On Thu, Mar 12, 2026, 4:35 PM Joshua Watt via lists.openembedded.org <[email protected]> wrote:
> All, > > We are heavily considering dropping the generation of SPDX 2.2 data > from the 6.0 LTS release; compared to SPDX 3, the 2.2 data is pretty > substandard with what it can represent and we don't necessarily want > to pay the maintenance cost of maintaining it for another 4 years. > > If you have tooling that uses SPDX 2.2, please add support for SPDX 3. > > If dropping this support would cause you serious problems, please let > us know. There is the option that SPDX 2.2 could live in it its own > mix-in layer, but I myself won't have time to do this before the LTS > release. > SBOM generation involves vendors feeding into platforms which might be relying upon prior LTS. This goes deep and across organizations. I would have expected some overlap for these downstream platforms to plan and migrate to new version. These are the reasons why products stick to old releases, especially when this is too late in LTS cycle. I think it would have been good to depreciate it in one of prior releases aftter 5.0 LTS to let community plan to absorb this change and then remove it. > > Thank you, > Joshua Watt > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2306): https://lists.openembedded.org/g/openembedded-architecture/message/2306 Mute This Topic: https://lists.openembedded.org/mt/118281203/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
