You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@avro.apache.org by GitBox <gi...@apache.org> on 2023/01/05 23:14:49 UTC

[GitHub] [avro] iemejia commented on pull request #2046: AVRO-3700: Publish SBOM artifacts

iemejia commented on PR #2046:
URL: https://github.com/apache/avro/pull/2046#issuecomment-1372914189

   One question @dongjoon-hyun I am kind of new in the SBOM world but looking around it seems like there are like 3 big standards, any reason to choose the Cyclone one over SPDX (which seems to be the one being pushed by the Linux Foundation)? I am ok with merging this as it is, just curious. Better to have one that none :)
   
   I am also wondering what other Apache projects use. Just from a quick look it seems not even Log4j with all the mess of the last year is publishing their SBOM and there are not recommendations yet from the security group at the ASF
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@avro.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org