nuttxpr commented on PR #2921: URL: https://github.com/apache/nuttx-apps/pull/2921#issuecomment-2564792404
[**\[Experimental Bot, please feedback here\]**](https://github.com/search?q=repo%3Aapache%2Fnuttx+13552&type=issues) No, this PR does not fully meet the NuttX requirements. While it touches upon some aspects, it lacks crucial details. Here's a breakdown of what's missing: * **Summary:** While the "why" is briefly addressed, the "what" and "how" are missing. *Which* tools? *Which* part of the code is changed to use SPDX identifiers? *How* are they integrated? Specifics are essential. Mention the related NuttX issue number if one exists. * **Impact:** Saying "SBOM" is not enough. Address *all* impact points explicitly with "YES" or "NO" and provide details if "YES." For example: * Is new feature added? YES (SBOM generation facilitated) * Is existing feature changed? Potentially YES (depending on what was modified). Specify which feature. * Impact on user? Possibly YES or NO. Justify. Will users need to do anything differently? * Impact on build? Likely NO, but state explicitly. * Impact on hardware? Almost certainly NO, but state it. * Impact on documentation? Likely YES. New documentation may be required to explain how to generate the SBOM. * Impact on security? Potentially YES or NO. Justify your answer. Does adding SPDX identifiers introduce any vulnerabilities or improve security posture? * Impact on compatibility? Likely NO, but state it explicitly. * **Testing:** "CI" is insufficient. List the specific build hosts and targets used for testing. Provide *actual* testing logs before and after the change, not just the word "CI." What tests demonstrate that the change works as intended? Show concrete output illustrating the improvement related to SBOM generation. In short, the PR description needs significant expansion to meet the NuttX requirements. Be specific and thorough in all sections. Provide concrete examples and data. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
