Hi, I'm writing to let you know that I've pushed a new package, ESSTRA, to Debian experimental, see https://tracker.debian.org/pkg/esstra
ESSTRA is a tool designed for license compliance and vulnerability management, functioning much like a Software Bill of Materials (SBOM). You can find more detailed information in our presentation slides for the upcoming DebConf25: https://salsa.debian.org/henrich/debconf25/-/blob/main/20250718_DebConf25_ESSTRA.pdf This leads me to a proposal I'm excited about: enabling ESSTRA for Debian's -dbgsym packages. https://docs.google.com/presentation/d/10BWJXGchob4UsKMrSUJl1AMzrkyBQ-gJ6DbWD9L0tCk/edit?usp=sharing Takuya (the upstream author of ESSTRA from Sony Group) and I believe this could bring significant benefits, and we are eager to hear your feedback on the idea. We will be presenting this at DebConf25, so if you're there and interested, please come and talk to us. Your insights and help would be invaluable. For those who cannot attend, we would greatly appreciate it if you could reply to this email with your thoughts. Thank you! -- Hideki Yamane <henr...@iijmio-mail.jp / henr...@debian.org>
