gtristan commented on PR #2095: URL: https://github.com/apache/buildstream/pull/2095#issuecomment-3581050563
Ok so here we are trying to interpret SPDX's misguided naming conventions making assumptions about things being "packages"... which only makes sense for "package" based "distributions", I feel we should be preferring the other non-package related fields, as we are neither a package based system (although we can be used for such), nor are we a distribution (although we can be used for such). I have a suggestion to improve clarity here... last year post-fosdem I attended an openembedded conference and Ross Burton gave a talk about generating SBoMs with yocto/poky, I believe it was spdx stuff - if this is the case, how about we at least look at what other people decided to put in those weird SPDX fields ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
