specification
specification copied to clipboard
CycloneDX
revisit environmentVar definitions
as agreed in a meeting with @mrutkows , @stevespringett , @jkowalleck
we will keep things as proposed via #222 for a while and revisit and restructure things in a breaking changes release.
see all of these:
- https://github.com/CycloneDX/specification/pull/222#discussion_r1200153093
- https://github.com/CycloneDX/specification/pull/222#discussion_r1200154690
- https://github.com/CycloneDX/specification/pull/222#discussion_r1200154845
- https://github.com/CycloneDX/specification/pull/222#discussion_r1200157832
- https://github.com/CycloneDX/specification/pull/222#discussion_r1200197410
- see #248
- see #270
yet another problem: @mrutkows mentioned that the envVars are allowed to be "string", instead of key-value(KV) pairs, for the purpose to document a POSIX variable set. This 'POSIX variable set' is not only undocumented, but in fact contra productive. have it documented and give it a format(regex), so parsers/validators know how to read it! In the end a 'POSIX variable set' is claimed to be just a certain notation of KV. Better: remove the string option entirely, use properly defined KV only.
currently valid:
{
// [...]
"environmentVars": [
{
// no issues here
"name": "foo",
"value": "bar"
},
{
// issue: empty name/value
"name": "",
"value": ""
},
{
// issue: no name
"value": "foobar"
},
{
//issue: no value
"name": "foobar"
},
{
// issue: empty object
},
// issue: `string` does not have a defined format. who knows how to create it, who knows how to use or parse it.
"bazz", // some arbitrary strig
"$HOME=/home/user1", // posix like
"$Env:Foo = 'An example'", // powershell notation
"", // empty string
// [...]
],
// [...]
}
