Add source-distribution element to externalReferenceType
#269
Conversation
|
Cool, thanks, @tsjensen for taking the initiative here! |
|
@jkowalleck @stevespringett friendly ping 😄 |
protobuff is missing. |
Dang, right! Fixed now. |
|
@jkowalleck What do you think now? |
|
looks like a promising draft. 👍 @stevespringett this looks ready for the IWG, |
|
@jkowalleck I just realized that the tentative deadline for the 1.6 milestone is Dec 31st 2023 - can you already disclose whether the IWG has decided for this change to be included in 1.6? Currently it's still assigned to the milestone. Are there ways I can support here? |
|
we discussed this topic in our last core working group meeting. |
|
Glad to hear that! Let me know when the decision for the exact wording is made, and I'll update the PR. |
|
@tsjensen please change it to "source-distribution" |
|
Working on it! |
tsjensen
changed the title
source element to externalReferenceTypesource-distribution element to externalReferenceType
|
Done! |
stevespringett
added
promote to tc54
|
this feature was agreed and accepted in todays meeting. NEXT steps: |
|
something went wrong. need to investigate and revert my changes. sry. |
|
@tsjensen i am very sorry, something stupid happened. I am very sorry for the inconvenience, but ...
your previous changes are still there: 037eb89 you could revert to the previous state by
|
stevespringett
added
tc54 reviewed
|
Great to hear that it was accepted! No worries about the GitHub mishap, I'll restore stuff tomorrow. |
…X#98 Signed-off-by: Thomas Jensen <tsjensen@users.noreply.github.com>
|
@jkowalleck I restored the commit on my fork and rebased to the latest 1.6-dev: However I seem to lack permissions to reopen the PR. Can you try to reopen the PR? |
|
thank you for your effort, @tsjensen I just reopened this PR, tests are passing. |
## Added * Core enhancement: Attestation ([#192](#192) via [#348](#348)) * Core enhancement: Cryptography Bill of Materials — CBOM ([#171](#171), [#291](#291) via [#347](#347)) * Feature to express the URL to source distribution ([#98](#98) via [#269](#269)) * Feature to express the URL to RFC 9116 compliant documents ([#380](#380) via [#381](#381)) * Feature to express tags/keywords for services and components (via [#383](#383)) * Feature to express details for component authors ([#335](#335) via [#379](#379)) * Feature to express details for component and BOM manufacturer ([#346](#346) via [#379](#379)) * Feature to express communicate concluded values from observed evidences ([#411](#411) via [#412](#412)) * Features to express license acknowledgement ([#407](#407) via [#408](#408)) * Feature to express environmental consideration information for model cards ([#396](#396) via [#395](#395)) * Feature to express the address of organizational entities (via [#395](#395)) * Feature to express additional component identifiers: Universal Bill Of Receipts Identifier and Software Heritage persistent IDs ([#413](#413) via [#414](#414)) ## Fixed * Allow multiple evidence identities by XML/JSON schema ([#272](#272) via [#359](#359)) This was already correct via ProtoBuff schema. * Prevent empty `license` entities by XML schema ([#288](#288) via [#292](#292)) This was already correct in JSON/ProtoBuff schema. * Prevent empty or malformed `property` entities by JSON schema ([#371](#371) via [#375](#375)) This was already correct in XML/ProtoBuff schema. * Allow multiple `licenses` in `Metadata` by ProtoBuff schema ([#264](#264) via [#401](#401)) This was already correct in XML/JSON schema. ## Changed * Allow arbitrary `$schema` values by JSON schema ([#402](#402) via [#403](#403)) * Increased max length of `versionRange` (via [`3e01ce6`](3e01ce6)) * Harmonized length of `version` (via [#417](#417)) ## Deprecated * Data model "Component"'s field `author` was deprecated. (via [#379](#379)) Use field `authors` or field `manufacturer` instead. * Data model "Metadata"'s field `manufacture` was deprecated. ([#346](#346) via [#379](#379)) Use "Metadata"'s field `component`'s field `manufacturer` instead. - for XML: `/bom/metadata/component/manufacturer` - for JSON: `$.metadata.component.manufacturer` - for ProtoBuf: `Bom:metadata.component.manufacturer` ## Documentation * Centralize version and version-range (via [#322](#322)) * Streamlined SPDX expression related descriptions (via [#327](#327)) * Enhanced descriptions of `bom-ref`/`refType` ([#336](#336) via [#344](#344)) * Enhanced readability of enum documentation in JSON schema ([#361](#361) via [#362](#362)) * Fixed typo "compliment" -> "complement" (via [#369](#369)) * Added documentation for enum "ComponentScope"'s values in JSON schema ([#293](#293) via [`d92e58e`](d92e58e)) Texts were a taken from the existing ones in XML/ProtoBuff schema. * Added documentation for enum "TaskType"'s values ([#245](#245) via [#377](#377)) * Improve documentation for data model "Metadata"'s field `licenses` ([#273](#273) via [#378](#378)) * Added documentation for enum "MachineLearningApproachType"'s values ([#351](#351) via [#416](#416)) * Rephrased some texts here and there. ## Test data * Added test data for newly added use cases * Added quality assurance for our ProtoBuf schemas ([#384](#384) via [#385](#385))
Resolves #98
After a lot of discussions in #98, I thought it might help to have this PR in order to be as clear as possible about what the proposed change would be that we are discussing.
Please upvote this if you agree! Maybe we are lucky and the thing turns out to be simple. 😄
@stevespringett @jkowalleck Let me know if I missed something, I'll be happy to rework as needed.
Thank you for considering this.