Greetings all, After doing more review of the licensing components for the current SBOM model, I found a few areas which would cause incompatibilities with the SPDX model. Since we are targeting SPDX 3.0 for these model changes, incompatibilities are allowed – so this may, or may not be an issue. I would like to do a more thorough review of the model and write up an analysis for this team with some recommendations. This will take a bit of time and the end of the year is a very busy time for audits, so I likely will not get it out until the first week of January. I just wanted to give everyone a heads-up that I plan on proposing some changes. Best regards, Gary ------------------------------------------------- Gary O'Neall Principal Consultant Source Auditor Inc. Mobile: 408.805.0586 Email: gary@sourceauditor.com CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. |