On Tue, Mar 31, 2026 at 3:24 PM Ross Burton via lists.openembedded.org
<[email protected]> wrote:
> This class existed as a provider of information for external CVE tooling,
> and uses a non-standard format that is OpenEmbedded-specific[1].
>
> However, the SPDX 3 output can contain all of this needed information,
> in a format that is standardised.
>
> I'm unaware of any active users of this class beyond sbom-cve-check,
> which can also read the data from the SPDX if SPDX_INCLUDE_VEX has been
> set.
>
> So that we don't have to maintain this class for the lifetime of the
> Wrynose LTS, delete it.
>
> [1] oe-core 6352ad93a72 ("vex.bbclass: add a new class")
>
>
For the record, I do not agree with this removal. SPDX3 has still not
reached mature usage outside of the LF ecosystem.
Kind regards,
Marta
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#234295):
https://lists.openembedded.org/g/openembedded-core/message/234295
Mute This Topic: https://lists.openembedded.org/mt/118596049/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
