Re: [OE-core] SPDX Data Fields in Open Embedded

Wed, 06 Oct 2021 07:55:57 -0700 

On Wed, Oct 6, 2021 at 9:44 AM Christopher Lusk <cl...@lenovo.com> wrote:

> Hello all,
>
>
>
> I am reaching out to inquire about an issue I have experienced as it
> relates to SPDX output from the oe-core build process and specifically the
> create-spdx.bbclass output.  The data fields in the output that I have
> produced do not line up with the SPDX data field standards (see below) set
> forth by the Linux Foundation.
>
>
>
> My question is if there are plans to update the create-spdx code so that
> the output fields align with those set forth by both NTIA and Linux
> Foundation?
>
>
>
> *SPDX Mapped Field*
>
> PackageSupplier:
>
> PackageName:
>
> PackageVersion:
>
> SPDXID:
>
> Relationship: CONTAINS
>
> Creator:
>
> PackageChecksum:
>
>
>

Can you be a little more specific and possibly provide examples of what you
are expecting to see and what it is actually generating? We are trying to
adhere to the SPDX spec, but it is possible there is something we
misinterpreted or are doing incorrectly.


> Source -
> https://www.ntia.gov/files/ntia/publications/ntia_sbom_formats_and_standards_whitepaper_-_version_20191025.pdf
>
>
>
> Thanks.
> ------------------------------
>
> *Christopher D. Lusk*
> Product Security Analyst
> Product Security Office
> Lenovo
>
>
> [image: Email]cl...@lenovo.com
>
>
>
> Lenovo.com <http://www.lenovo.com/>
> Twitter <http://twitter.com/lenovo> | Instagram
> <https://instagram.com/lenovo> | Facebook <http://www.facebook.com/lenovo>
>  | Linkedin <http://www.linkedin.com/company/lenovo> | YouTube
> <http://www.youtube.com/lenovovision> | Privacy
> <https://www.lenovo.com/gb/en/privacy-selector/>
>
>
>
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156696): 
https://lists.openembedded.org/g/openembedded-core/message/156696
Mute This Topic: https://lists.openembedded.org/mt/86121582/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to