Use distributionId instead of distributionType to identifiy disributions#215
Use distributionId instead of distributionType to identifiy disributions#215oej merged 2 commits intoCycloneDX:mainfrom
Conversation
…tributions [CycloneDX#198] Signed-off-by: Pavel Shukhman <pavel@reliza.io>
|
Clarify scope of UUID - that it's global. |
|
#217 - this should be apply to the TEA spec as a whole, not specifically to this PR. |
| "$ref": "#/components/schemas/checksum" | ||
| required: | ||
| - id | ||
| - distributionId |
There was a problem hiding this comment.
Should a description be required too?
| - distributionId | |
| - distributionId | |
| - description |
There was a problem hiding this comment.
I'd say no, this will become optional once we have proper ontology. I don't think we should make it required even at this stage.
There was a problem hiding this comment.
Good point!
Since all objects have UUIDs, human-readable names are not really necessary. Should we therefore also mark the name field of Product and Component as optional?
There was a problem hiding this comment.
I don't have a strong opinion here, but I'd say I wouldn't expect a Product or a Component to not have name. But maybe there are other opinions.
Co-authored-by: Piotr P. Karwasz <piotr@github.copernik.eu> Signed-off-by: Pavel Shukhman <taleodor@users.noreply.github.com>
3 participants
This PR resolves #198 for the 1.0 release. It removes the distributionType string field as it is not clearly enumerated. Instead it introduces the distributionId UUID field that allows to map TEA Artifacts to specific distributions.