Meta Issue - Update Schemas for 2.3

[goneall]

This issue is to track the work needed to update all the schemas for SPDX release 2.3.

• Resolve all SPDX issues and pull requests which impact the schemas (PR "Usage Profile" to describe the intended usage by package supplier #671)
• Diff the 2.2 and 2.3 versions of the spec to identify changes to the schemas
• Update the OWL document based on the diff
• Generate TTL version of OWL along with RDF (replaces PR Changed OWL ontology format from RDF/XML to RDF/Turtle #501 )
• Generate JSON Schema
• Review OWL and JSON schemas
• Close issue Just a rant re: JSON #606
• Close issue Update OWL document with 2.2.1 changes #459
• Close PR Remove redefinitions of external ontology elements #547
• Close PR Changed OWL ontology format from RDF/XML to RDF/Turtle #501

[goneall]

Note that the following 2.3 PR's and issues are assumed to only impact documentation and will not change impact the schema:

• PR Add new annex on license namespaces #681
• PR Update for Community Specification 1.0 license #679
• PR "Usage Profile" to describe the intended usage by package supplier #671
• PR WIP: Easier handling of snippets in source code files #464
• Issue Contributing.md does not mention SPDX Community Specification CLA #657
• Issue Fix build break #630
• Issue Contradiction in Clause 5.2.3 #593
• Issue Relationship for the root component #587
• Issue Describing patch installers #582
• Issue Specifying strong hashes (e.g. SHA-256+) for ExternalDocumentRef in SPDX 2.2 #571

[rjb4standards]

Gary, I've requested that the two pending items from PR 670 be addressed and resolved. See details of the two pending items in the meeting minutes: https://spdx.swinslow.net/p/spdx-tech-minutes

[goneall]

Gary, I've requested that the two pending items from PR 670 be addressed and resolved. See details of the two pending items in the meeting minutes

@rjb4standards Let me know kif this is resolved or something we should discuss on Tuesday's tech call

[goneall]

Based on the branch compares as of 13 June 2022, the following changes need to be made in the schema (those items preceded by * will likely impact tooling):

• *Update versions and base URI's
• Update any URL references in comments using HTTP to use HTTPS
• Update description of ExternalRef CPE type to include the text from section F.2
• *Add an ExternalRef identifier advisory described in section F.2.3
• *Add an ExternalRef identifier fix described in section F.2.4
• *Add an ExternalRef identifier url described in section F.2.5
• Update documentation for ExternalRef identifier SWID described in section F.2.6
• *Add an ExternalRef identifier gitoid described in section F.4.2
• *Additional hash algorithms [SHA3-256][SHA3-256], [SHA3-384][SHA3-384], [SHA3-512][SHA3-512], [BLAKE2b-256][BLAKE2b-256], [BLAKE2b-384][BLAKE2b-384], [BLAKE2b-512][BLAKE2b-512], [BLAKE3][BLAKE3], [ADLER32][ADLER32]
• Update the description in the LicenseConcluded to include the line If the Concluded License field is not present for a file, it implies an equivalent meaning to NOASSERTION.
• *Change cardinality of LicenseConcluded to optional 0..1
• Update the description in the LicenseInfoInFile to include the line If the License Information in File field is not present for a file, it implies an equivalent meaning to NOASSERTION.
• *Change cardinality of LicenseInfoInFile to optional 0..1
• Update the description in the FileCopyrightText to include the line If the Copyright Text field is not present for a file, it implies an equivalent meaning to NOASSERTION.
• *Change cardinality of FileCopyrightText to optional 0..1
• Update the format description of the PackageDownloadLocation
• Update the description in the PackageLicenseConcluded to include the line If the Concluded License field is not present in a package, it implies an equivalent meaning to NOASSERTION.
• *Change cardinality of PackageLicenseConcluded to optional 0..1
• Update the description in the PackageLicenseInfoFromFiles to include the line If the All Licenses Information from Files field is not present for a package and FilesAnalyzed field ([7.8](#7.8)) for that same pacakge is true or omitted, it implies an equivalent meaning to NOASSERTION.
• *Change cardinality of PackageLicenseInfoFromFiles to optional 0..*
• Update the description in the PackageLicenseDeclared to include the line If the Declared License field is not present for a package, it implies an equivalent meaning to NOASSERTION.
• *Change cardinality of PackageLicenseDeclared to optional 0..1
• Update the description in the PackageCopyrightText to include the line If the Copyright Text field is not present for a package, it implies an equivalent meaning to NOASSERTION.
• *Change cardinality of PackageCopyrightText to optional 0..1
• *Add Package Purpose as described in section 7.24
• *Add Release Date as described in section 7.25
• *Add Built Date as described in section 7.26
• *Add Valid Until date as described in section 7.27
• *Add relationship REQUIREMENT_DESCRIPTION_FOR
• *Add relationship SPECIFICATION_FOR
• Update the description in the SnippetLicenseConcluded to include the line If the Snippet Concluded License field is not present for a snippet, it implies an equivalent meaning to NOASSERTION.
• *Change cardinality of SnippetLicenseConcluded to optional 0..1
• Update the description in the LicenseInfoInSnippet to include the line If the License Information in Snippet field is not present for a snippet, it implies an equivalent meaning to NOASSERTION.
• *Change cardinality of LicenseInfoInSnippet to optional 0..1
• Update the description in the SnippetCopyrightText to include the line If the Snippet Copyright Text field is not present for a snippet, it implies an equivalent meaning toNOASSERTION.
• *Change cardinality of SnippetCopyrightText to optional 0..1

[goneall]

All tasks have been completed