Apply suggestions from code review

sethmlarson · hugovk · web-flow · commit e0e93b381990 · 2025-01-03T10:48:42.000-06:00
Co-authored-by: Hugo van Kemenade &lt;1324225+hugovk@users.noreply.github.com&gt;
diff --git a/peps/pep-770.rst b/peps/pep-770.rst
@@ -7,12 +7,12 @@ Discussions-To: https://discuss.python.org/t/70261
 Status: Draft
 Type: Standards Track
 Topic: Packaging
-Created: 15-Nov-2024
+Created: 02-Jan-2025
 
 Abstract
 ========
 
-Software Bill-of-Materials (SBOM) are a technology-and-ecosystem-agnostic
+Software Bill-of-Materials (SBOM) is a technology-and-ecosystem-agnostic
 method for describing software composition, provenance, heritage, and more.
 SBOMs are used as inputs for software composition analysis (SCA) tools,
 such as scanners for vulnerabilities and licenses, and have been gaining
@@ -120,12 +120,12 @@ Specification
 
 The changes necessary to implement this PEP include:
 
-* Additions to `Core Metadata <770-spec-core-metadata>`_, as defined in the
-  `Core Metadata specification <coremetadataspec>`__.
+* Additions to `Core Metadata <770-spec-core-metadata_>`_, as defined in the
+  `Core Metadata specification <coremetadataspec_>`__.
 * Additions to the author-provided
-  `project source metadata <770-spec-source-metadata>`_, as defined in the
+  `project source metadata <770-spec-project-source-metadata_>`_, as defined in the
   `pyproject.toml specification <pyprojecttoml_>`__.
-* `Additions <770-spec-project-formats>`_ to the source distribution (sdist),
+* `Additions <770-spec-project-formats_>`_ to the source distribution (sdist),
   built distribution (wheel), and installed project specifications.
 
 In addition to the above, an informational PEP will be created for tools
@@ -151,7 +151,7 @@ As `specified by this PEP <#770-spec-project-formats>`__, its value is also
 that file's path relative to the root SBOM directory in both installed projects
 and the standardized Distribution Package types.
 
-If a ``Sbom-File`` is listed in a
+If an ``Sbom-File`` is listed in a
 :term:`Source Distribution <Source Distribution (or "sdist")>` or
 :term:`Built Distribution`'s Core Metadata:
 
@@ -168,7 +168,7 @@ If a ``Sbom-File`` is listed in a
 * SBOM document contents MUST be UTF-8 encoded JSON according to :rfc:`8259`.
 * SBOM document contents MUST use an SBOM standard, and for better
   interoperability SHOULD be a well-known SBOM standard such as
-  `CycloneDX <cyclonedx>`_ or `SPDX <spdx>`_.
+  `CycloneDX <cyclonedxspec_>`_ or `SPDX <spdxspec_>`_.
 * The "primary" component being described in included SBOM documents MUST be the
   Python package. This is achieved in CycloneDX using the ``metadata.component``
   field and in SPDX using the ``DESCRIBES`` relationship.
@@ -233,7 +233,7 @@ Build tools:
   pattern contains invalid glob syntax.
 * MUST include all files matched by a listed pattern in all distribution
   archives.
-* MUST list each matched file path under a ``Sbom-File`` field in the
+* MUST list each matched file path under an ``Sbom-File`` field in the
   Core Metadata.
 * MUST raise an error if any individual user-specified pattern does not match
   at least one file.
@@ -272,7 +272,7 @@ must be used.
     [project]
     sbom-files = ["bom{.json*"]
 
-Reason: "bom{.json" is not a valid glob.
+Reason: ``bom{.json`` is not a valid glob.
 
 .. _770-spec-project-formats:
 
@@ -281,7 +281,7 @@ SBOM files in project formats
 
 A few additions will be made to the existing specifications.
 
-:term:`Project source tree`\s
+:term:`Project source trees <Project source tree>`
   Per :ref:`639-spec-source-metadata` section, the
   `Declaring Project Metadata specification <pyprojecttoml_>`__
   will be updated to reflect that SBOM file paths MUST be relative to the
@@ -290,28 +290,25 @@ A few additions will be made to the existing specifications.
   e.g. ``setup.py``, ``setup.cfg``, etc).
 
 :term:`Source distributions (sdists) <Source Distribution (or "sdist")>`
-
   The sdist specification will be updated to reflect that if the
   ``Metadata-Version`` is ``2.5`` or greater, the sdist MUST contain any SBOM
   files specified by the ``Sbom-File`` field in the ``PKG-INFO`` at their
   respective paths relative to the sdist (containing the ``pyproject.toml`` and
   the ``PKG-INFO`` Core Metadata).
 
