Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Editor revision for TC meeting 2025-01-29 #861

Merged
merged 52 commits into from
Feb 14, 2025
Merged

Editor revision for TC meeting 2025-01-29 #861

merged 52 commits into from
Feb 14, 2025

Conversation

tschmidtb51
Copy link
Contributor

@tschmidtb51 tschmidtb51 commented Jan 29, 2025
edited
Loading

mprpic and others added 30 commits December 3, 2024 14:18
@mprpic
Support multiple purl identifiers in product_identification_helper
a6888cd 
This allows a vendor to specify multiple purl identifiers for a single
component (present as a product version branch in the product tree).
Multiple purls may identify the same component but point to different
locations from where that component may be available. Thus, it is mandatory
that if multiple purls are present in a single
product_identification_helper object, they must only differ in their
qualifiers. Otherwise they should be set up as different product
tree branches.
@tschmidtb51
Merge pull request #781 from mprpic/add-multiple-purls
46d08a1 
Support multiple purl identifiers in product_identification_helper
@tschmidtb51
PURLs
59bcbc3 
- addresses parts of #774
- assign new test number based on current master branch
@tschmidtb51
Merge branch 'master' into add-multiple-purls
625c699
@tschmidtb51
PURLs
70fe6a9 
- addresses parts of #774, #781, #693
- add `\\` to mask `/` (based on discussion in #693)
@tschmidtb51
PURLs
9b0aee0 
- addresses parts of #774, #781
- adapt prose to meet writing style and align with schema
@tschmidtb51
PURLs
918a9c0 
- addresses parts of #774, #781
- sort list entries
@tschmidtb51
PURLs
8a4229c 
- addresses parts of #774, #781, #341
- improve wording
- add valid example
@tschmidtb51
PURLs
f221842 
- addresses parts of #774, #781, #341
- improve wording of 6.1.42
- move tests to testfiles
- add invalid examples
- add valid examples
- adapt test schema
@tschmidtb51
Test 6.1.13
f622550 
- addresses parts of #774, #781, #341
- add valid example
- add invalid example for oci case (not namespace allowed)
@sthagen
Fixed nits in participants table
5839300 
- names and affiliations should match roster
- sorted lines
@tschmidtb51
Merge pull request #854 from tschmidtb51/add-multiple-purls
a18eac1 
Add multiple purls
@tschmidtb51
Seed Editor revision 2025-01-29
97caefa 
- update dates
- insert new revision for tracking
@tschmidtb51
ROLIE update
c330acc 
- addresses parts of #677
- add `last_updated` ROLIE section in PMD schema
@tschmidtb51
ROLIE update
21a07b7 
- addresses parts of #677
- adapt examples to reflect change
@tschmidtb51
Hardware and Software
0146183 
- addresses parts of #817
- add section about hardware/software separation with example
- add full describe rule
@sthagen
Nit: incomplete word
9d9915c
@tschmidtb51
Hardware and Software
95123f2 
- addresses parts of #817
- add optional test to detect potential mixing of hard- and software (6.2.31)
- add invalid example
- add valid examples
@tschmidtb51
Hardware and Software
f48deb4 
- addresses parts of #817
- clarify the informative note about test failure
@tschmidtb51
Hardware and Software
92d8e4e 
- addresses parts of review comment of #857
- state linking in vulnerability section as example
@tschmidtb51
Hardware and Software
8a8062e 
- addresses parts of review comment of #857
- soften statement and link to CVE statistics
@tschmidtb51
Hardware and Software
54387f4 
- addresses parts of review comment of #857
- remove "prohibited" from informative paragraph
@tschmidtb51
Merge remote-tracking branch 'upstream/master' into editorial-2025-01-29
3b77317
@tschmidtb51
Merge pull request #855 from tschmidtb51/editorial-2025-01-29
b7d4282 
Seed Editor revision 2025-01-29
@tschmidtb51
Merge pull request #856 from tschmidtb51/rolie-update
f8a5382 
ROLIE update
@sthagen @tschmidtb51
Update csaf_2.1/prose/edit/src/schema-elements-01-defs-03-full-produc…
2dde099 
…t-name.md

