taleodor commented on issue #614: URL: https://github.com/apache/tooling-trusted-releases/issues/614#issuecomment-3922565679
There are currently 3 implementations that I'm aware of (I'm building the first 2 in the list, also the list is expected to grow as we are proceeding with standardization): 1. Oolong - https://github.com/relizaio/oolong (simplest implementation, stores data as collection of YAML files and serves them via API) 2. ReARM - https://github.com/relizaio/rearm 3. sbomify - https://github.com/sbomify/sbomify Also, supporting TEA implies maintaining a TEA server. TEA also provides structure to tie component releases to a single product release, like those maven packages you linked. [Here](https://demo.rearmhq.com/tea/v0.2.0-beta.2/productRelease/a351d7c6-a9d1-4a05-9c4c-db92a4916519) is a sample base API response for a product release on ReARM Demo that includes 8 versioned component releases (it seems like this would be 105 rather than 8 component releases in your case). There are additional API calls to be made from here to get details per each component release. To see visualization, you can refer to [this link](https://demo.rearmhq.com/release/show/a351d7c6-a9d1-4a05-9c4c-db92a4916519) - which is the same data with with all underlying calls pre-made and visualized (note that this link requires registration, which is public). Also, I'd like to mention that if you figure out PURLs properly, adding TEA on top of that at a later time would be much easier process. As, essentially, you would be using PURL-based TEIs, which are PURLs + authoritative domain. P.s. I offered earlier to few people at ASF, based on Piotr's referrals, to work together on implementing this logic, but haven't heard back. If there is interest, I'm happy to connect / support the effort (I'm working for about 7 years now on how to tie things together in release-centric view). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
