search

CycloneDX / cyclonedx-property-taxonomy

A taxonomy of all official CycloneDX property namespaces and names
https://cyclonedx.github.io/cyclonedx-property-taxonomy/
Apache License 2.0
14 stars 29 forks source link

rust-related sub-namespaces under `cdx` #75

Closed lfrancke closed 3 weeks ago

lfrancke commented 10 months ago

We would like to record information in properties which don't have a place elsewhere.

For that we'd like to request a namespace under cdx.

Our idea is to have two namespaces: rustc (or rust?) and cargo.

@Shnatsel:

So that concepts that exist on the rustc level could still be encoded regardless of the build system. There are use cases for rustc without cargo , usually when embedding in a mixed-language project. Bazel and Meson are commonly used in this case instead of cargo.

Once a decision has been reached we're happy to provide the proper PR for this issue. One namespace would probably be empty at this moment but the other one (rust) will include the target architecture which e.g. Go already does as well using the property name cdx:gomod:build:env:GOARCH. For rust it would probably be called rustc:target or similar.

Shnatsel commented 10 months ago

I think the best approach would be cdx:rustc:target:triple. Rationale:

  1. Decouples rustc concepts (target triple) from build system concerns (and there may be different build systems used with rustc)
  2. There are other ways to specify a target - custom target specifications exist, although currently are unstable. It would make sense to put them under cdx:rustc:target namespace once they are stabilized upstream.

Target triples are part of the compiler, not the language, so I think rustc makes more sense than rust.

lfrancke commented 10 months ago

@jkowalleck Any opinions/objections to the plan from @Shnatsel? If not, one of us will send a PR with the necessary changes.

jkowalleck commented 10 months ago

please send the PR :rocket:

you are the experts, all i might do is nagging about naming conventions