Co-authored-by: tschmidtb51 <[email protected]>
@tschmidtb51
Merge pull request #860 from oasis-tcs/add-multiple-purls
9394660 
Add multiple purls
@sthagen
Candidate rewording of informative text
65d1937 
Feel free to revert ...
@tschmidtb51
Hardware and Software
a2153c1 
- addresses parts of #817
- add optional test to detect multiple same PIH (6.2.32)
- add invalid examples
- add valid examples
@tschmidtb51
Hardware and Software
f06f76d 
- addresses parts of review comment of #857
- remove merge artifact
- clarify text regarding matching
@tschmidtb51 tschmidtb51 requested a review from sthagen January 29, 2025 17:40
@tschmidtb51 tschmidtb51 self-assigned this Jan 29, 2025
@tschmidtb51
Editorial
002d145 
- addresses parts of #841
- correct vers example by removing invalid space
@tschmidtb51
Editorial
7d0596a 
- addresses parts of #841
- update link to vers
@tschmidtb51
Editorial
7a76fde 
- addresses parts of #841
- update count of conformance targets
@tschmidtb51
Editorial
d65ae21 
- addresses parts of #841
- fix refs in date and time (wrong brackets)
@tschmidtb51
Editorial
b120de2 
- addresses parts of #841
- fix format mistake
- add section 5 to be of relevance for conformance
@tschmidtb51
Editorial
cf4bf19 
- addresses parts of #841
- sort guidance on size
- remove obsolete scores from guidance on size
@tschmidtb51
Editorial
cc99221 
- addresses parts of #841
- update OpenSSL digest list
sthagen
sthagen approved these changes Jan 31, 2025
View reviewed changes
Copy link
Contributor

@sthagen sthagen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@tschmidtb51
Editorial
8af0da6 
- addresses parts of #841
- update reference to ISO 8601
@tschmidtb51
Editorial
a3838d7 
- addresses parts of #841
- update SBOM format references
@tschmidtb51
CWEs
e8b9bf0 
- addresses parts of #530, #841
- rephrase test 6.1.11 and 6.3.4 to clarify the test according to the change to multiple CWEs
@tschmidtb51
PURLs
c5d313c 
- addresses parts of #774, #841
- add conversion rule
- correct JSON path by adding missing `product_identification_helper` part
@tschmidtb51
Editorial
ed47b21 
- addresses parts of #841
- update missing dates
- update CVE link
@tschmidtb51
Editorial
fe9c600 
- addresses parts of #841, #817, #629
- clearly state that additional conventions have to be respected by the consumer
@tschmidtb51
Merge pull request #862 from tschmidtb51/editorial-2025-01-29
afa3576 
Editorial for Editor revision 2025-01-29
@tschmidtb51 tschmidtb51 requested a review from sthagen January 31, 2025 21:40
sthagen
sthagen approved these changes Feb 9, 2025
View reviewed changes
Copy link
Contributor

@sthagen sthagen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still LGTM.

santosomar
santosomar approved these changes Feb 9, 2025
View reviewed changes
Copy link
Contributor

@santosomar santosomar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for all your work here!!

@sthagen
Added missing section entries
486b1b6 
Signed-off-by: Stefan Hagen <[email protected]>
@sthagen sthagen marked this pull request as draft February 14, 2025 15:59
@sthagen
Copy link
Contributor

sthagen commented Feb 14, 2025

Converted to draft to block merge while the editors are still adding purely editorial consistency commits.

@sthagen sthagen marked this pull request as ready for review February 14, 2025 17:21
@sthagen sthagen merged commit ed6e732 into master Feb 14, 2025
10 checks passed
@sthagen sthagen deleted the editor-revision-2025-01-29 branch February 14, 2025 17:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sthagen sthagen sthagen approved these changes

@santosomar santosomar santosomar approved these changes

Assignees

@tschmidtb51 tschmidtb51

Labels
csaf 2.1 csaf 2.1 work editor-revision already worked on in the editor revision
Projects
None yet
Milestone
No milestone
4 participants
@tschmidtb51 @sthagen @santosomar @mprpic