Open adelton opened 6 years ago
PRI-13 states:
If appropriate values exist and can be determined, a element MUST be provided and MUST furnish values for as many of the following attributes as possible:
@product
,@colloquialVersion
,@revision
, and@edition.
This doesn't read to me like "... attribute MUST be provided", but I guess "furnish values" could be interpreted to mean add the attributes but leave those empty for which no value exists or can be determined. However, according to the schema all these attributes of the SoftwareMeta
are optional (there are actually a lot more than listed there in NIST.IR.8060) and I don't really see an advantage in specifying empty attributes. So I think SWIDVal might be too restrictive here too.
Thank you for the analysis. Have you guys talked to NIST about it or should we try to bring it up?
We currently have no plans to contact NIST about this. Thanks.
Addressing swidval errors
Leaving the attribute values empty seems enough to make
swidval
happy. We could put the name (sans version) toproduct
and then have version incolloquialVersion
, to turninto (say)
But I plan to add option to use
Meta
for information about the package, not about the distribution.