From: Stefano Tondo <stondo@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: stefano.tondo.ext@siemens.com, peter.marko@siemens.com,
adrian.freihofer@siemens.com, Stefano Tondo <stondo@gmail.com>
Subject: [OE-core][PATCH 0/2] spdx30: Add summary field and concluded license support
Date: Thu, 18 Dec 2025 13:01:37 +0100 [thread overview]
Message-ID: <20251218120139.104155-1-stondo@gmail.com> (raw)
This patch series improves SPDX 3.0 SBOM documentation quality by adding
summary field population and concluded license support.
The summary field enhancement makes SBOMs more human-readable by providing
brief descriptions for each package using an intelligent fallback chain.
This is particularly useful for security review and compliance documentation
where understanding component purposes at a glance is valuable.
The concluded license support allows tracking the results of manual or
automated license analysis in SBOMs through the SPDX_CONCLUDED_LICENSE
variable. This addresses use cases where license analysis identifies
differences from the declared LICENSE field, with clear guidelines on when
to use the variable versus correcting the upstream LICENSE field.
Both changes improve SBOM completeness and usefulness without impacting
existing builds or requiring changes to existing recipes.
Stefano Tondo (2):
spdx30_tasks: Add summary field with fallback chain
spdx30_tasks: Add concluded license support with
SPDX_CONCLUDED_LICENSE
meta/classes/spdx-common.bbclass | 11 +++++++++++
meta/lib/oe/spdx30_tasks.py | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 46 insertions(+)
--
2.43.0
next reply other threads:[~2025-12-18 12:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-18 12:01 Stefano Tondo [this message]
2025-12-18 12:01 ` [OE-core 1/2] spdx30_tasks: Add summary field with fallback chain Stefano Tondo
2026-01-05 19:10 ` [OE-core] " Joshua Watt
2025-12-18 12:01 ` [OE-core 2/2] spdx30_tasks: Add concluded license support with SPDX_CONCLUDED_LICENSE Stefano Tondo
2026-01-05 19:25 ` [OE-core] " Joshua Watt
2026-01-05 19:28 ` Joshua Watt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251218120139.104155-1-stondo@gmail.com \
--to=stondo@gmail.com \
--cc=adrian.freihofer@siemens.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=peter.marko@siemens.com \
--cc=stefano.tondo.ext@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox