Split library into targeted use cases #322
Comments
|
While I see the value of a reduced set of dependencies, based on the current implementation this goal is hard to achieve IMO, mainly because |
|
What I propose is that we take stepwise approach to splitting such as follows:
|
|
I think copying BOMs should happen in memory. Same for equality checks. That we use serialization and deserialization to copy the object-structure was a probably a lazy short cut taken at some point. That would be the first step in my oppinion. Then the question is how much the serialization-annotation can be seperated from the actual serializers. Alternatively custom annotation could work with some extra complexity.
I don't see this working. After 1.6 release we have something like 14 schemas that are all using the same model - I don't see how anybody generates that automatically. However we are limited by the actual work capacity that people put into the project. It's already a challange to keep up with the CycloneDX releases. |
|
Ok, how about this. Create 2x issues:
We use this issue to track splitting the package which we can discuss how to achieve ie should it be dedicated classes or custom attributes. Am aware that the biggest Blocker is someone to do the work, as such I am currently looking for something to work on next week as I have some days free in my schedule for OSS work and at the same time it helps me progress with #323 |
|
Sounds good to me. |
|
@mtsfoni I don't see major roadblocks in this respect. However, the aspect that you brought in, namely the work capacity, is actually a big issue. For me, this implies whatever you plan to implement needs to be very lean and robust (i.e. it should not introduce other issues or major additional testing needs). We don't want this to be burden in terms of maintainability. For the future plans, I don't like the idea too much of wrapping the serialization attributes yet into another layer. IMO already the xml and json serialization that we use are not that well documented. However, at least people that are familiar with it can easily understand the serialization mechanism used by the cyclone-dotnet-library. If we were to wrap it (apart from the fact that I don't believe it is so easy), then only people diving deep into the code will be able to understand the meaning and how to extend it. In addition, if we need a special attribute, this would lead to a large machinery of wrapping... What one could maybe do is to provide special builds, for which say all the protobuf attributes are defined as dummy attributes such that you can skip the protobuf dependency (however, I'm not yet really convinced by this idea). As a side-note, I think the term in-memory clone/comparison is actually misleading. Already now, we don't write files (i.e. it is in memory), the comparsion/clone is just not done directly on the objects (and in particular for the protobuf serialization, I would argue that the overhead is not that crucial). |
When we use CycloneDX.Core nuget, this package contains multiple different serializers even though a user is likely to only ever use 1 format and a large number of times a user will never need the spdx functionality.
As such it would be beneficial to split the library into smaller targeted libraries as follows:
In the end this will also lead to a reduction in dependencies ie protobuf is only a dependency for the protobuf package
The text was updated successfully, but these errors were encountered: