search

oasis-tcs / csaf

OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code
https://github.com/oasis-tcs/csaf
Other
148 stars 39 forks source link

Introduce provider-metadata.json to ease automation #289

Closed tschmidtb51 closed 3 years ago

tschmidtb51 commented 3 years ago

While writing the requirements for the CSAF provider I realized that our current suggestion makes it harder for automation than it should be as we offer multiple options which can be served as a CSAF provider. As a user you don't know in advance which option will be used. Therefore, I suggest to link all to a provider-metadata.json (instead of either a directory or a ROLIE service document) which will explicitly state also the metadata used later on for the CSAF aggregator.

This would allow to skip the ROLIE Service Document.

Thoughts?

Flag @sthagen, @santosomar, @mprpic, @tolim, @zmanion for attention...

santosomar commented 3 years ago

That probably will require TC discussion. Can you send it via email to the TC?

sthagen commented 3 years ago

Is this more a constrained vocabulary or do we offer an extension point (to add option values)?

tschmidtb51 commented 3 years ago

I'll write up an suggestion and provide that as a DRAFT PR and link to that via email.

tschmidtb51 commented 3 years ago

I added the Draft PR #290. Please comment directly there.