Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename "manufacture" to "manufacturer"? #57

Closed
bradh opened this issue Apr 9, 2021 · 2 comments · Fixed by #379
Closed

Rename "manufacture" to "manufacturer"? #57

bradh opened this issue Apr 9, 2021 · 2 comments · Fixed by #379
Milestone

Comments

@bradh
Copy link
Contributor

bradh commented Apr 9, 2021

Would it be possible to rename "manufacture" to "manufacturer" (or deprecate old and add new)?

Maybe something like:

diff --git a/schema/bom-1.3-SNAPSHOT.schema.json b/schema/bom-1.3-SNAPSHOT.schema.json
index 8787ba7..e02949e 100644
--- a/schema/bom-1.3-SNAPSHOT.schema.json
+++ b/schema/bom-1.3-SNAPSHOT.schema.json
@@ -107,8 +107,8 @@
           "description": "The component that the BOM describes.",
           "$ref": "#/definitions/component"
         },
-        "manufacture": {
-          "title": "Manufacture",
+        "manufacturer": {
+          "title": "Manufacturer",
           "description": "The organization that manufactured the component that the BOM describes.",
           "$ref": "#/definitions/organizationalEntity"
         },
diff --git a/schema/bom-1.3-SNAPSHOT.xsd b/schema/bom-1.3-SNAPSHOT.xsd
index 9119864..dfe283c 100644
--- a/schema/bom-1.3-SNAPSHOT.xsd
+++ b/schema/bom-1.3-SNAPSHOT.xsd
@@ -71,7 +71,7 @@ limitations under the License.
                     <xs:documentation>The component that the BOM describes.</xs:documentation>
                 </xs:annotation>
             </xs:element>
-            <xs:element name="manufacture" type="bom:organizationalEntity" minOccurs="0" maxOccurs="unbounded">
+            <xs:element name="manufacturer" type="bom:organizationalEntity" minOccurs="0" maxOccurs="unbounded">
                 <xs:annotation>
                     <xs:documentation>The organization that manufactured the component that the BOM describes.</xs:documentation>
                 </xs:annotation>
@@ -231,7 +231,7 @@ limitations under the License.
             <xs:element name="supplier" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
                     <xs:documentation>The organization that supplied the component. The supplier may often
-                        be the manufacture, but may also be a distributor or repackager.</xs:documentation>
+                        be the manufacturer, but may also be a distributor or repackager.</xs:documentation>
                 </xs:annotation>
             </xs:element>
             <xs:element name="author" type="xs:normalizedString" minOccurs="0" maxOccurs="1">
diff --git a/schema/ext/bom-descriptor-1.0.xsd b/schema/ext/bom-descriptor-1.0.xsd
index 013f550..cc6447b 100644
--- a/schema/ext/bom-descriptor-1.0.xsd
+++ b/schema/ext/bom-descriptor-1.0.xsd
@@ -66,7 +66,7 @@ limitations under the License.
           <xs:documentation>The component that the BOM describes.</xs:documentation>
         </xs:annotation>
       </xs:element>
-      <xs:element name="manufacture" type="bd:organizationalEntity" minOccurs="0" maxOccurs="unbounded">
+      <xs:element name="manufacturer" type="bd:organizationalEntity" minOccurs="0" maxOccurs="unbounded">
         <xs:annotation>
           <xs:documentation>The organization that manufactured the component that the BOM describes.</xs:documentation>
         </xs:annotation>

And the examples (noting 1.2 can't be changed) would then be:

diff --git a/tools/src/test/resources/valid-metadata-manufacture-1.2.json b/tools/src/test/resources/valid-metadata-manufacture-1.2.json
index fb92230..68c7aff 100644
--- a/tools/src/test/resources/valid-metadata-manufacture-1.2.json
+++ b/tools/src/test/resources/valid-metadata-manufacture-1.2.json
@@ -4,7 +4,7 @@
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
   "version": 1,
   "metadata": {
-    "manufacture": {
+    "manufacturer": {
       "name": "Acme, Inc.",
       "url": [
         "https://example.com"
diff --git a/tools/src/test/resources/valid-metadata-manufacture-1.2.xml b/tools/src/test/resources/valid-metadata-manufacture-1.2.xml
index b6773a5..c6313d4 100644
--- a/tools/src/test/resources/valid-metadata-manufacture-1.2.xml
+++ b/tools/src/test/resources/valid-metadata-manufacture-1.2.xml
@@ -1,14 +1,14 @@
 <?xml version="1.0"?>
 <bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.2">
     <metadata>
-        <manufacture>
+        <manufacturer>
             <name>Acme, Inc.</name>
             <url>https://example.com</url>
             <contact>
                 <name>Acme Professional Services</name>
                 <email>professional.services@example.com</email>
             </contact>
-        </manufacture>
+        </manufacturer>
     </metadata>
     <components />
 </bom>
@coderpatros
Copy link
Member

Semantically I like the change. But, personally, I don’t see much value in this change. But see a lot of work to deprecate the old and support both for implementations.

@stevespringett
Copy link
Member

Agreed. It will be a lot of work putting forth a deprecation plan and supporting both implementations. This also assumes that a v2.0 of the CycloneDX spec would be available at a future date. A major release like 2.0 would be the point at which backward compatibility would be flexible enough to remove manufacture from the spec. There are currently no plans for 2.0 at this point, but there are plans to continue to evolve the spec by adding additional capabilities on top of the existing spec.

I see manufacture similar to HTTP referer. Referer is a misspelling, where as manufacture is a grammatical error. Both will likely never be corrected from their associated standards.

@bradh bradh closed this as completed Apr 10, 2021
@jkowalleck jkowalleck reopened this Nov 10, 2023
@jkowalleck jkowalleck added this to the 2.0 milestone Nov 10, 2023
@jkowalleck jkowalleck linked a pull request Feb 14, 2024 that will close this issue
8 tasks
stevespringett added a commit that referenced this issue Feb 22, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
The following changes were made with the intent to not introduce
breaking changes,
neither syntactic nor semantic(!)

## Changes 

- add `component.manufacturer` as "OrganizationalEntity"
  -- fixes #346
- add `component.authors` as list of "OrganizationalContact"
  -- fixes #335
- deprecate `component.author` in favour of `component.authors` and
`component.manufacturer`
- reason: value was described to be a string that could represent
person(s) or organization(s).
    So let's introduce dedicated fields for both of these: 
    Organizations are represented by the new `@.manufacturer` &
    persons are represented by the new `@.authors`.
- add `metatada.manufaturer` as "OrganizationalEntity"
  -- fixes #57
- deprecate `metatada.manufature` in favour of
`metadata.component.manufacturer`
  -- fixes #346


----

## TODO
- [x] update JSON schema
- [x] update XSD
- [x] update protobuff schema
- [x] add examples and test resources

## Follow up tasks
- [ ] update use cases on the Website
- [ ] update SBOM guide
- [ ] create a BC task for 2.0: remove deprecated `metadata.manufacture`
- [ ] create a BC task for 2.0: remove deprecated `component.author`
@jkowalleck jkowalleck mentioned this issue Feb 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants