Should we open issues to discuss how publishing to TEA would look for various ecosystems?
As I stated before, a TEA publisher REST API is probably not required in the first TEA versions.
For the Maven ecosystem I would expect TEA publishing to work as follows:
User publish artifacts with a classifier of cyclonedx or sbom, as they do now.
The Maven repository manager will expose those artifacts through some kind of additional TEA plugin. We probably should ask the main repository managers (Sonatype Nexus and JFrog) how they feel about exporting the current repository metadata through TEA.
Originally posted by @ppkarwasz in #55