Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Providing a tag for OS v2.1.0 Schema Artifacts as os-v2.1.0 #586

Open
sthagen opened this issue May 25, 2023 · 0 comments
Open

Providing a tag for OS v2.1.0 Schema Artifacts as os-v2.1.0 #586

sthagen opened this issue May 25, 2023 · 0 comments
Assignees
@sthagen @dmk42
Labels
enhancement question

Comments

@sthagen
Copy link
Contributor

sthagen commented May 25, 2023

As per an action on officers of the TC from meeting 2023-MAY-25 the commit matching the OASIS Standard SARIF v2.1.0 shall be identified and tagged accordingly.

It is normal, that the prose source version submitted, receives changes during publication via OASIS administration.

But, we should at least be able to tag the commits with schema artifacts identical to the corresponding OS artifacts.

Candidate Elicitation

Initial archeology suggests for the two schema artifacts the commit 5280a944 from 2020-MAR-04 18:18 GMT+1 with message 'Update 'latest' schema to match version submitted in call for consent.' as guaranteed earliest candidate for the os-v2.1.0 tag.

Proof

Calculating the hashes of both artifacts in comparison to the OASIS Standard artifacts at
https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-external-property-file-schema-2.1.0.json and https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-schema-2.1.0.json respectively yields pairs of identical values.

Example BLAKE3

b3sum sarif-schema-2.1.0-os-docs-20200327.json sarif-schema-2.1.0-os-cand-commit-5280a944-20200304.json
4a2532abcfd924134932be1785cea9496725e4f5d4bb938ddde7c5fb1cb34345  sarif-schema-2.1.0-os-docs-20200327.json
4a2532abcfd924134932be1785cea9496725e4f5d4bb938ddde7c5fb1cb34345  sarif-schema-2.1.0-os-cand-commit-5280a944-20200304.jsonb3sum sarif-external-property-file-schema-2.1.0-os-docs-20200327.json sarif-external-property-file-schema-2.1.0-os-cand-commit-5280a944-20200304.json
5d582cbb37a8a5198a41537f9f4fada60bd9f080fc7026f117dd6664a3ff4d6f  sarif-external-property-file-schema-2.1.0-os-docs-20200327.json
5d582cbb37a8a5198a41537f9f4fada60bd9f080fc7026f117dd6664a3ff4d6f  sarif-external-property-file-schema-2.1.0-os-cand-commit-5280a944-20200304.json

Proposal

Tag commit 5280a944 from 2020-MAR-04 18:18 GMT+1 with message 'Update 'latest' schema to match version submitted in call for consent.' as os-v2.1.0.

Rationale:

As the repository has been reorganized in September 2021 (deleting the schema files and restoring these in July 2022) there is no benefit in tagging a later commit for marking the schema files.
@sthagen sthagen changed the title Providing a tag for OS v2.1.0 as os-v2.1.0 Providing a tag for OS v2.1.0 Schema Artifacts as os-v2.1.0 May 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sthagen sthagen

@dmk42 dmk42

Labels
enhancement question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sthagen @dmk42