Hi Sebastian (and Sebastian), I had looked at a similar question when implementing the SPDX generator for Zephyr. Agree with all the ideas shared in this thread already. I wasn't on the tech call yesterday, but just throwing another thought out there:
For Zephyr, it creates GENERATED_FROM relationships between a source file and its compiled object file; and then STATIC_LINK relationships to document how the compiled object files are linked together into the final binaries. Each SPDX Relationship can also have an optional RelationshipComment field. So if you're using relationships in this way, you could consider storing the compiler / build flags in the appropriate RelationshipComment field, so that they're more specifically tied to the act of compilation that's reflected in each such relationship. It isn't doing this in Zephyr currently but I could envision adding something like that. I'm guessing that this is the sort of thing that could benefit from actual fields in a "build" profile or similar for SPDX 3.0. :) Steve On Wed, Mar 9, 2022 at 10:15 AM Sebastian Schuberth <[email protected]> wrote: > On Wed, Mar 9, 2022 at 1:13 PM Sebastian Crane <[email protected]> > wrote: > > > - If there are implicit build flags from the environment, use an > > Annotation of type OTHER to the binary, including the build > > information in the Annotation comment field > > Good idea, I'll go for that, thanks a lot! > > -- > Sebastian Schuberth > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4391): https://lists.spdx.org/g/Spdx-tech/message/4391 Mute This Topic: https://lists.spdx.org/mt/89657927/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
