Dear Sebastian, > I just came across the need to capture C/C++ compiler flags that were > used to generate binaries in a software package (like GCC's "-O3" > optimization flag). How would you go about documenting this in SPDX? I > cannot seem to find a dedicated field or so, so what's your > recommendation for "misuse" of an existing field or relation?
As it happens I brought up this very topic in yesterday's Tech Team meeting! I think we might talk about this at the 'SPDX 3.0 Model Focus Session' on the 11th of March, if we have time among the other topics. A couple of ideas that were mooted in yesterday's meeting: - If the build flags all come from a build script, use a BUILD_TOOL_OF relationship - If there are implicit build flags from the environment, use an Annotation of type OTHER to the binary, including the build information in the Annotation comment field Outside of SPDX-land, you could also use Annobin during your build to include the information inside the binary itself, but if you are not the creator of the binary yourself that might be less plausible. Hope this helps! Best wishes, Sebastian -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4389): https://lists.spdx.org/g/Spdx-tech/message/4389 Mute This Topic: https://lists.spdx.org/mt/89657927/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
