refactor: metadata distribution to be an object #653
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
|
@prabhu @anthonyharrison what do you think, does this refactor make sense to you? |
Signed-off-by: Jan Kowalleck <[email protected]>
jkowalleck
changed the title
jkowalleck
changed the title
prabhu
reviewed
Jun 16, 2025
| "title": "Distribution", | ||
| "description": "The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes.", | ||
| "$ref": "#/definitions/tlpClassification" | ||
| "distributionConstraints": { |
There was a problem hiding this comment.
How about distributionTerms or sharingPolicies rather than constraints?
prabhu
reviewed
Jun 16, 2025
prabhu
reviewed
Jun 16, 2025
| message Metadata { | ||
| message DistributionConstraints { | ||
| // The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes. | ||
| optional TlpClassification tlp = 1; |
There was a problem hiding this comment.
tlpClassification or tlpLabel is a bit verbose but could be easy to understand without the need for a help text.
Signed-off-by: Jan Kowalleck <[email protected]>
jkowalleck
changed the title
|
@stevespringett what do you think? should we merge this one? |
|
Much more flexible @jkowalleck |
|
@prabhu thank you for your suggestion, the implementation was changed accordingly. |
Merged
stevespringett
added a commit
that referenced
this pull request
Oct 21, 2025
## Fixed * XML schema: add type for `ComponentData` sub-elements ([#600] via [#601]) * JSON schema: added the correct `deprecated` mark for already deprecated structures (via [a973a6b]) ## Deprecated * Deprecated various fields and structures related to _cryptographic transparency_ - _CBOM_ . (via [#657]) Use the newly added structures and fields for detailing the information instead. ## Changed * Extended the scope of _formulations_. (via [#647]) From now on, _formulations_ may be used to describe how any referencable object within the BOM came together, including components, services, metadata, declarations, or the BOM itself. Before, it was restricted to components and services. ## Added * Support for _external components_ with _version-ranges_ ([#321] via [#586]) * Support for _multiple_ SPDX License Expressions alongside with other licenses ([#454] via [#582]) * Support for _Streebog hashing algorithm_ ([#485] via [#525]) * Support for license expression _details and properties_ ([#549], [#554] via [#599]) * Support for expressing BOM distribution constraints with the _Traffic Light Protocol_ (TLP) in metadata ([#595] via [#604], [#653]) * Support for representing _patent information_ ([#596] via [#597]) * Support for _properties_ on external-references ([#608] via [#610]) * Support for _citations_ ([#630] via [#629]) * Support for detailing _cryptographic transparency_ information - _CBOM_ ([#569] via [#657]) ## Documentation * Elaborated component classification "platform", explicitly expressed that it includes just-in-time compilers and interpreters ([#233] via [#647]) * Removed the term "optional" from the schema where the definition was already unambiguous ([#616], [#649] via [#680]) ## Test data * Add test data for CycloneDX 1.7 implementations in XML, JSON, Protobuf [#233]: #233 [#321]: #321 [#454]: #454 [#485]: #485 [#525]: #525 [#549]: #549 [#554]: #554 [#569]: #569 [#582]: #582 [#586]: #586 [#595]: #595 [#596]: #596 [#597]: #597 [#599]: #599 [#600]: #600 [#601]: #601 [#604]: #604 [#608]: #608 [#610]: #610 [#616]: #616 [#629]: #629 [#630]: #630 [#647]: #647 [#649]: #649 [#653]: #653 [#657]: #657 [#680]: #680 [a973a6b]: a973a6b ---- - fixes #233 - fixes #321 - fixes #454 - fixes #485 - fixes #549 - fixes #554 - fixes #595 - fixes #596 - fixes #600 - fixes #608 - fixes #629 - fixes #616 - fixes #649
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refactored
metadata.distributionto be more verbose in its name, and made it more versatile by converting it to an "object" with "TLP" as a property.caused by #603 (comment)