-:term:`Built distribution`\s (:term:`wheel`\s)
-
+:term:`Built distributions <Built distribution>` (:term:`wheels <wheel>`)
   The wheel specification will be updated to reflect that if the
   ``Metadata-Version`` is ``2.5`` or greater and one or more ``Sbom-File``
-  fields are specified, the ``.dist-info`` directory MUST contain a ``sboms``
+  fields are specified, the ``.dist-info`` directory MUST contain an ``sboms``
   subdirectory, which MUST contain the files listed in the ``Sbom-File`` fields
   in the ``METADATA`` file at their respective paths relative to the ``sboms``
   directory.
 
-:term:`Installed project`\s
-
+:term:`Installed projects <Installed project>`
   The Recording Installed Projects specification will be updated to reflect that
   if the ``Metadata-Version`` is ``2.5`` or greater and one or more
   ``Sbom-File`` fields is specified, the ``.dist-info`` directory MUST contain
-  a ``sboms`` subdirectory which MUST contain the files listed in the
+  an ``sboms`` subdirectory which MUST contain the files listed in the
   ``Sbom-File`` fields in the ``METADATA`` file at their respective paths
   relative to the ``sboms`` directory, and that any files in this directory MUST
   be copied from wheels by install tools.
@@ -356,7 +353,7 @@ SBOM generation tools and vulnerability scanners.
 
 Most Python packages don't contain code from other software components and thus
 are already measurable by SCA tools without the need of this standard or
-additional SBOM documents. Pure-Python packages are about `~90% <pypi-data>`__
+additional SBOM documents. Pure-Python packages are about `~90% <pypi-data_>`__
 of popular packages on PyPI.
 
 For projects that do contain other software components, documentation will be
@@ -365,15 +362,15 @@ SBOM documents for Python packages in source code.
 
 A follow-up informational PEP will be authored to describe how to transform
 Python packaging metadata, including the mechanism described in this PEP,
-into a SBOM document describing Python packages.
+into an SBOM document describing Python packages.
 
 Reference Implementation
 ========================
 
-* `Auditwheel fork <https://sethmlarson.dev/early-promising-results-with-sboms-and-python-packages>`_
-  which generates CycloneDX SBOM documents to include in wheels describing
-  bundled shared library files. These SBOM documents worked as expected for the
-  Syft and Grype SBOM and vulnerability scanners.
+`Auditwheel fork <https://sethmlarson.dev/early-promising-results-with-sboms-and-python-packages>`_
+which generates CycloneDX SBOM documents to include in wheels describing
+bundled shared library files. These SBOM documents worked as expected for the
+Syft and Grype SBOM and vulnerability scanners.
 
 Rejected Ideas
 ==============
@@ -382,7 +379,7 @@ Why not require a single SBOM standard?
 ---------------------------------------
 
 Most discussion and development around SBOMs today focuses on two SBOM
-standards: `CycloneDX <cyclonedx>`_ and `SPDX <spdx>`_. There is no clear
+standards: `CycloneDX <cyclonedxspec_>`_ and `SPDX <spdxspec_>`_. There is no clear
 "winner" between these two standards, both standards are frequently used by
 projects and software ecosystems.
 
@@ -415,16 +412,16 @@ References
 .. _phantom dependency: https://www.endorlabs.com/learn/dependency-resolution-in-python-beware-the-phantom-dependency
 .. _coremetadataspec: https://packaging.python.org/specifications/core-metadata
 .. _pyprojecttoml: https://packaging.python.org/en/latest/specifications/pyproject-toml/
-.. _spdx: https://spdx.dev/use/specifications/
-.. _cyclonedx: https://cyclonedx.org/specification/overview/
+.. _spdxspec: https://spdx.dev/use/specifications/
+.. _cyclonedxspec: https://cyclonedx.org/specification/overview/
 .. _pypi-data: https://github.com/sethmlarson/pypi-data
 
 Acknowledgements
 ================
 
-* Thanks to Karolina Surma for authoring and leading :pep:`639` to acceptance.
-  This PEP copies the specification from :pep:`639` for specifying files in
-  project source metadata, Core Metadata, and project formats is based on.
+Thanks to Karolina Surma for authoring and leading :pep:`639` to acceptance.
+This PEP copies the specification from :pep:`!639` for specifying files in
+project source metadata, Core Metadata, and project formats is based on.
 
 Copyright
 =========
