Hi all https://repository.apache.org/content/repositories/orgapacheant-1069/org/apache/ant/ contains a complete set of jars with corresponding CycloneDX SBOMs.
https://github.com/apache/ant/pull/233/changes contains the set of changes plus a manual copy of a hand-built Antlib. Once the CycloneDX Antlib is released the manual step will not be necessary anymore. The only real change is one big target that defines the SBOMs. This has been less manual work then I've been afraid it would be. I had to rename a few properties so I could use one macrodef to shorten things, but I haven't really changed much of the build process. Right now I'm trying to find people I can talk to WRT SBOMs for tarballs. I'm pretty certain the SBOMs I've been creating for the Antlib itself and Ant's jars are pretty fine. I'd really appreciate it if people looked into the things I've done. Unless anything major comes up I intend to call for a vote on an Antlib release in about a week. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
