Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify difference between metadata.licenses and metadata.component.licenses #273

Closed
lfrancke opened this issue Jul 30, 2023 · 8 comments · Fixed by #378
Closed

Clarify difference between metadata.licenses and metadata.component.licenses #273

lfrancke opened this issue Jul 30, 2023 · 8 comments · Fixed by #378
Assignees
Milestone

Comments

@lfrancke
Copy link

The JSON Schema currently has this snippet for metadata.licenses:

        "licenses": {
          "title": "BOM License(s)",
          "$ref": "#/definitions/licenseChoice"
        },

This gets rendered as:

image

The title is not shown making it unclear what the difference is between those two.

I suggest adding a description.

Similar for XML:

            <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
@stevespringett stevespringett added this to the 1.6 milestone Jul 30, 2023
@stevespringett stevespringett self-assigned this Jul 30, 2023
@jkowalleck jkowalleck changed the title Clarify difference between metadata.licenses and metadata.component.licenses Clarify difference between metadata.licenses and metadata.component.licenses Dec 4, 2023
@jkowalleck
Copy link
Member

metadata.licenses is the license of the CycloneDX document.
the other one is the license of the component descibed by the document.

I will update the documentation on the schema files.

jkowalleck added a commit to jkowalleck/fork_CycloneDX-specification that referenced this issue Feb 6, 2024
fix CycloneDX#345 CycloneDX#273

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck jkowalleck linked a pull request Feb 6, 2024 that will close this issue
@jkowalleck
Copy link
Member

jkowalleck commented Feb 6, 2024

could I ask you for a review of #378 ?

@stevespringett
Copy link
Member

@jkowalleck is this still outstanding?

@stevespringett
Copy link
Member

Or can it be closed?

@jkowalleck
Copy link
Member

i intended to close it via https://github.com/CycloneDX/cyclonedx.org/issues/281
I'd say it can be closed, but i'd appreciate if @lfrancke could review the already merged #378
and tell if the change was suffitient, so that this issue might be closed

@lfrancke
Copy link
Author

I only have one comment on #378
But yes: I'm happy to close this either way. It's much clearer now, thank you!

@jkowalleck
Copy link
Member

@jkowalleck jkowalleck linked a pull request Mar 1, 2024 that will close this issue
@jkowalleck
Copy link
Member

all done

stevespringett added a commit that referenced this issue Apr 9, 2024
## Added

* Core enhancement: Attestation
([#192](#192) via
[#348](#348))
* Core enhancement: Cryptography Bill of Materials — CBOM
([#171](#171),
[#291](#291) via
[#347](#347))
* Feature to express the URL to source distribution
([#98](#98) via
[#269](#269))
* Feature to express the URL to RFC 9116 compliant documents
([#380](#380) via
[#381](#381))
* Feature to express tags/keywords for services and components (via
[#383](#383))
* Feature to express details for component authors
([#335](#335) via
[#379](#379))
* Feature to express details for component and BOM manufacturer
([#346](#346) via
[#379](#379))
* Feature to express communicate concluded values from observed
evidences ([#411](#411)
via [#412](#412))
* Features to express license acknowledgement
([#407](#407) via
[#408](#408))
* Feature to express environmental consideration information for model
cards ([#396](#396) via
[#395](#395))
* Feature to express the address of organizational entities (via
[#395](#395))
* Feature to express additional component identifiers: Universal Bill Of
Receipts Identifier and Software Heritage persistent IDs
([#413](#413) via
[#414](#414))

## Fixed

* Allow multiple evidence identities by XML/JSON schema
([#272](#272) via
[#359](#359))
  This was already correct via ProtoBuff schema.
* Prevent empty `license` entities by XML schema
([#288](#288) via
[#292](#292))
  This was already correct in JSON/ProtoBuff schema.
* Prevent empty or malformed `property` entities by JSON schema
([#371](#371) via
[#375](#375))
  This was already correct in XML/ProtoBuff schema.
* Allow multiple `licenses` in `Metadata` by ProtoBuff schema
([#264](#264) via
[#401](#401))
  This was already correct in XML/JSON schema.

## Changed

* Allow arbitrary `$schema` values by JSON schema
([#402](#402) via
[#403](#403))
* Increased max length of `versionRange` (via
[`3e01ce6`](3e01ce6))
* Harmonized length of `version` (via
[#417](#417))

## Deprecated

* Data model "Component"'s field `author` was deprecated. (via
[#379](#379))
  Use field `authors` or field `manufacturer` instead.
* Data model "Metadata"'s field `manufacture` was deprecated.
([#346](#346) via
[#379](#379))
  Use "Metadata"'s field `component`'s field `manufacturer` instead. 
  - for XML: `/bom/metadata/component/manufacturer`
  - for JSON: `$.metadata.component.manufacturer`
  - for ProtoBuf: `Bom:metadata.component.manufacturer`

## Documentation

* Centralize version and version-range (via
[#322](#322))
* Streamlined SPDX expression related descriptions (via
[#327](#327))
* Enhanced descriptions of `bom-ref`/`refType`
([#336](#336) via
[#344](#344))
* Enhanced readability of enum documentation in JSON schema
([#361](#361) via
[#362](#362))
* Fixed typo "compliment" -> "complement" (via
[#369](#369))
* Added documentation for enum "ComponentScope"'s values in JSON schema
([#293](#293) via
[`d92e58e`](d92e58e))
  Texts were a taken from the existing ones in XML/ProtoBuff schema.
* Added documentation for enum "TaskType"'s values
([#245](#245) via
[#377](#377))
* Improve documentation for data model "Metadata"'s field `licenses`
([#273](#273) via
[#378](#378))
* Added documentation for enum "MachineLearningApproachType"'s values
([#351](#351) via
[#416](#416))
* Rephrased some texts here and there.

## Test data

* Added test data for newly added use cases
* Added quality assurance for our ProtoBuf schemas
([#384](#384) via
[#385](#385))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment