transparency-exchange-api icon indicating copy to clipboard operation
transparency-exchange-api copied to clipboard
Published 2 months ago verified publisher icon CycloneDX

Bring back Artifact author to the Spec

Open taleodor opened this issue 7 months ago • 4 comments

Looks like the author field has been removed from the Artifact object, while it only needed to be removed from the Collection object.

Ref: https://github.com/CycloneDX/transparency-exchange-api/commit/a7391972ad7c59572e1a47681aeb2ec5ebe380d1

This should be re-introduced in the Artifact object.

taleodor avatar May 10 '25 12:05 taleodor

The author field was never in the Artifact object.

Artifacts will have an author inside the document itself, do we need to copy it to the TEA Artifact?

ppkarwasz avatar May 10 '25 13:05 ppkarwasz

Check the commit I referenced - it was previously part of the Artifact object. And I think we discussed on the meeting yesterday that it is needed per some regulations. Would like @oej to comment though.

I don't think this is required for Beta 1 in any case.

taleodor avatar May 10 '25 13:05 taleodor

Check the commit I referenced - it was previously part of the Artifact object.

My bad, it was part of TEA Artifact, but it was the only place author appeared. In the meeting we could not have talked about any other field.

Author is required by some regulations, but it is already present in SBOMs and other CycloneDX regulations.

ppkarwasz avatar May 10 '25 14:05 ppkarwasz

Ok, so the question becomes whether we want to expose it outside of the document and as part of TEA. For some reason, I thought we were discussing on the meeting yesterday that the answer is "yes", but looks like we need to revisit. Hopefully, post-Beta.

taleodor avatar May 10 '25 14:05 taleodor