OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [sarif] SARIF spec and schema versioning

Jim:
I've been running into the same issue myself with both exporting and importing, so thank you for proposing we bring order to this. 


On 9/26/2018 3:52 PM, James Kupsch wrote:

After the meeting today, Michael, Larry and I discussed how producers
can declare and consumers identify the changing draft of the SARIF
specification used to construct a SARIF file.  Right now all SARIF files
identify themselves as 2.0.0 (which clearly they are not).

Our proposal is the following unless there are objections:

1) The SARIF draft version will be of the form 2.0.0-beta.YYYY.MM.DD
where YYYY, MM and DD are numeric values indicating the draft revision
of SARIF.  This is valid semantic version that is before 2.0.0.
If I understand correctly, you are proposing that this is the form of the string that will show up in the "version" property of the top-level object. Is that right? Is this format then part of the standard? 
2) Upon final specification approval the version will change to "2.0.0".

3) We do not believe that we need to support current producers that have
used "2.0.0" for a version.

4) Producers SHALL use the draft version to indicate the version they
produce.

5) The Provisional draft and schema will be updated to reflect this.  I
will leave this up to Larry.

6) The git repository will be tagged with the draft version so you can
retrieve the Provisional Draft and schema after committing the
Provisional draft document and JSON schema with approved changes from
the TC.


Let us know if you have any comments, and Michael and Larry let me know
if forgot anything or got anything wrong.
I'm coordinating some work on producers; I decided that we would all work on the same draft version, and that it would be one of the first versions that to come right after the TC had accepted the proposed changes for the externalized files as that appeared to be the most pervasive change that was pending. I was wondering if we should have a new Committee Specification Draft, and for that to be the one we work with. It would be more stable than an arbitrarily chosen date. Does that make sense? Is that what CSDs are intended for? 

-Paul

--
Paul Anderson, VP of Engineering, GrammaTech, Inc.
531 Esty St., Ithaca, NY 14850
Tel: +1 607 273-7340 x118; http://www.grammatech.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]