On Fri, 2026-03-20 at 17:49 +0100, [email protected] wrote: > From: Stefano Tondo <[email protected]> > > This series enhances SPDX 3.0 SBOM generation with enriched > metadata, ecosystem-specific Package URLs, and compliance > improvements. > > Changes since v9 (addressing Richard Purdie's review): > > 3/7: Use =+ instead of :prepend when extending > SPDX_PACKAGE_URLS from recipe classes. > > Stefano Tondo (7): > spdx30: Add configurable file exclusion pattern support > spdx30: Add supplier support for image and SDK SBOMs > spdx30: Add ecosystem-specific PURL generation via bbclasses > spdx30: Enrich source downloads with version and PURL > oeqa/selftest: Add tests for source download enrichment > cve_check: Escape special characters in CPE 2.3 strings > spdx-common: Add documentation for undocumented SPDX variables
Thanks for this. I did notice that a couple of these have merged into master. We also merged Joshua's patches which these ones depend upon in order for the tests to pass. Could you rebase and resend and hopefully we can finish getting these merged? Thanks, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#233628): https://lists.openembedded.org/g/openembedded-core/message/233628 Mute This Topic: https://lists.openembedded.org/mt/118421216/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
