Add in ReleaseDate, BuiltDate, and ValidUntilDate as optional fields #709
Conversation
These fields will be in the Usage Profile in SPDX 3.0, however there is a need for them today to support some of the SBOM use cases. In particular the FDA guidance is asking for an "End of Support" date, which the ValidUntilDate will satisfy. Moving these into a 2.3 specific pull request. Signed-off-by: Kate Stewart <kate.stewart@att.net>
fix copy/paste errors
|
@kestewart Are there any other tags for packages or files that are not prefixed by |
@kestewart I did some research on the parsers and there is no issue with the naming as proposed as long as we don't use the same property name for a file. The current proposal is just for packages, so we are fine. I do like the current naming proposal since it is compatible with the JSON and RDF notations. |
|
@kestewart - Please add the DCO sign-off |
|
@goneall - hand holding please - I tried to add it (see initial comment), but something in my config needs to be updated it seems. |
|
Hello @kestewart -san, I reviewed your commits and discussed about it with @NorioKobota -san. I agree with your summarized proposal and I will gladly add "Signed-off-by:" to this comment. If it need to other explicit commit action with signed-off-by field or other operation to package-information.md on specific branch, please let me know. Signed-off-by: Yoshiyuki Ito yoshiyuki.ito.ub@renesas.com |
|
@goneall, please review and merge if you're ok with the explanation provided. |
|
Thanks for the explanation Kate; I'll leave an 'approve' review now.
|
These fields will be in the Usage Profile in SPDX 3.0, however there is a need for them today to support some of the SBOM use cases. In particular the FDA guidance is asking for an "End of Support" date, which the ValidUntilDate will satisfy. Moving these into a 2.3 specific pull request.
Signed-off-by: Kate Stewart kate.stewart@att.net