docs

jkowalleck · jkowalleck · commit b2c5ca52e1d5 · 2025-02-27T16:04:47.000+01:00
Signed-off-by: Jan Kowalleck &lt;jan.kowalleck@gmail.com&gt;
diff --git a/schema/bom-1.7.proto b/schema/bom-1.7.proto
@@ -423,6 +423,7 @@ message LicenseExpressionDetailed {
 
   // Specifies the details and attributes related to a software license identifier.
   // (An SPDX expression may be a compound of license identifiers.)
+  // The field `license_identifier` serves as the key which identifies each record. The key is not meant to be unique, as one and the same license identifier could apply to multiple, different but similar license details, texts, etc.
   message ExpressionDetails {
     // A valid SPDX license identifier. Refer to https://spdx.org/specifications for syntax requirements.
     // This field serves as the primary key, which uniquely identifies each record.
@@ -446,7 +447,7 @@ message LicenseExpressionDetailed {
   optional string bom_ref = 2;
   // Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.
   optional LicenseAcknowledgementEnumeration acknowledgement = 3;
-  // Details for parts of the `expression`. The field `details.license_identifier` serves as the primary key, which uniquely identifies each record.
+  // Details for parts of the `expression`.
   repeated ExpressionDetails details = 4;
 }
 
diff --git a/schema/bom-1.7.schema.json b/schema/bom-1.7.schema.json
@@ -1500,7 +1500,7 @@
                 "type": "array",
                 "items": {
                   "type": "object",
-                  "description": "Specifies the details and attributes related to a software license identifier.\n(An SPDX expression may be a compound of license identifiers.)",
+                  "description": "Specifies the details and attributes related to a software license identifier.\n(An SPDX expression may be a compound of license identifiers.)\nThe property `licenseIdentifier` serves as the key which identifies each record. The key is not meant to be unique, as one and the same license identifier could apply to multiple, different but similar license details, texts, etc.",
                   "required": [
                     "licenseIdentifier"
                   ],
diff --git a/schema/bom-1.7.xsd b/schema/bom-1.7.xsd
@@ -1000,6 +1000,7 @@ limitations under the License.
                         <xs:documentation>
                             Specifies the details and attributes related to a software license identifier.
                             (An SPDX expression may be a compound of license identifiers.)
+                            The attribute `license-identifier` serves as the key which identifies each record. The key is not meant to be unique, as one and the same license identifier could apply to multiple, different but similar license details, texts, etc.
                         </xs:documentation>
                     </xs:annotation>
                     <xs:sequence>
