All, I've started to look at using SPDX 3 documents as in-toto predicates for attestation of builds (i.e. SLSA). As part of this, I noticed that the in-toto predicate definition for SPDX was missing any information about SPDX 3, so I made a pull requests to update it: https://github.com/in-toto/attestation/pull/508
Please look this over and let me know if any changes should be made (I'll also put it on the agenda for the next technical call). Thanks, Joshua Watt -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6043): https://lists.spdx.org/g/Spdx-tech/message/6043 Mute This Topic: https://lists.spdx.org/mt/116584643/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
