Ben Spiller

Thanks. I think for the use case where you are happy for every single file to be listed (e.g. to find out what package each is part of) you simply...

Thanks that's very helpful! I'm really glad non-encoded is an option. I did quite carefully read all the spec (including the part you quoted) yesterday - multiple times :) -...

We're having a debate about this on https://github.com/CycloneDX/cyclonedx-core-java/issues/100 where it seems the main Java library for CycloneDX has taken a different interpretation of the encoding question.

Aha, well that's a shame. But thanks for clarifying, much appreciated! Given several of us have come to different conclusions about what the current spec means it's certainly valuable to...

Yes you can include any text, but it's not human readable.... so although you're 99% of the way to having a really useful file format that can both list the...

> > As of CycloneDX 1.5, the encoding is indeed optional now, no default value anymore. > > Hmm. Does that mean that depending on the specification / schema level...

Not sure that transforming whitespace (but ignoring characters like ? < > ) really counts of input validation? Unless the API documents that it is making a transformation, I think...

Thanks for the explanation. I didn't spot that when I was looking over the license. Wow wouldn't life be simpler if more third party authors could could just pick a...