New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address gaps in documentation of VEX implementation in SPDX 3.0 #948
Comments
We can add the mapping as a markdown file to the annexes directory in the spdx-spec v3 branch. |
I've made a few changes in the document that we are preparing for the mapping to reflect that there is currently no SPDX field for VEX doc version. @puerco, can you please review the comments and the updated contents and respond back? Thanks. |
@VenkatTechnologist where is the document? |
It's currently getting prepared in my Google drive
with edit access to Gary, Jeff, and @puerco. If you
would like, I can add you too, Rose.
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
…On Sat, Apr 13, 2024 at 12:36 AM Rose Judge ***@***.***> wrote:
@VenkatTechnologist <https://github.com/VenkatTechnologist> where is the
document?
—
Reply to this email directly, view it on GitHub
<#948>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BFJ5PILDSIHYWQNMQVGQS73Y5AWBVAVCNFSM6AAAAABFPGVOVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJSGM2TQMRXGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Please add me :) I have been on maternity leave but before that heavily involved in the security profile. Thank you! |
Sure, and welcome back! Please let me know the email id. that can be used to add you. Thanks. |
@VenkatTechnologist rose.judge@broadcom.com please, thank you! |
There seems to be no formal VEX spec. specifying the structure of VEX implementation in SPDX. I propose that we add that as part of this document and call this document as 'VEX support in SPDX' (or on similar lines). |
Transferring this issue to the spec repo since we are fixing this in an Annex |
While going through SPDX 3.0 model VEX implementation, Venkat observed that there were gaps in documentation of the implementation. Specifically, the following were observed:
In the SPDX security meeting that happened on March 20th, 2024, which @goneall , @kestewart , Jeff Schutt, and @VenkatTechnologist attended, it was decided to have a document in the Annexure directory for the mapping and the examples.
In another email thread between Venkat, @goneall, @puerco , @kestewart, and Jeff Schutt, Venkat pointed out that there is no formal documentation for how VEX objects are implemented in SPDX and its structure. This email was also forwarded to @rnjudge by Venkat.
This issue is to track and resolve these gaps.
The text was updated successfully, but these errors were encountered: