Olle E. Johansson

icon indicating a website link https://www.linkedin.com/in/ollejohansson/ icon indicating an email [email protected]

icon company Edvina AB - @edvinanet icon location Sollentuna, Sweden icon location Working with realtime communication, software supply chain security, PKI and more. Active in IETF, OWASP and in the kamailio.org Open Source SIP server project

Results 151 comments of Olle E. Johansson

Can TEA be used to discover *new* versions of a library

This was raised during our meeting. I think it is doable.

Can TEA be used to discover *new* versions of a library

Example added to api-flow

Can you promote a `pre-release` leaf?

There are two cases here: * Software with a release candidate. The release is different from the rc so that's a new leaf, new UUID. * Software where the release...

Can you promote a `pre-release` leaf?

Steve: Make it changeable - it's basically a life cycle event

Can you promote a `pre-release` leaf?

During the meeting we suggested that a leaf can be promoted to production version, but add implementation guide that there should not be support for flagging a production version as...

Define terminology

I think the product is something the manufacturer hands over to the user. The same product can have many names and a "product" can be a bundle of many bundles...

Define terminology

I don't see any reason to separate BOMs from other files in phase one. Did you have any specific reason for doing so?

Define terminology

Stuff that happens when you're on holiday. ha ha :-) I still think we need one attachment object - could be that we have additional attributes for BOMs, like the...

Define terminology

Checked https://github.com/CycloneDX/transparency-exchange-api/pull/22/files and I already had an optional BOM identifier in the definition of an artefact.

Define terminology

@goneall thank you for your feedback. There is a use case document in the repository if you are interested. I also have a pull request adding to it.