On 2021-06-04, at 13:21, L Jean Camp <[email protected]> wrote: > > Given the explicit inclusion of licensing in the data structures of SBoM I > think that SHOULD would be too strong in the case that MUD is extended to > SBoMs. Both SPDX and CyCloneDX are integrating licensing in a more nuanced > and consistent manner.
The current discussion is about the license under which a MUD file is offered, not about the licenses governing the components of an SBOM. > SHOULD would create a conflict with the extension unless there is an > alternative in the SBoM extension data. Unless you envision an SBOM for the SBOM, I think we are clear. (But we sure can try to be consistent with license description schemes employed by SBOMs. Please tell us more about those.) Grüße, Carsten _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
