Yocto 2.6, spdxscanner..



1. Are any meta-spdxscanner alternative solutions provided by Yocto
for software bill of materials generation?
2. What level of maturity do artifacts generated by meta-spdxscanner
version used in YP 2.6 show? Any kind of artifacts needed for to OSS compliance
requirements still not collected by spdxscanner in mentioned YP version?
To put in other words: How safe is it to rely merely on mentioned compound
to be at the end of day compliant with OSS obligations?
Distribution comprised from more than 200 packages is built hence
we speak about potentially very wide range of open source licensing types
for packages used in distribution.
3. How might feasibility of backporting spdxscanner versions to Yocto 2.6 look like?


Join openembedded-architecture@lists.openembedded.org to automatically receive all group messages.