Thanks Max, Yes, let's raise up feedback.
I'll look and see if I can find a direct email to Justin. Thanks, Kate On Wed, Mar 29, 2023 at 11:08 AM Maximilian Huber < [email protected]> wrote: > Hey Kate, > > Sadly I already have a found some issues which make these files > non-compliant. E.g. > > - usage of non-SPDX licenses in expressions (E.g. LGPL-3.0) > - documentDescribes points to something, which is not contained in the > document > - the example I am currently looking at fails to validate with: > Analysis exception processing SPDX file: Error parsing JSON field for > ID SPDXRef-maven-org.owasp:dependency-check-maven-8.0.1: Empty license > expression > > Less problematic: > - No relations between described elements (actually no relations at all) > > Maybe we should voice our feedback early. > > Best > Max > > On Wed, 2023-03-29 at 10:36 -0500, Kate Stewart wrote: > > Sebastian, Jack, Alexios > > > > Not sure if you've spotted this yet or not, but > > https://github.blog/2023-03-28-introducing-self-service-sboms/ > > > > This is a major enabler for making things easier for developers > > working with repos on github, to produce SBOMs in SPDX format. > > > > Can the outreach committee look at promoting it to developers, and > > making others aware of this capability? Who is on point for > > promoting this sort of thing these days? > > > > Thanks, > > Kate > > > > > > > > -- > TNG Technology Consulting GmbH, Beta-Str. 13a, 85774 Unterföhring > Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Thomas Endres > Aufsichtsratsvorsitzender: Christoph Stock > Sitz: Unterföhring * Amtsgericht München * HRB 135082 > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#760): https://lists.spdx.org/g/Spdx-outreach/message/760 Mute This Topic: https://lists.spdx.org/mt/97931258/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-outreach/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
