I think there are a a few questions that can be easily answered at today's meeting:
* *Should ExternalMap be a property of Collection?* [WillBar] Collection was created to be a superclass of both ContextualCollection and Document because they have shared traits and are both containers. SBOMs do have external maps (because they indirectly inherit from Collection and external maps are attached to Collection). [Sean] I do think that it makes sense to move the ExternalMap structure to the Collection class rather than being only on Document/Bundle. [Dave] +1 ** Should Elements be signable/hashable/verifiable?* [WillBar] Element immutability in SPDX v2 and SPDX v3 (so far) is achieved by the Element “belonging” to a Document and having a cryptographic hash of that document. [Sean] Though I am not as pessimistic about the practicality of hashing Elements. [Dave] We have agreed that Element properties are immutable, which brings with it the unbreakable laws of physics. I agree with Sean that the mechanics of verifying Element integrity are solvable. ** Does the Element verifiedUsing property verify the integrity of an Element or the retrieved value of an Artifact?* Some artifacts can change value, so artifact integrity doesn't make sense for them. If verifiedUsing applies to just immutable Artifacts, then we will need a different way to describe integrity verification of immutalbe Elements. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4249): https://lists.spdx.org/g/Spdx-tech/message/4249 Mute This Topic: https://lists.spdx.org/mt/86936234/21656 Group Owner: spdx-tech+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
