Hashes in JSON output are not deterministically ordered #165
Labels
bug
Something isn't working
Comments
|
@karsten-klein - Thanks for raising the issue. I agree, it should be deterministic. There is already a sorting in the JSON output, it must somehow miss the hash algorithms. Since there are substantial changes to the SPDX 3 version, I would prefer to make the changes there to avoid merge conflicts unless you consider this to be a serious enough issue for a patch release. If a PR could be opened against the v3 branch of the spdx-java-jackson-store repo where the sort is done, that would be great. |
|
@karsten-klein - Let me know if this is still an issue with the 2.0.0-RC2 version of the tools. If this is still an issue, can you post an example how to reproduce? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When I create an SPDX document with multiple hashes on a package, the order of the hashes in the output json varies.
The hashes should follow a deterministic ordering.
Please let us know whether we shall prepare an PR for this. Perhaps it must be generalized to other output formats as well to produce comparable outputs.
Regards,
Karsten
The text was updated successfully, but these errors were encountered: