You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I'm not sure if this is a feature request or not, but anyway I thought it's a good idea to consider
adding SPDX header lines to SpringQL source code files
so that SpringQL can get ready for SBOM (Software BOM) management requirements
in various industries (such as automotive).
Describe the solution you'd like
Simply add SPDX header lines.
For example, in case of Linux kernel, you can find an example at the top line of kernel/sched/sched.h:
@thatsdone Thank you for your suggestion. We would like to support it.
We believe dependency management should be critically important for system softwares in auto motives and we agree with agree with the objectives of SBOM.
I'm not sure if this is a feature request or not
This should be new feature for SpringQL's users since they can manage the dependency to SpringQL following the SPDX spec.
Is your feature request related to a problem? Please describe.
I'm not sure if this is a feature request or not, but anyway I thought it's a good idea to consider
adding SPDX header lines to SpringQL source code files
so that SpringQL can get ready for SBOM (Software BOM) management requirements
in various industries (such as automotive).
Describe the solution you'd like
Simply add SPDX header lines.
For example, in case of Linux kernel, you can find an example at the top line of kernel/sched/sched.h:
https://github.com/torvalds/linux/blob/master/kernel/sched/sched.h#1
Describe alternatives you've considered
There are various discussions regarding SBOM.
For example,
https://www.openbom.com/blog/software-bill-of-materials-bom-3-reasons-manufacturing-companies-should-start-managing-sbom-in-2021
But, anyway SPDX activity is under the umbrella of the Linux Foundation,
https://spdx.dev/
and it's a part of ISO standard since September 2021:
https://spdx.dev/spdx-specification-is-now-an-iso-standard/
So, I think SPDX is an enough reasonable choice.
The text was updated successfully, but these errors were encountered: