goneall
commented
6 months ago If PR #498 is merged, we could create a additional subclass of PackageVerification similar to:
SPDX-License-Identifier: Community-Spec-1.0
# PackageOtherVerification
## Summary
Verification method to be used for a Package which is not one of the existing SPDX defined Package Verification Classes.
## Description
There may be use cases requiring package verification methods beyond what is defined in the SPDX specification.
This class can be used to capture the information on that verification method.
## Metadata
- name: PackageOtherVerification
- SubclassOf: /Software/PackageVerification
## Properties
- definition
- type: xsd:anyUri
- data
- type: xsd:string
- mediaType
- type: xsd:string
On the Security call on 10 Jan 2023 it was suggested that we allow for any definition of verification algorithms and codes for packages - similar to have "Other" in some of our enumeration values.
Since this involves more modeling work that I have time for before RC2, I'm logging this as an issue for future work.