checksumValue uses upper case hex, should use lower case

Question

checksumValue uses upper case hex, should use lower case

ddillard opened this issue 6 months ago · 1 comments

In this case, the SPDX spec itself is silent on if it should be upper or lower case (or if either is acceptable, though the example provided is lower case), but the SPDX 2.3.1 JSON schema does specifically say it should be lower case: "The checksumValue property provides a lower case hexidecimal encoded digest value ..." (emphasis is mine)

"SPDXID": "SPDXRef-2b698769-5250-41ed-89e3-0630615e8cc8",
			"checksums": [
				{
					"algorithm": "SHA1",
					"checksumValue": "2CC97F5B3328F5934224E3090E2B80DCFE3575B4"
				}
			],

Answer 1 · 2024-07-01T21:39:11.000Z

Thanks, David. We will make this change in a future release.

This is not a NTIA Minimum SBOM element, which BCG considers the "required elements" within an SBOM.