Add proto definition for vuln predicate type #345
Conversation
hectorj2f
force-pushed
the
vuln-att-protos
branch
from
48ea84a
to
0d02476
Compare
|
related to #268 |
There was a problem hiding this comment.
Thanks for sending this.
Besides the other comments, have you by any chance generated any json with this? Could you provide a sample? it would be nice to compare it against the example https://github.com/in-toto/attestation/blob/main/spec/predicates/vuln.md#example
|
Friendly ping on this PR. @hectorj2f Could you please remove the generated Go/Python/Java files and add an entry for this proto here? then I think your PR will be pretty much ready to go. |
|
@marcelamelara Yes, I'll do it. |
hectorj2f
force-pushed
the
vuln-att-protos
branch
from
0d02476
to
cd455a3
Compare
|
I think something might have gotten a bit screwy with the git commits (I've done this myself for sure). When I look at 'Files Changed' it doesn't look like anything has changed since our earlier comments? |
|
I'm confused now. I followed what @marcelamelara commented above remove all the generated go/python and java code and leave the entry in protos. |
|
If I understand correctly, having only the .proto file is what Tom had originally requested. But there may have been some edits to that proto file that were lost when the auto-generated files were removed? I only see 1 commit in this PR right now. Separately, I also had requested a minor documentation update to the /protos/README.md file. This way this new proto is included in that list. |
|
One final question (which can be addressed in a separate PR, I think) is about the predicate type URI for this predicate. Right now, in the vuln predicate spec it's listed as @hectorj2f What do you think? Is this a concern? |
Signed-off-by: hectorj2f <[email protected]>
Signed-off-by: hectorj2f <[email protected]>
Signed-off-by: hectorj2f <[email protected]>
Signed-off-by: hectorj2f <[email protected]>
|
@marcelamelara Let's change vuln to vulns wherever we use it as part of a different PR. |
Signed-off-by: hectorj2f <[email protected]>
hectorj2f
force-pushed
the
vuln-att-protos
branch
2 times, most recently
from
bcbd48e
to
ffffbc7
Compare
Signed-off-by: hectorj2f <[email protected]>
hectorj2f
force-pushed
the
vuln-att-protos
branch
from
ffffbc7
to
69d0fa5
Compare
Signed-off-by: hectorj2f <[email protected]>
hectorj2f
force-pushed
the
vuln-att-protos
branch
from
4fcf62d
to
044ba49
Compare
|
@marcelamelara @lumjjb I've applied some of the changes you proposed. |
There was a problem hiding this comment.
Thanks so much for the updates @hectorj2f ! At this point the changes I'm requesting are just some small documentation fixes.
hectorj2f
force-pushed
the
vuln-att-protos
branch
from
0536b6d
to
3b11a0b
Compare
Signed-off-by: hectorj2f <[email protected]>
hectorj2f
force-pushed
the
vuln-att-protos
branch
from
3b11a0b
to
1e238a8
Compare
|
I appreciate these changes, but the one big problem I see is that it erases the old 'vuln v0.1' predicate and replaces it with this new one. There are folks that are using the old predicate (however flawed it might be me), we should keep that copy around for them to reference. So a couple requests:
|
Signed-off-by: hectorj2f <[email protected]>
hectorj2f
force-pushed
the
vuln-att-protos
branch
from
35cdce3
to
297a7fc
Compare
|
@TomHennen I believe I've made all your requested changes. |
|
Thank you! And I'm so sorry it took me so long to get back to this. I missed the email about the update. :( |
This PR adds a proto definition for the vuln predicate type. This was pending since we added the vuln predicate type and it is needed to update the cosign vuln predicate types.