Apache9 commented on PR #4953: URL: https://github.com/apache/hbase/pull/4953#issuecomment-1387151491
This is what I've gotten in the local staging dir by running command `mvn clean deploy -DskipTests -Dcheckstyle.skip=true -DaltStagingDirectory=/home/zhangduo/sbom-staged -P apache-release,release -DskipRemoteStaging` ``` zhangduo@zhangduo-VirtualBox:~/sbom-staged/deferred/org/apache/hbase/hbase-client/3.0.0-alpha-4-SNAPSHOT$ ll -h hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.* -rw-rw-r-- 1 zhangduo zhangduo 229K 1月 18 21:53 hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.json -rw-rw-r-- 1 zhangduo zhangduo 833 1月 18 21:53 hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.json.asc -rw-rw-r-- 1 zhangduo zhangduo 196K 1月 18 21:53 hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.xml -rw-rw-r-- 1 zhangduo zhangduo 833 1月 18 21:53 hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.xml.asc ``` Seems fine, we will publish the sbom files along with other files, no more works needed. And as @ndimiduk have already pointed out, for hbase-thirdparty there is a problem that, we shade and relocate other libraries so we will miss the information when others depend on hbase-thirdparty. But anyway, I think this can be improved later. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
