark compliance section



Need to move most URLs into footnotes for readability

  • Key: SPDX3-58
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    URL links in the body should be footnotes

  • Reported: SPDX 3.0a1 — Fri, 23 Aug 2024 17:38 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Need to move most URLs into footnotes for readability

    URL links in the body should be footnotes to de-clutter the text.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Information in summaries, descriptions, and examples can be improved

  • Key: SPDX3-60
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Improved summary, descriptions, definitions, and example content, including changes from id to spdxID, update simple license info, and the elaboration of AI profile components, needs to be added from the Linux Foundation work on these clauses.

  • Reported: SPDX 3.0a1 — Fri, 23 Aug 2024 17:41 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Information in summaries, descriptions, and examples can be improved

    Room to improve summary, definition, and example content, including changes from id to spdxID, update simple license info, and the elaboration of AI profile components, needs to be added from the Linux Foundation work on these clauses.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Bom minCount

  • Key: SPDX3-72
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    element and rootElement in Bom are optional for all of the profiles except the Lite profile but currently it is a mandatory field. Need to change minCount on element and rootElement.

  • Reported: SPDX 3.0a1 — Tue, 10 Sep 2024 00:26 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Bom minCount

    element and rootElement in Bom are optional for all of the profiles except the Lite profile but currently it is a mandatory field. Need to change minCount on element and rootElement.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Media Type needs additional information and explaination

  • Key: SPDX3-30
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Media Type needs to be extended to include Property and better explained

  • Reported: SPDX 3.0a1 — Mon, 12 Aug 2024 21:56 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Media Type needs additional information and explaination

    Media Type needs to be extended to include Property and better explained

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Wrong Lite Profile Annex included

  • Key: SPDX3-61
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    There were two Lite Profile Annexes - one on using the Lite Profile and one on what conformance meant. The using the Lite Profile was accidentally inserted instead of the conformance one.

  • Reported: SPDX 3.0a1 — Mon, 26 Aug 2024 04:51 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Wrong Lite Profile Annex included

    Have wrong annex on Lite profile.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:
    • Issue 34.docx 13 kB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)

Need properties defined for the Extensioin Profile Class


Content identifier details missing



Add details of Package URL specifics



Clarify SPDX Lite purpose, utility, and compliane definition

  • Key: SPDX3-36
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    The purpose and utility of the SPDX Lite profile is not apparent and hard to understand what compliance to it will mean to existing users of the current version of that part of SPDX in the automotive and healthcare fields.

  • Reported: SPDX 3.0a1 — Mon, 12 Aug 2024 22:04 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Clarify SPDX Lite purpose, utility, and compliane definition

    The purpose and utility of the SPDX Lite profile is not apparent and hard to understand what compliance to it will mean to existing users of the current version of that part of SPDX in the automotive and healthcare fields.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Revise legal clauses to capture agreement of OMG and LF teams

  • Key: SPDX3-27
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    OMG (Mike Bennett) and Linux Foundation (Steve Winslow and Mike Dolan) requested changes to the proposed materials changed in Ballot 1 first issue.

  • Reported: SPDX 3.0a1 — Mon, 12 Aug 2024 21:51 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Revise legal clauses to capture agreement of OMG and LF teams

    OMG (Mike Bennett) and Linux Foundation (Steve Winslow and Mike Dolan) requested changes to the proposed materials changed in Ballot 1 first issue.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Additonal profile conformance details needed for Licensing, Dataset, AI, and Lite profiles

  • Key: SPDX3-33
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Missing profile conformance materials for Licensing, Dataset, AI, and Lite profiles.

  • Reported: SPDX 3.0a1 — Mon, 12 Aug 2024 21:59 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Additonal profile conformance details needed for Licensing, Dataset, AI, and Lite profiles

    Missing profile conformance materials for Licensing, Dataset, AI, and Lite profiles.

  • Updated: Sun, 27 Oct 2024 01:49 GMT

Adopt Linux Foundation legal clauses approach

  • Key: SPDX3-1
  • Status: closed   Implementation work Blocked
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    The Linux Foundation and OMG have different ways of covering the legal issues.

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 11:22 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Replace the legal prose with the Linux Foundation approach of 2 standard licenses

    Replace the legal prose with the Linux Foundation approach of 2 standard licenses - Community Specification License 1.0 and Creative Commons Attribution License 3.0 Unported.

  • Updated: Sun, 27 Oct 2024 01:49 GMT

move OMG specifics to single page

  • Key: SPDX3-2
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Need to support OMG and Linux Foundation use of the same document with different cover pages but only one OMG specific page.

