potiuk commented on PR #31835: URL: https://github.com/apache/airflow/pull/31835#issuecomment-1587692453
> ould we update the release process accordingly ? Maybe incorporate this to the `breeze release-management start-release`? yes. absolutely. But. I would keep it as a separate command. I am planning to update it and probably we will have to reganerate the sbom multiple times as it progresses and we narrow down/change the scope and we implement slightly different variants of them. We will likely have a variant of sboms to generate for providers, possibly one for helm chart - so rather than keeping it as part of the "release" command that does things that are specifically aimed to publish current release, this one should ratther be standalone, separate command that we can run separately and regenerate the sboms as needed. Possibly also if go into VEX (vulerability exchange) - we might want to regenerate some of those independently from the actual release process. All that leads me into thinking that this should be a separate command (which will get gradually more complex as we iterate over it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
