Update spdx3.model to SPDX v3.0.1

[bact]

Update spdx_tools.spdx3.model to the latest in SPDX v3.0.1:

• Move Core Profile-related files to their own directories (following current v3 model structure)
  • from spdx_tools.spdx3.model to spdx_tools.spdx3.model.core
  • from spdx_tools.spdx3.writer.console to spdx_tools.spdx3.writer.console.core
• Type/Enums:
  • Complete/update entries in vocabularies (enums) (e.g. HashAlgorithm, RelationshipType).
    • ADLER32 algorithm is now available
    • New relationship types like HAS_OPTIONAL_COMPONENT
  • Add PresenceType, SupportType, FileKindType
  • Update RelationshipType conversion rules in bump_from_spdx2/relationship.py: using the table from Differences between V3.0 and V2.3: Relationship as a reference
  • ExternalIdentifierType: PURL -> PACKAGE_URL
  • RelationshipType: concludedLicense -> hasConcludedLicense
  • RelationshipType: declaredLicense -> hasDeclaredLicense
• Rename (see also CHANGELOG.md):
  • AIPackage: sensitivePersonalInformation -> useSensitivePersonalInformation
  • Build: parameters -> parameter
  • Core: ExternalReference -> ExternalRef
  • Core: ExternalReferenceType -> ExternalRefType
  • Core: imports -> import_ (cannot use "import", as it is Python's reserved)
  • Dataset: Dataset -> DatasetPackage
  • DatasetPackage: sensitivePersonalInformation -> hasSensitivePersonalInformation
  • Package: homepage -> homePage (home_page)
  • Software: SBOMType -> SbomType
• Others:
  • Fix type in class initialization (List cannot be None)
  • Sorting out imports, to avoid circular import issue
  • Update SPDX_OWL.json and context.json with ones generated from the latest v3.0.1 model at https://spdx.org/rdf/3.0.1/spdx-model.ttl (10 Oct 2024) (using instructions in the updated process.md)

Notes:

• Mapping between spdx2 and spdx3 (that is required for conversion) is not yet in this PR.
• SpdxOrganization individual is also not in this PR

[goneall]

@maxhbr - Can you take a quick look and give @bact feedback

Discussed on the 15 Oct 2024 tech call

[bact]

We might abandon this PR if we can generate the Python code from the model ontology file (I have learned from Gary that there's a work under going for that).

I think that's probably a better approach in terms of maintenance (and correctness to the model).

[keithofox]

I agree with you

…

On Mon, 4 Nov 2024 at 15:21, Arthit Suriyawongkul ***@***.***> wrote: We might abandon this PR if we can generate the Python code from the model ontology file. I think that's probably a better approach in terms of maintenance. — Reply to this email directly, view it on GitHub <#829 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ASN5JCPORMIRTAOD25IS3FDZ65YFFAVCNFSM6AAAAABPTY72NWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINJUG4YDCOJSGY> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>