-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add in ReleaseDate, BuiltDate, and ValidUntilDate as optional fields #709
Conversation
These fields will be in the Usage Profile in SPDX 3.0, however there is a need for them today to support some of the SBOM use cases. In particular the FDA guidance is asking for an "End of Support" date, which the ValidUntilDate will satisfy. Moving these into a 2.3 specific pull request. Signed-off-by: Kate Stewart <kate.stewart@att.net>
fix copy/paste errors
@kestewart Are there any other tags for packages or files that are not prefixed by |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No objections to this being merged except for my comment about naming below. 😃
@kestewart I did some research on the parsers and there is no issue with the naming as proposed as long as we don't use the same property name for a file. The current proposal is just for packages, so we are fine. I do like the current naming proposal since it is compatible with the JSON and RDF notations. |
@kestewart - Please add the DCO sign-off |
@goneall - hand holding please - I tried to add it (see initial comment), but something in my config needs to be updated it seems. |
Hello @kestewart -san, I reviewed your commits and discussed about it with @NorioKobota -san. I agree with your summarized proposal and I will gladly add "Signed-off-by:" to this comment. If it need to other explicit commit action with signed-off-by field or other operation to package-information.md on specific branch, please let me know. Signed-off-by: Yoshiyuki Ito yoshiyuki.ito.ub@renesas.com |
@goneall, please review and merge if you're ok with the explanation provided. |
Thanks for the explanation Kate; I'll leave an 'approve' review now.
|
These fields will be in the Usage Profile in SPDX 3.0, however there is a need for them today to support some of the SBOM use cases. In particular the FDA guidance is asking for an "End of Support" date, which the ValidUntilDate will satisfy. Moving these into a 2.3 specific pull request.
Signed-off-by: Kate Stewart kate.stewart@att.net