refactor: metadata distribution to be an object#653
Merged
jkowalleck merged 4 commits into1.7-devfrom Sep 4, 2025
Merged
Conversation
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Member
Author
|
@prabhu @anthonyharrison what do you think, does this refactor make sense to you? |
jkowalleck
changed the title
jkowalleck
changed the title
prabhu
reviewed
Jun 16, 2025
| "title": "Distribution", | ||
| "description": "The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes.", | ||
| "$ref": "#/definitions/tlpClassification" | ||
| "distributionConstraints": { |
Contributor
There was a problem hiding this comment.
How about distributionTerms or sharingPolicies rather than constraints?
prabhu
reviewed
Jun 16, 2025
prabhu
reviewed
Jun 16, 2025
| message Metadata { | ||
| message DistributionConstraints { | ||
| // The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes. | ||
| optional TlpClassification tlp = 1; |
Contributor
There was a problem hiding this comment.
tlpClassification or tlpLabel is a bit verbose but could be easy to understand without the need for a help text.
jkowalleck
changed the title
Member
Author
|
@stevespringett what do you think? should we merge this one? |
Member
|
Much more flexible @jkowalleck |
Member
Author
|
@prabhu thank you for your suggestion, the implementation was changed accordingly. |
Merged
stevespringett
added a commit
that referenced
this pull request
Oct 21, 2025
## Fixed * XML schema: add type for `ComponentData` sub-elements ([#600] via [#601]) * JSON schema: added the correct `deprecated` mark for already deprecated structures (via [a973a6b]) ## Deprecated * Deprecated various fields and structures related to _cryptographic transparency_ - _CBOM_ . (via [#657]) Use the newly added structures and fields for detailing the information instead. ## Changed * Extended the scope of _formulations_. (via [#647]) From now on, _formulations_ may be used to describe how any referencable object within the BOM came together, including components, services, metadata, declarations, or the BOM itself. Before, it was restricted to components and services. ## Added * Support for _external components_ with _version-ranges_ ([#321] via [#586]) * Support for _multiple_ SPDX License Expressions alongside with other licenses ([#454] via [#582]) * Support for _Streebog hashing algorithm_ ([#485] via [#525]) * Support for license expression _details and properties_ ([#549], [#554] via [#599]) * Support for expressing BOM distribution constraints with the _Traffic Light Protocol_ (TLP) in metadata ([#595] via [#604], [#653]) * Support for representing _patent information_ ([#596] via [#597]) * Support for _properties_ on external-references ([#608] via [#610]) * Support for _citations_ ([#630] via [#629]) * Support for detailing _cryptographic transparency_ information - _CBOM_ ([#569] via [#657]) ## Documentation * Elaborated component classification "platform", explicitly expressed that it includes just-in-time compilers and interpreters ([#233] via [#647]) * Removed the term "optional" from the schema where the definition was already unambiguous ([#616], [#649] via [#680]) ## Test data * Add test data for CycloneDX 1.7 implementations in XML, JSON, Protobuf [#233]: #233 [#321]: #321 [#454]: #454 [#485]: #485 [#525]: #525 [#549]: #549 [#554]: #554 [#569]: #569 [#582]: #582 [#586]: #586 [#595]: #595 [#596]: #596 [#597]: #597 [#599]: #599 [#600]: #600 [#601]: #601 [#604]: #604 [#608]: #608 [#610]: #610 [#616]: #616 [#629]: #629 [#630]: #630 [#647]: #647 [#649]: #649 [#653]: #653 [#657]: #657 [#680]: #680 [a973a6b]: a973a6b ---- - fixes #233 - fixes #321 - fixes #454 - fixes #485 - fixes #549 - fixes #554 - fixes #595 - fixes #596 - fixes #600 - fixes #608 - fixes #629 - fixes #616 - fixes #649
luckystar-crypto
pushed a commit
to luckystar-crypto/specification
that referenced
this pull request
Jan 27, 2026
## Fixed * XML schema: add type for `ComponentData` sub-elements ([#600] via [#601]) * JSON schema: added the correct `deprecated` mark for already deprecated structures (via [a973a6b]) ## Deprecated * Deprecated various fields and structures related to _cryptographic transparency_ - _CBOM_ . (via [#657]) Use the newly added structures and fields for detailing the information instead. ## Changed * Extended the scope of _formulations_. (via [#647]) From now on, _formulations_ may be used to describe how any referencable object within the BOM came together, including components, services, metadata, declarations, or the BOM itself. Before, it was restricted to components and services. ## Added * Support for _external components_ with _version-ranges_ ([#321] via [#586]) * Support for _multiple_ SPDX License Expressions alongside with other licenses ([#454] via [#582]) * Support for _Streebog hashing algorithm_ ([#485] via [#525]) * Support for license expression _details and properties_ ([#549], [#554] via [#599]) * Support for expressing BOM distribution constraints with the _Traffic Light Protocol_ (TLP) in metadata ([#595] via [#604], [#653]) * Support for representing _patent information_ ([#596] via [#597]) * Support for _properties_ on external-references ([#608] via [#610]) * Support for _citations_ ([#630] via [#629]) * Support for detailing _cryptographic transparency_ information - _CBOM_ ([#569] via [#657]) ## Documentation * Elaborated component classification "platform", explicitly expressed that it includes just-in-time compilers and interpreters ([#233] via [#647]) * Removed the term "optional" from the schema where the definition was already unambiguous ([#616], [#649] via [#680]) ## Test data * Add test data for CycloneDX 1.7 implementations in XML, JSON, Protobuf [#233]: CycloneDX/specification#233 [#321]: CycloneDX/specification#321 [#454]: CycloneDX/specification#454 [#485]: CycloneDX/specification#485 [#525]: CycloneDX/specification#525 [#549]: CycloneDX/specification#549 [#554]: CycloneDX/specification#554 [#569]: CycloneDX/specification#569 [#582]: CycloneDX/specification#582 [#586]: CycloneDX/specification#586 [#595]: CycloneDX/specification#595 [#596]: CycloneDX/specification#596 [#597]: CycloneDX/specification#597 [#599]: CycloneDX/specification#599 [#600]: CycloneDX/specification#600 [#601]: CycloneDX/specification#601 [#604]: CycloneDX/specification#604 [#608]: CycloneDX/specification#608 [#610]: CycloneDX/specification#610 [#616]: CycloneDX/specification#616 [#629]: CycloneDX/specification#629 [#630]: CycloneDX/specification#630 [#647]: CycloneDX/specification#647 [#649]: CycloneDX/specification#649 [#653]: CycloneDX/specification#653 [#657]: CycloneDX/specification#657 [#680]: CycloneDX/specification#680 [a973a6b]: CycloneDX/specification@a973a6b ---- - fixes #233 - fixes #321 - fixes #454 - fixes #485 - fixes #549 - fixes #554 - fixes #595 - fixes #596 - fixes #600 - fixes #608 - fixes #629 - fixes #616 - fixes #649
jvdsn
pushed a commit
to jvdsn/specification
that referenced
this pull request
Feb 23, 2026
Refactored `metadata.distribution` to be more verbose in its name, and made it more versatile by converting it to an "object" with "TLP" as a property. caused by CycloneDX#603 (comment)
jvdsn
pushed a commit
to jvdsn/specification
that referenced
this pull request
Feb 23, 2026
## Fixed * XML schema: add type for `ComponentData` sub-elements ([CycloneDX#600] via [CycloneDX#601]) * JSON schema: added the correct `deprecated` mark for already deprecated structures (via [a973a6b]) ## Deprecated * Deprecated various fields and structures related to _cryptographic transparency_ - _CBOM_ . (via [CycloneDX#657]) Use the newly added structures and fields for detailing the information instead. ## Changed * Extended the scope of _formulations_. (via [CycloneDX#647]) From now on, _formulations_ may be used to describe how any referencable object within the BOM came together, including components, services, metadata, declarations, or the BOM itself. Before, it was restricted to components and services. ## Added * Support for _external components_ with _version-ranges_ ([CycloneDX#321] via [CycloneDX#586]) * Support for _multiple_ SPDX License Expressions alongside with other licenses ([CycloneDX#454] via [CycloneDX#582]) * Support for _Streebog hashing algorithm_ ([CycloneDX#485] via [CycloneDX#525]) * Support for license expression _details and properties_ ([CycloneDX#549], [CycloneDX#554] via [CycloneDX#599]) * Support for expressing BOM distribution constraints with the _Traffic Light Protocol_ (TLP) in metadata ([CycloneDX#595] via [CycloneDX#604], [CycloneDX#653]) * Support for representing _patent information_ ([CycloneDX#596] via [CycloneDX#597]) * Support for _properties_ on external-references ([CycloneDX#608] via [CycloneDX#610]) * Support for _citations_ ([CycloneDX#630] via [CycloneDX#629]) * Support for detailing _cryptographic transparency_ information - _CBOM_ ([CycloneDX#569] via [CycloneDX#657]) ## Documentation * Elaborated component classification "platform", explicitly expressed that it includes just-in-time compilers and interpreters ([CycloneDX#233] via [CycloneDX#647]) * Removed the term "optional" from the schema where the definition was already unambiguous ([CycloneDX#616], [CycloneDX#649] via [CycloneDX#680]) ## Test data * Add test data for CycloneDX 1.7 implementations in XML, JSON, Protobuf [CycloneDX#233]: CycloneDX#233 [CycloneDX#321]: CycloneDX#321 [CycloneDX#454]: CycloneDX#454 [CycloneDX#485]: CycloneDX#485 [CycloneDX#525]: CycloneDX#525 [CycloneDX#549]: CycloneDX#549 [CycloneDX#554]: CycloneDX#554 [CycloneDX#569]: CycloneDX#569 [CycloneDX#582]: CycloneDX#582 [CycloneDX#586]: CycloneDX#586 [CycloneDX#595]: CycloneDX#595 [CycloneDX#596]: CycloneDX#596 [CycloneDX#597]: CycloneDX#597 [CycloneDX#599]: CycloneDX#599 [CycloneDX#600]: CycloneDX#600 [CycloneDX#601]: CycloneDX#601 [CycloneDX#604]: CycloneDX#604 [CycloneDX#608]: CycloneDX#608 [CycloneDX#610]: CycloneDX#610 [CycloneDX#616]: CycloneDX#616 [CycloneDX#629]: CycloneDX#629 [CycloneDX#630]: CycloneDX#630 [CycloneDX#647]: CycloneDX#647 [CycloneDX#649]: CycloneDX#649 [CycloneDX#653]: CycloneDX#653 [CycloneDX#657]: CycloneDX#657 [CycloneDX#680]: CycloneDX#680 [a973a6b]: CycloneDX@a973a6b ---- - fixes CycloneDX#233 - fixes CycloneDX#321 - fixes CycloneDX#454 - fixes CycloneDX#485 - fixes CycloneDX#549 - fixes CycloneDX#554 - fixes CycloneDX#595 - fixes CycloneDX#596 - fixes CycloneDX#600 - fixes CycloneDX#608 - fixes CycloneDX#629 - fixes CycloneDX#616 - fixes CycloneDX#649
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refactored
metadata.distributionto be more verbose in its name, and made it more versatile by converting it to an "object" with "TLP" as a property.caused by #603 (comment)