Hi Joe and others,Thanks for your comments. At least one of the co-authors is traveling about. It will be a little more than a week before I reply in substance.
Eliot On 14.04.22 17:38, Joe Clarke (jclarke) wrote:
A number of comments as a contributor: * The tree diagram doesn't reference RFC8340 (see RFC8407 Section 3.4)* The description of the transparency-extension grouping is a tautology. This is one of my pet peeves. Can you add more flavor here?* Replace use of s/w and h/w with software and hardware respectively.* Would it make sense to further refine your contact leafs to check for the MUST URI schemas?* Your description for sbom-url and vuln-url are different. One says statically located URI whereas the other says statically located URL. I think the latter is correct.* The type for sbom-local-well-known is an enum. Would it make sense to make this an identityref so that other schemes may be used in the future?* When you say "customers" in this document, I think "users" is a better term.* Your example in Section 5.1 also uses the "ol" extension. I think you should omit that in this draft for better clarity.* In your security considerations, I don't grok this text: In as much as the module itself is made writeable, this only indicates a change in how to retrieve what read-only elements.But it does raise a question: why are these objects read-write? I'd think they'd be more operational and read-only from a Thing or device.* Section 8: "review" is misspelled. Joe On 4/12/22 07:16, Henk Birkholz wrote:Dear OPSAWG members, this email starts a three week period for a Working Group Last Call of >https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/05/ ending on Wednesday, April 27th. The authors believe the Internet-Draft is ready for a WGLC. The draft has been discussed at meetings, as well as on the list, and review feedback has been incorporated in -05. Please send your comments to the list and your assessment of whether or not it is ready to proceed to publication before April 27th. For the OPSAWG co-chairs, Henk _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
