Invalid tag:value SPDX file is valid according to tools-java

[vargenau]

bug.spdx.txt

File bug.spdx is invalid according to tools-python:

pyspdxtools -i bug.spdx
ERROR:root:There have been issues while parsing the provided document:
Element Package is not the current element in scope, probably the expected tag to start the element (PackageName) is missing. Line: 32

tools-java does not detect it as invalid

tools-java release 1.1.8

[goneall]

It looks like the FilesAnalyzed is after the Relationships which is invalid - agree this is a bug.

@vargenau Thanks for reporting it.

I'll transfer the issue to the tag/value parser project which does the parsing and validation.

[goneall]

After researching #58 I've come to the conclusion this is actually valid since the spec does not state what order the relationships and files analyzed flags should be in.

@vargenau - let me know if you agree. If so, it looks like this may be an issue for the tools-python library.

[goneall]

@vargenau - Never mind - I found the documentation that states the relationships information "may" follow the package information before the file information. It isn't very clear, but you could read this as the ordering is required.

I'll leave this open as a bug.