Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi-registry/pull/148#discussion_r236859763
--- Diff:
nifi-registry-core/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/extension/ExtensionBundleVersionMetadata.java
---
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.registry.extension;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import org.apache.nifi.registry.link.LinkableEntity;
+
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotBlank;
+import javax.xml.bind.annotation.XmlRootElement;
+import java.util.Objects;
+
+@ApiModel
+@XmlRootElement
+public class ExtensionBundleVersionMetadata extends LinkableEntity
implements Comparable<ExtensionBundleVersionMetadata> {
+
+ @NotBlank
+ private String id;
+
+ @NotBlank
+ private String extensionBundleId;
+
+ @NotBlank
+ private String bucketId;
+
+ @NotBlank
+ private String version;
+
+ private ExtensionBundleVersionDependency dependency;
+
+ @Min(1)
+ private long timestamp;
+
+ @NotBlank
+ private String author;
+
+ private String description;
+
+ @NotBlank
+ private String sha256Hex;
--- End diff --
I would like to have a conversation around the cryptographic signatures so
if it's possible to add a new field fairly easily, I'm ok waiting for this to
be in. I am curious if people think there should be any checksum coverage on
the metadata for the extension as well. I like having a calculation over the
binary, but I also think there is value in ensuring the metadata values are
checked as well. Looking for feedback, but this should be independent from this
PR.
---
