I see in #618 that it was decided to use PACKAGE_MANAGER instead of PACKAGE-MANAGER as an external reference category. However, in a commit from July this was undone in the schema so that it now is PACKAGE-MANAGER. There are SBOM generators out there that use both values (I was doing some testing and noticed the difference when reviewing output). I personally don't care which one gets used, though I suspect PACKAGE_MANAGER would require fewer utilities to be updated, but either one needs to be chosen OR both need to be allowed for interoperability.
Note: This affects PERSISTENT_ID as well.
I see in #618 that it was decided to use PACKAGE_MANAGER instead of PACKAGE-MANAGER as an external reference category. However, in a commit from July this was undone in the schema so that it now is PACKAGE-MANAGER. There are SBOM generators out there that use both values (I was doing some testing and noticed the difference when reviewing output). I personally don't care which one gets used, though I suspect PACKAGE_MANAGER would require fewer utilities to be updated, but either one needs to be chosen OR both need to be allowed for interoperability.
Note: This affects PERSISTENT_ID as well.