The compiler does have a supply chain, IMO. And some optional Flex modules for
RemoteObject users also has a supply chain.
-Alex
On 8/2/22, 8:12 AM, "Harbs" <harbs.li...@gmail.com> wrote:
EXTERNAL: Use caution when clicking on links or opening attachments.
The lack of a supply chain for Royale is probably a good selling point… ;-)
> On Aug 2, 2022, at 4:26 PM, Andrew Wetmore <cottag...@gmail.com> wrote:
>
> Hi, all.
>
> I was reading today about SBOM [1] ('a kind of nutrition label to reduce
> software supply chain risk') and wondered whether it would be very
> difficult to add such a document to the Royale release assets. It seems to
> be an impending requirement (or 'desirement') for released software, and I
> can't imagine it would be too hard to put one together for our product.
>
> If this seems like a good idea, I would be happy to create a draft and get
> others to improve it.
>
> [1]
>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdevelop.secure.software%2Fsbom-facts-know-whats-in-software-fend-off-supply-chain-attacks&data=05%7C01%7Caharui%40adobe.com%7C033e0dea204741a08a4b08da74996f06%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637950499588732130%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=BoQNt7DTbKH1N9xKqv8hz8hv0eOFyX9Y4lF26ALRXc0%3D&reserved=0
>
> --
> Andrew Wetmore
>
> Editor, Moose House Publications
> Editor-Writer, The Apache Software Foundation
