13 Review information section (deprecated)

13.1 Reviewer field (deprecated)

This field has been deprecated since SPDX 2.0.

13.1.1 Description

This field identifies the person, organization or tool that has reviewed the SPDX document. This field is optional and thus there is no requirement for any reviewer to add a set of review information to the SPDX document. This can be considered as an equivalent to “signed off” or “reviewed by.” Additional reviewers can be added after the original version of the SPDX document is created and be appended to the original SPDX document. The metadata for the reviewer field is shown in Table 76.

Table 76 — Metadata for the reviewer field

Attribute Value
Required No
Cardinality 0..1
Format Single line of text with the following keywords.
"Person: person name" and optional "(email)"
"Organization: organization" and optional "(email)"
"Tool: tool identifier - version"

13.1.2 Intent

Here, as time progresses certain reviewers will begin to gain credibility as reliable. This field intends to make such information transparent. It may also be important for participants in the software supply chain to validate whether upstream providers have reviewed the SPDX document.

13.1.3 Examples

EXAMPLE 1 Tag: Reviewer:

Reviewer: Person: Jane Doe ()

EXAMPLE 2 RDF: Property spdx:reviewer in class spdx:Review

<Review>
    <reviewer> Person: Jane Doe () </reviewer>
</Review>

13.2 Review date field (deprecated)

This field has been deprecated since SPDX 2.0.

13.2.1 Description

Identify when the review was done. This shall be specified according to the combined date and time in the UTC format, as specified in the ISO 8601 standard. The metadata for the review date field is shown in Table 77.

Table 77 — Metadata for the review date field

Attribute Value
Required Conditional
Cardinality 0..1 conditional (Mandatory, one), if there is a Reviewer.
Format YYYY-MM-DDThh:mm:ssZ
where:
  • YYYY is year
  • MM is month with leading zero
  • DD is day with leading zero
  • T is delimiter for time
  • hh is hours with leading zero in 24-hour time
  • mm is minutes with leading zero
  • ss is seconds with leading zero
  • Z is universal time indicator

13.2.2 Intent

Here, the ReviewDate can serve as a verification as to when the actual review was done.

13.2.3 Examples

EXAMPLE 1 Tag: ReviewDate:

ReviewDate: 2010-01-29T18:30:22Z

EXAMPLE 2 RDF: Property spdx:reviewDate in class spdx:Review

<Review>
    <reviewDate> 2010-01-29T18:30:22Z </reviewDate>
</Review>

13.3 Review comment field (deprecated)

This field is deprecated since SPDX 2.0.

13.3.1 Description

This optional free form text field permits the reviewer to provide commentary on the analysis. The metadata for the review comment field is shown in Table 78.

Table 78 — Metadata for the review comment field

Attribute Value
Required No
Cardinality 0..1
Format Free form text that may span multiple lines.

13.3.2 Intent

This allows the reviewer to provide independent assessment and note any points where there is disagreement with the analysis.

13.3.3 Examples

EXAMPLE 1 Tag: ReviewComment:

In tag:value format multiple lines are delimited by <text> .. </text>.

ReviewComment: <text>All of the licenses seen in the file, are matching
what was seen during manual inspection. There are some terms that can
influence the concluded license, and some alternatives may be possible,
but the concluded license is one of the options.</text>

EXAMPLE 2 RDF: Property rdfs:comment in class spdx:Review

<Review>
    <rdfs:comment>All of the licenses seen in the file, are
    matching what was seen during manual inspection. There
    are some terms that can influence the concluded license, 
    and some alternatives may be possible, but the concluded
    license is one of the options.</rdfs:comment>
</Review>