ExternalReference ReferenceCategory: discrepancy between v2.2.2 JSON schema file and and docs

[wterpstra]

I raised an issue with CycloneDX around the way the ReferenceCategory of an ExternalReference is handled. During the investigation a discrepancy between the documentation and the schema file was found:

Here for version 2.2.2 the ExternalReference ReferenceCategory the values OTHER, SECURITY and PACKAGE_MANAGER are allowed:

spdx-spec/schemas/spdx-schema.json

Lines 340 to 344 in a05c12a

	"referenceCategory" : {
	"description" : "Category for the external reference",
	"type" : "string",
	"enum" : [ "OTHER", "SECURITY", "PACKAGE_MANAGER" ]
	},

However, in the 2.2.2 documentation the values SECURITY, PACKAGE-MANAGER , PERSISTENT-ID and OTHER are allowed. Note the difference between the dash and underscore for the package manager value and the lack of the PERSISTENT-ID in the schema.

The 2.3 schema does have these values:

spdx-spec/schemas/spdx-schema.json

Lines 322 to 326 in aadf3b0

	"referenceCategory" : {
	"description" : "Category for the external reference",
	"type" : "string",
	"enum" : [ "OTHER", "PERSISTENT-ID", "SECURITY", "PACKAGE-MANAGER" ]
	},

So maybe while writing the documentation for version 2.2.2 the values from version 2.3 were used?

What should the correct values be?

[wterpstra]

Never mind, this is a duplicate of #798 and #792