Re: [Openembedded-architecture] Proposal to drop SPDX 2.2 support for 6.0 LTS

Thu, 12 Mar 2026 16:48:54 -0700 


On 3/12/26 10:46 AM, Richard Purdie via lists.openembedded.org wrote:

On Thu, 2026-03-12 at 16:41 +0100, Marta Rybczynska via lists.openembedded.org 
wrote:

Unfortunately SPDX 3.x support isn't mature in most of the tooling I
know of and you can't import it there (no support in timelines in
many cases too). The only way to use YP SBOM there is to do a custom
merge script for 2.2 files and then use that.

In my opinion it's too early to drop yet.



Is SPDX 2.2 sufficiently a subset of SPDX 3.x that we could create a conversion 
routine?  This would at least let us drop the SPDX 2.2 support once the 
conversion is 'ready'.  (I'm worried that the conversion could be a lot of work, 
so this is purely an idea, I don't know if it's worth it or not.)



The trouble is that the SPDX 2.2 output is sub optimal with known
issues and we'd be committing to keeping it going for 4 years into a
scenario where people are even likely going to want things added to it
for various reasons.

I'm really worried about the support burden this is going to place on
us, I'd rather get behind SPDX 3 and support that as our output format.
If you need anything else, you could convert from that since all the
information should be there, even if 2.2 can't support all of it.

I appreciate this isn't the answer people want to hear with the tools
situation right now but I don't think keeping going with 2.2 is going
to really help people in the long run either.

Put another way, I'd rather do one thing well and right rather than
have multiple things with known issues.



I worry about the same.  If we keep supporting 'old standard' there is no 
incentive for anyone to move to the new standards that fix REAL problems.


--Mark


Cheers,

Richard






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#2302): 
https://lists.openembedded.org/g/openembedded-architecture/message/2302
Mute This Topic: https://lists.openembedded.org/mt/118281203/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-























					Reply via email to