On Wed, 2022-02-09 at 14:27 +0000, [email protected] wrote: > On Wed, Feb 09, 2022 at 01:40:22PM +0000, Richard Purdie wrote: > > On Wed, 2022-02-09 at 13:27 +0000, [email protected] wrote: > > > Hi, > > > > > > On Wed, Feb 09, 2022 at 12:23:39PM +0000, Richard Purdie wrote: > > > > People have requested changes like this before and I rejected it as I'm > > > > worried > > > > that allowing people to customise this code will just fork the project > > > > into many > > > > different directions. > > > > > > It's the other way round. There are a lot of needs to extract metadata > > > from > > > build system into something where reports can be generated. > > > > I don't doubt that however buildhistory was written for a specific purpose > > and > > if we start adding the ability to customise it heavily we lose the ability > > for > > comparisions to be made, or sstate reuse and so on. > > > > I'm partly channelling the original author's views on this since they had > > some > > very specific thoughts on this change. I do sometimes wonder if I should > > continue doing that though :/. > > Then how should yocto users export CVE_NAME, LICENSE, PN, PV, SRC_URI etc from > the build system to generate SW bill of materials (BOM) for their product > and track progress? > > Yes, SPDX can be the other answer but I don't find that human readable or > working > out of the box atm.
buildhistory was not intended for SBOM generation, that is what create-spdx is being developed for. They have two quite different intentions and trying to turn one into the other is why I have concerns about this patch. For example, of we did go this way, next, we may need to either write a converter of buildhistory to SPDX format, or change buildhistory to use SPDX format so that it has a standard SBOM output form. This is not the direction we want/need to go. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#161566): https://lists.openembedded.org/g/openembedded-core/message/161566 Mute This Topic: https://lists.openembedded.org/mt/89018266/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
