Re: SPDX 3 and OE-core CycloneDX support

Home Messages Hashtags Subgroups

Alexander Kanavin #176782 On Sat, 4 Feb 2023 at 22:47, Alex Stewart <alex.stewart@...> wrote: At this point OpenEmbedded/Yocto Project has decided to go the SPDX route for various reasons. Are those reasons documented somewhere? Something about CDX rubs me the wrong way (besides it being named like an off-brand printer company), but I can't put my finger on what. So if there are technical reasons that it is less desirable for the OE usecase, I'd like to know about them. This is entirely non-technical, but what is the reason for CycloneDX to exist in the first place? SPDX is an older standard, it's managed by Linux Foundation, and yet some people decided to go off and write their own thing instead of working with SPDX to evolve that in the desired direction. And then they promote it with a long list of company logos. Xkcd's standards link would be too tired and obvious here. Alex
More All Messages By This Member

Join {openembedded-core@lists.openembedded.org to automatically receive all group messages.