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 11:25 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Move the “OMG’s Issue Reporting Procedure” from page iv to the preface page

    Move the “OMG’s Issue Reporting Procedure” from page iv to the preface page

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

change version from 3.0 to 3.0.1

  • Key: SPDX3-5
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    The Linux Foundation document had to move to 3.0.1 and OMG version needs to be consistent.

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 11:42 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    change version from 3.0 to 3.0.1

    The Linux Foundation document had to move to 3.0.1 and OMG version needs to be consistent.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

consolidate references

  • Key: SPDX3-13
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Need to move References clauses to section 2 and merge Annex C: References.

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 17:07 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    consolidate references

    Need to move References clauses to section 2 and merge Annex C: References.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

move History section to new Annex.

  • Key: SPDX3-23
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Need to move the History, Motivation and Rationale clauses to a new non-normative Annex.

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 17:29 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    move History section to new Annex

    Need to move the History, Motivation and Rationale clauses to a new non-normative Annex.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Figures to Annex


Add super class derived properties, remove profile names from classes and references to relocated figures.

  • Key: SPDX3-28
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Systematically revise the Profile Classes to be named “Classes” , include super class information, and remove references to the figures that were moved to the annexes.

  • Reported: SPDX 3.0a1 — Mon, 12 Aug 2024 21:53 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Add super class derived properties, remove profile names from classes and references to relocated figures.

    Systematically revise the Profile Classes to be named “Classes” , include super class information, and remove references to the figures that were moved to the annexes.

  • Updated: Sun, 27 Oct 2024 01:49 GMT

Rename History, Motivation and Rational Annex

  • Key: SPDX3-38
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    The informative material in the History, Motivation and Rational is only from an OMG perspective and annex needs to change reference letter.

  • Reported: SPDX 3.0a1 — Mon, 12 Aug 2024 22:07 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Rename History, Motivation and Rational Annex

    The informative material in the History, Motivation and Rational doesn’t belong in the middle of the body of the document and is only from an OMG perspective.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Terms and Definitions

  • Key: SPDX3-15
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Need to move Terms and Definitions clauses to section 3

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 17:10 GMT
  • Disposition: Closed; No Change — SPDX 3.0b2
  • Disposition Summary:

    Slim down the Terms and Definitions

    The resolution in ballot 1 was accidentally deferred but a second issue rewrote the Terms and Definitions making this issue unneeded.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Added additional annexes so need to rename later ones


Symbols

  • Key: SPDX3-17
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Need to move Symbols clauses to section 4

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 17:11 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Insert Symbols chapter

    Need to move Symbols clauses to section 4 and mark as resolved - mistakenly marked as deferred in ballot 1

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

remove "," from title

  • Key: SPDX3-7
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    title has an unnecessary “,”.

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 11:46 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    title has an unnecessary “,”.

    title has an unnecessary “,”.

  • Updated: Sun, 27 Oct 2024 01:49 GMT

Replace Scope with approved one

  • Key: SPDX3-11
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Need to change the Scope section to the one approved by the Linux Foundation Steering Committee.

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 17:04 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    change the Scope section to the one approved

    Need to change the Scope section to the one approved by the Linux Foundation Steering Committee.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

merge conformance clauses

  • Key: SPDX3-18
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Linux Foundation document has conformance clause not in the OMG document that needs to be added and need to renumber.

  • Reported: SPDX 3.0a1 — Thu, 8 Aug 2024 17:12 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    merge conformance clauses.

    Linux Foundation document has conformance clause not in the OMG document that needs to be added and need to renumber.

  • Updated: Sun, 27 Oct 2024 01:49 GMT
  • Attachments:

Terms section out of date


Super class details not in spec

  • Key: SPDX3-25
  • Status: closed  
  • Source: MITRE ( Mr. Robert Martin)
  • Summary:

    Need to add additional details on the inherited properties for many of the specification classes that can be extracted from the schema and described explicitly in the specification and remove profile names from class names.

  • Reported: SPDX 3.0a1 — Mon, 12 Aug 2024 21:48 GMT
  • Disposition: Resolved — SPDX 3.0b2
  • Disposition Summary:

    Super class details not in spec

    Need to add additional details on the inherited properties for many of the specification classes that can be extracted from the schema and described explicitly in the specification and remove profile names from class names.

  • Updated: Sun, 27 Oct 2024 01:49 GMT

The Scope section covers more than scoping the document.