Hello, I was reading a thread about Package Supplier field clarification from late last year and was hoping to get even further clarification as we add this information to Tern’s SPDX documents. Regarding Sebastian’s reply here<https://lists.spdx.org/g/Spdx-tech/message/4815> which says Red Hat would be the supplier of RHEL packages -- would we use the entity/owner of the package manager as the package supplier? For example, packages installed via “apt install” = “Organization: Ubuntu” package supplier? And packages installed via pip would be “Organization: PyPI” for the supplier; packages installed using apk = “Organization: Alpine” supplier, etc?
Thanks in advance, Rose -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4942): https://lists.spdx.org/g/Spdx-tech/message/4942 Mute This Topic: https://lists.spdx.org/mt/96551804/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
