Greetings all, After doing more review of the licensing components for the current SBOM model, I found a few areas which would cause incompatibilities with the SPDX model. Since we are targeting SPDX 3.0 for these model changes, incompatibilities are allowed – so this may, or may not be an issue. I would like to do a more thorough review of the model and write up an analysis for this team with some recommendations. This will take a bit of time and the end of the year is a very busy time for audits, so I likely will not get it out until the first week of January. I just wanted to give everyone a heads-up that I plan on proposing some changes. Best regards, Gary ------------------------------------------------- Gary O'Neall Principal Consultant Source Auditor Inc. Mobile: 408.805.0586 |