feat: add component.manufacture
#372
Conversation
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
| "title": "Manufacture", | ||
| "description": "The organization that manufactured the component that the BOM describes.", | ||
| "title": "Manufacturer", | ||
| "description": "The organization that manufactured the CycloneDX document (the \"manufacturer\", although the property is misspelled).\nThis may be different from the manufacturer of the component that the CycloneDX document describes.", |
There was a problem hiding this comment.
❗ this would be a semantic change. technically this is a breaking change.
see also: #346 (comment)
related to #370
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
jkowalleck
changed the title
component.manufacturercomponent.manufacture
|
Since this is a new field of component, should we use |
I was just going with the already used field names. Just let me know whether to use the wrong-typed existing working "manufacture", |
IMO, we should endeavor to correct to "manufacturer" where possible. Meaning when/where we introduce the field name in new objects going forward... |
| @@ -141,6 +141,8 @@ message Component { | |||
| optional ComponentData data = 26; | |||
| // Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference. | |||
| optional CryptoProperties cryptoProperties = 27; | |||
| // The organization that manufactured the component (the "manufacturer", although the field is misspelled). | |||
There was a problem hiding this comment.
I would recommend some qualification to the ack. of the misspelling (where it MUST be preserved for 1.x compatibility) to change from ", although the field is misspelled" to ", although the field name is acknowledged to be misspelled in this version.". To indicate/imply that it is left that way intentionally (for this version).
|
i took the previous comemnts to heaert and will propose a significant change soon.
|
|
continued in #379 |
fixes #346