Closed meretp closed 1 year ago
@meretp Thanks for providing the file and info. I was able to duplicate the problem.
It is a bug in the tag-value store.
the relationship is created to the file itself when it should be the package which creates the extra reference - not to mention creating an incorrect relationship.
The reason we haven't hit this until now is that the artifactOf
has been deprecated - replaced by contains relationship.
You can work around this by removing the artifactOf
.
I'll transfer this to the tag/value store and create a PR for a fix.
I try to use tools-java to verify this file from tools-python. But when I execute the command
I get the the following error:
Since the error comes from InMemSpdxStore I decided to open the issue in this repo.