Some general observations/questions on the specs
RobMarion opened this issue · comments
Some of these are questions and some are observations.
At https://github.com/omnibor/spec/blob/main/GITOID_URI_SPEC.txt
line 14: what does "See previous answer" mean?
line 35: "A gitoid URI identifies a git object independent of any particular git repository." Does this only refer to git type repos? What about something like Artifactory? Would that be in scope?
line 35: Would an example be useful?
line 35: "Given a byte array and a gitoid, it should be possible ..." Is there a better wording than 'byte array'? Are we talking about any file and just calling that a byte array? Confused.
line 35: the word "should" appears twice. If it is not possible to be definitive, can we explain what we are uncertain about?
line 41: Add/Modify: "The use of URIs does not inherently provide any security. See Section 7 of RFC 3986 for a description of URI and security concerns."
In https://github.com/omnibor/spec/blob/main/SPEC.md
line 6: change url from gitbom to omnibor
line 29: "Type text" --> The intro is missing
line 88: extraneous "]"
In general: are the four Git Object types: blob, tree, commit, tag mentioned anywhere?
Section beginning on line 177: Should you mention OmniBOR Identifier Embedding? (https://omnibor.io/glossary/omnibor/#omnibor-identifier)
line 6: change url from gitbom to omnibor
line 29: "Type text" --> The intro is missing
line 88: extraneous "]"
Section beginning on line 177: Should you mention OmniBOR Identifier Embedding? (https://omnibor.io/glossary/omnibor/#omnibor-identifier)
In general: are the four Git Object types: blob, tree, commit, tag mentioned anywhere?
No, is there a place we should mention them?
At https://github.com/omnibor/spec/blob/main/GITOID_URI_SPEC.txt
line 14: what does "See previous answer" mean?
In context:
Lines 10 to 14 in 9f1175a
"See previous answer" refers to the specification of 'Scheme Controller'
line 35: "A gitoid URI identifies a git object independent of any particular git repository." Does this only refer to git type repos? What about something like Artifactory? Would that be in scope?
I'm not entirely sure I completely follow the question, but a gitoid identifies a byte array no matter how/where its persisted.
line 35: "Given a byte array and a gitoid, it should be possible ..." Is there a better wording than 'byte array'? Are we talking about any file and just calling that a byte array? Confused.
A file is just a particular way of persisting a byte array. The reason 'byte array' was used is because most programming languages have a means of expressing an array of bytes (8 bit numbers) and most of the algorithms involved reason in terms of an array of bytes. Part of why 'file' wasn't used here is that the same byte array whether persisted in a file, a database field, an HTTP message, or chiseled in stone on the side of a mountain would have the same gitoid.
line 35: the word "should" appears twice. If it is not possible to be definitive, can we explain what we are uncertain about?
Good catch. The 'should' was completely spurious, removed here:
line 41: Add/Modify: "The use of URIs does not inherently provide any security. See Section 7 of RFC 3986 for a description of URI and security concerns."
Much much much clearer. Many thanks. See:
Closing, as it looks like we've resolved the proposed changes @RobMarion had.