a . a ; "CreationInfo"; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ] . a ; "Review"; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ] . a ; "Identifies the algorithm used to produce a checksum."; ; "algorithm"; [ a ; [ a ]] . a ; "The checksumValue property provides a digest value produced using a specific algorithm."; ; "checksumValue"; . a ; "The creationInfo property relates an SpdxDocument to a set of information about the creation of the SpdxDocument."; ; "creationInfo"; . a ; "The describesPackage property relates an SpdxDocument to the package which it describes."; ; "describesPackage"; . a ; "The URI at which this package is available for download. Private (ie, not publicly reachable) URIs are acceptable as values of this property."; ; "downloadLocation"; . a ; "Verbatim license or licensing notice text that was discovered."; ; "extractedText"; . a ; "The name of the file relative to the root of the package."; ; "fileName"; . a ; "The type of the file."; ; "fileType"; [ a ; ( )] . a ; "The licensing that is declared by the authors of the package."; ; "licenseDeclared"; [ a ; ( )] . a ; "Licensing information that was discovered directly in the package. This is effectively a union of the licenseInfoInFile properties of all the files contained in the package."; ; "licenseInfoFromFiles"; [ a ; ( )] . a ; "Licensing information that was discovered directly in the subject File."; ; "licenseInfoInFile"; [ a ; ( )] . a ; "The full text of the license."; ; "licenseText"; . a ; "The full name of the package including version information."; ; "name"; . a ; "The base name of the package filename. This will often included the package name, version information and archive/compression method. For example, zlib-1.2.5.tar.gz."; ; "packageFileName"; . a ; "A manifest based hash of the package. This allows consumers of this dataset to determin if a package they have in hand is identical to the package from which the data was produced. This algorithm works even if the SPDX document is included in the package. This algorithm is described in detail in the SPDX spec."; ; "packageVerificationCode"; . a ; "The review property relates a SpdxDocument to the review history."; ; "reviewed"; . a ; "Allows the producer(s) of the SPDX document to describe how the package was acquired and/or changed from the original source."; ; "sourceInfo"; . a ; "Identifies the version of this specification that was used to produce this SPDX document."; ; "sdpxVersion"; . a ; "The checksum property provides a digest of a File or File. This allows consumers of the SPDX document to verify that the content of the files or package has not changed."; [ a ; ( )]; "checksum"; . a ; "The licensing that the preparer of this SPDX document has concluded, based on the evidence, actual applies to the package."; ; "licenseConcluded"; [ a ; ( )] . a ; "A short name for the license that is made up of ascii characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', and '-'."; ; "licenseId"; . a ; "A license, or other licensing information, that is a member of the subject license set."; [ a ; ( )]; "member"; [ a ; ( )] . a ; "Checksum"; [ a ; "1"; ], [ a ; "1"; ] . a ; "ConjunctiveLicenseSet"; [ a ; "1"; ] . a ; "DisjunctiveLicenseSet"; [ a ; "1"; ] . a ; "SpdxDocument"; [ a ; "1"; ], [ a ; ], [ a ; "1"; ], [ a ; "1"; ] . a ; "ExtractedLicensingInfo"; [ a ; "1"; ], [ a ; "1"; ] . a ; "File"; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ] . a ; "License"; [ a ; ], [ a ; "1"; ], [ a ; "1"; ] . a ; "Package"; [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ], [ a ; "1"; ] .