The lack of a supply chain for Royale is probably a good selling point… ;-)
> On Aug 2, 2022, at 4:26 PM, Andrew Wetmore <cottag...@gmail.com> wrote:
>
> Hi, all.
>
> I was reading today about SBOM [1] ('a kind of nutrition label to reduce
> software supply chain risk') and wondered whether it would be very
> difficult to add such a document to the Royale release assets. It seems to
> be an impending requirement (or 'desirement') for released software, and I
> can't imagine it would be too hard to put one together for our product.
>
> If this seems like a good idea, I would be happy to create a draft and get
> others to improve it.
>
> [1]
> https://develop.secure.software/sbom-facts-know-whats-in-software-fend-off-supply-chain-attacks
>
> --
> Andrew Wetmore
>
> Editor, Moose House Publications
> Editor-Writer, The Apache Software Foundation
