> It would be recommended to use both formats, although at Logging > Services we admittedly only use CycloneDX, because it is reproducible[4] > and has an ASF maintainer (Hervé).
If it ever becomes relevant for Rust based projects: I'm one of the maintainers of the cyclonedx-rust-cargo plugin: https://github.com/CycloneDX/cyclonedx-rust-cargo --------------------------------------------------------------------- To unsubscribe, e-mail: security-discuss-unsubscr...@community.apache.org For additional commands, e-mail: security-discuss-h...@community.apache.org
